UltimateBet cheating goes undetected for almost 21 months

Technorati Tag:

Date Reported:

Tokwiro Enterprises ENRG*

*"Tokwiro Enterprises Enrg" is a recognized Mohawk owned and controlled, gaming sole proprietorship, presently undergoing a licencing process with the "Kahnawake Gaming Commission" ("KGC"), which was itself established on the 10th day of June, 1996. (Source: www.ultimatebet.com/about-us)

style="font-weight: bold;">Contractor/Consultant/Branch:


Number Affected:

Types of Data:
"hole card information during live play" resulting is financial loss

Breach Description:
"MONTREAL, CANADA (MAY 29, 2008) --- Tokwiro Enterprises ENRG ("Tokwiro"), proprietors of UltimateBet.com ("UltimateBet"), one of the world's largest online card rooms, today announced the results of its lengthy investigation into allegations of unfair play, which was triggered by concerns about an account named 'NioNio'."

Reference URL:
UltimateBet Statement (full statement text below)
CJAD NewsTalk Radio
Card Player

Report Credit:
Tokwiro Enterprises ENRG and Bob Pajich at Card Player

From the online sources cited above:

Tokwiro Enterprises, the company that owns both Absolute Poker and UltimateBet, today released a statement confirming that cheating had gone on at UltimateBet by people who, according to the release, "worked for the previous ownership of UltimateBet prior to the sale of the business to Tokwiro in October 2006."
[Evan] Shouldn't an information security and risk assessment be conducted as part of the acquisition and integration?  If so, then wouldn't a code review of the proprietary software that came with the acquisition be included?  This is the proprietary software that really drives the purpose of the site.

The player or players behind the 18 screen names that were identified as being corrupted have not been named.

Tokwiro will refund players their losses once the investigation is complete.
[Evan] I wonder how expensive this will be.

The usernames that were used to cheat are: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33, ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA, stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty, NYMobser, and WhoWhereWhen.

The cheating was able to take place because the perpetrators had access to what Tokwiro is calling an "unauthorized software code" that allowed the cheaters to see their opponents’ holecards.
[Evan] This "unauthorized software code" use went undetected for almost 21 months!

The cheating took place from March 7, 2006 to Dec. 3, 2007, and it’s not known how much money the cheater(s) illicitly won.

The company refused to disclose the amount of fraudulent winnings, but poker observers have said it runs into the millions.

As soon as the cheating was suspected, Tokwiro said it contacted the Kahnawake Gaming Commission (KGC), the most used online poker regulatory commission, to start the investigation.

Tokwiro is mandated to contact KGC if any suspicious activety might be taking place.

This is the second cheating incident to hit the company since it purchased Absolute Poker and UltimateBet.

The first occurred when it was discovered that several players at Absolute Poker also had access to software that allowed them to see opponents’ holecards.
[Evan] A link is included below


MONTREAL, CANADA (MAY 29, 2008) --- Tokwiro Enterprises ENRG ("Tokwiro"), proprietors of UltimateBet.com ("UltimateBet"), one of the world's largest online card rooms, today announced the results of its lengthy investigation into allegations of unfair play, which was triggered by concerns about an account named 'NioNio'. Tokwiro has worked diligently in cooperation with its regulatory body, the Kahnawake Gaming Commission ("KGC"), and with independent third-party experts to conduct a thorough investigation that included a comprehensive review of hand histories and game data, thorough analyses of software and network security, and audits of its security practices and procedures.
The investigation has concluded that certain player accounts did in fact have an unfair advantage, and that these accounts targeted the highest limit games on the site. The individuals responsible were found to have worked for the previous ownership of UltimateBet prior to the sale of the business to Tokwiro in October 2006. Tokwiro is taking full responsibility for this situation and will immediately begin refunding UltimateBet customers for any losses that were incurred as a result of unfair play.

The fraudulent activity was enabled by unauthorized software code that allowed the perpetrators to obtain hole card information during live play. The existence of this vulnerability was unknown to Tokwiro until February 2008 and existed prior to UltimateBet's acquisition by Tokwiro in October 2006. Our investigation has confirmed that the code was part of a legacy auditing system that was manipulated by the perpetrators. Gaming Associates, independent auditors hired by the KGC, have confirmed that the software code that provided the unfair advantage has been permanently removed.
Throughout the investigation of this incident, Tokwiro's consistent priorities have been:
  1. To permanently remove the ability to engage in unfair play;
  2. To complete its investigation and come to a full understanding of what occurred;
  3. To refund the affected customers; and
  4. To implement measures that prevents future incidents.
The Company said, "We would like to thank our customers for their patience, loyalty and support, as well as for their understanding that we are doing everything we can to correct this situation. The staff and management of UltimateBet are fully committed to providing a safe and secure environment for our players, and we want to assure customers of our unwavering resolve to monitor site security with every resource at our disposal."

Investigation Timeline
These are the key events in the course of the incident.
  • January 2008: UltimateBet is alerted to suspicions of unfair play on the part of the account "NioNio". Within 24 hours, UltimateBet contacts the KGC to provide formal notice that UltimateBet has initiated an investigation of the incident. UltimateBet subsequently forwarded a copy of all related data to the KGC.
  • January 2008: The "NioNio" account and related accounts are suspended pending further investigation.
  • February 2008: Preliminary findings indicate abnormally high winning statistics for the suspect accounts. After discussions with the KGC, UltimateBet engages third-party gaming experts to assist with the analysis.
  • February 2008: Investigators confirm that the suspect accounts are associated with individuals who had worked for UltimateBet under the previous ownership.
  • February 2008: UltimateBet discovers the unauthorized code that allowed the perpetrators to obtain hole card information during live play. The code was part of a legacy auditing system that was manipulated by the perpetrators of the fraud.
  • February 2008: UltimateBet immediately removes the unauthorized code and works with the KGC and with third-party auditors to verify that the security hole has been eliminated.
  • March 2008: Six player accounts are confirmed to have participated in this scheme. No accounts were deleted at any point, although some account names were changed multiple times. The following account names are known to have been used in the fraudulent activity: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33, ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA, stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty, NYMobser, and WhoWhereWhen.
  • May 2008: The investigation confirms that the fraudulent activity took place from March 7, 2006 to December 3, 2007.
  • May 2008: Gaming Associates certifies that the software code that enabled unfair play was removed from UltimateBet servers in February of 2008.
  • May 2008: Customers affected by this incident are identified, and plans for corrective action are reviewed with the KGC.
Corrective Actions Taken
The following actions have been taken or are currently underway as a direct result of this investigation.
  • The security hole identified in UltimateBet's investigation has been permanently eliminated.
  • UltimateBet is establishing a state-of-the-art software Security Center that consolidates and greatly enhances existing security capabilities. The first release of the new Security Center focuses solely on the immediate detection of abnormal winnings. Gaming mathematicians, poker professionals, and security software developers have all contributed to the specifications for the new Security Center.
  • UltimateBet customers are no longer permitted to change account names unless they have suffered abuse in chat rooms. Requests for changes must be supported by proof of abuse and must be approved by the Chief Compliance Officer.
  • In addition to its existing security department, UltimateBet has established a new specialized Poker Security team of professionals dedicated to fraud prevention.
  • The refund process will begin immediately. The accounts associated with fraudulent activity did not use an unfair advantage in all play sessions. Regardless, UltimateBet is refunding all losses to these accounts.
  • Accounts related to the fraudulent activity have been disabled, and the individuals associated with those accounts permanently banned from the site.
  • UltimateBet has worked closely and transparently with its governing body, the KGC and its designated expert auditors, to determine exactly what happened, how it happened, and who was involved, and has taken action to prevent any possibility of this situation recurring.
  • Tokwiro is pursuing its legal options in regard to this incident.
For further inquiries please contract

This is potentially a multi-million dollar loss for Tokwiro Enterprises ENRG and its very troubling that this breach went undetected for so long. The software used by the site is proprietary and should really be subject to a significant amount of information security scrutiny.

If I were a player, I think I would be beyond angry.  Not just angry about the loss of money, but angry about the loss of confidence and being cheated in general.  I personally know people that refuse to play online poker because of the risk posed by poorly secured sites.

Information security of online gaming sites must be a #1 priority for the companies that run them.  Seems obvious, but many statements in the information security business seem obvious.  Personally, I like the response from Tokwiro.  If they follow through (which I assume they would), Tokwiro's actions should go a long ways towards reducing risk and restoring customer confidence.

Check out the comments at Card Player to get some insight into what some players are thinking.

Past Breaches:
Tokwiro Enterprises ENRG/Absolute Poker:
October, 2007 - Online poker cheating blamed on employee

  • No trackbacks exist for this post.
  • No comments exist for this post.
Leave a comment