UltimateBet Confirms Secuity Breach

tpb221

tpb221

Chasing Gutshots
Silver Level
Joined
Apr 4, 2008
Total posts
2,095
Awards
1
Chips
0
This is a press release from UB today. What do you think?

Former Employees Had Access to Opponents' Holecards for 21 Months
Tokwiro Enterprises, the company that owns both Absolute Poker and UltimateBet, today released a statement confirming that cheating had gone on at UltimateBet by people who, according to the release, “worked for the previous ownership of UltimateBet prior to the sale of the business to Tokwiro in October 2006.”
The player or players behind the 18 screen names that were identified as being corrupted have not been named. Tokwiro will refund players their losses once the investigation is complete. The usernames that were used to cheat are: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33, ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA, stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty, NYMobser, and WhoWhereWhen.
The cheating was able to take place because the perpetrators had access to what Tokwiro is calling an “unauthorized software code” that allowed the cheaters to see their opponents’ holecards. The cheating took place from March 7, 2006 to Dec. 3, 2007, and it’s not known how much money the cheater(s) illicitly won.
As soon as the cheating was suspected, Tokwiro said it contacted the Kahnawake Gaming Commission (KGC), the most used online poker regulatory commission, to start the investigation. Tokwiro is mandated to contact KGC if any suspicious activety might be taking place.
This is the second cheating incident to hit the company since it purchased Absolute Poker and UltimateBet. The first occurred when it was discovered that several players at Absolute Poker also had access to software that allowed them to see opponents’ holecards.
The entire press release, which provided a timeline of the incident, follows:
MONTREAL, canada (MAY 29, 2008) --- Tokwiro Enterprises ENRG ("Tokwiro"), proprietors of UltimateBet.com ("UltimateBet"), one of the world's largest online card rooms, today announced the results of its lengthy investigation into allegations of unfair play, which was triggered by concerns about an account named 'NioNio'. Tokwiro has worked diligently in cooperation with its regulatory body, the Kahnawake Gaming Commission ("KGC"), and with independent third-party experts to conduct a thorough investigation that included a comprehensive review of hand histories and game data, thorough analyses of software and network security, and audits of its security practices and procedures.
The investigation has concluded that certain player accounts did in fact have an unfair advantage, and that these accounts targeted the highest limit games on the site. The individuals responsible were found to have worked for the previous ownership of UltimateBet prior to the sale of the business to Tokwiro in October 2006. Tokwiro is taking full responsibility for this situation and will immediately begin refunding UltimateBet customers for any losses that were incurred as a result of unfair play.
The fraudulent activity was enabled by unauthorized software code that allowed the perpetrators to obtain hole card information during live play. The existence of this vulnerability was unknown to Tokwiro until February 2008 and existed prior to UltimateBet's acquisition by Tokwiro in October 2006. Our investigation has confirmed that the code was part of a legacy auditing system that was manipulated by the perpetrators. Gaming Associates, independent auditors hired by the KGC, have confirmed that the software code that provided the unfair advantage has been permanently removed.

Throughout the investigation of this incident, Tokwiro's consistent priorities have been:
  • To permanently remove the ability to engage in unfair play;
  • To complete its investigation and come to a full understanding of what occurred;
  • To refund the affected customers; and
  • To implement measures that prevents future incidents.
The Company said, "We would like to thank our customers for their patience, loyalty and support, as well as for their understanding that we are doing everything we can to correct this situation. The staff and management of UltimateBet are fully committed to providing a safe and secure environment for our players, and we want to assure customers of our unwavering resolve to monitor site security with every resource at our disposal."
Investigation Timeline

These are the key events in the course of the incident.

  • January 2008: UltimateBet is alerted to suspicions of unfair play on the part of the account "NioNio". Within 24 hours, UltimateBet contacts the KGC to provide formal notice that UltimateBet has initiated an investigation of the incident.
  • UltimateBet subsequently forwarded a copy of all related data to the KGC.
  • January 2008: The "NioNio" account and related accounts are suspended pending further investigation.
  • February 2008: Preliminary findings indicate abnormally high winning statistics for the suspect accounts. After discussions with the KGC, UltimateBet engages third-party gaming experts to assist with the analysis.
  • February 2008: Investigators confirm that the suspect accounts are associated with individuals who had worked for UltimateBet under the previous ownership.
  • February 2008: UltimateBet discovers the unauthorized code that allowed the perpetrators to obtain hole card information during live play. The code was part of a legacy auditing system that was manipulated by the perpetrators of the fraud.
  • February 2008: UltimateBet immediately removes the unauthorized code and works with the KGC and with third-party auditors to verify that the security hole has been eliminated.
  • March 2008: Six player accounts are confirmed to have participated in this scheme. No accounts were deleted at any point, although some account names were changed multiple times. The following account names are known to have been used in the fraudulent activity: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33, ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA, stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty, NYMobser, and WhoWhereWhen.
  • May 2008: The investigation confirms that the fraudulent activity took place from March 7, 2006 to December 3, 2007.
  • May 2008: Gaming Associates certifies that the software code that enabled unfair play was removed from UltimateBet servers in February of 2008.
  • May 2008: Customers affected by this incident are identified, and plans for corrective action are reviewed with the KGC.
Corrective Actions Taken

  • The following actions have been taken or are currently underway as a direct result of this investigation.
  • The security hole identified in UltimateBet's investigation has been permanently eliminated.
  • UltimateBet is establishing a state-of-the-art software Security Center that consolidates and greatly enhances existing security capabilities. The first release of the new Security Center focuses solely on the immediate detection of abnormal winnings. Gaming mathematicians, poker professionals, and security software developers have all contributed to the specifications for the new Security Center.
  • UltimateBet customers are no longer permitted to change account names unless they have suffered abuse in chat rooms. Requests for changes must be supported by proof of abuse and must be approved by the Chief Compliance Officer.
  • In addition to its existing security department, UltimateBet has established a new specialized Poker Security team of professionals dedicated to fraud prevention.
  • The refund process will begin immediately. The accounts associated with fraudulent activity did not use an unfair advantage in all play sessions. Regardless, UltimateBet is refunding all losses to these accounts.
  • Accounts related to the fraudulent activity have been disabled, and the individuals associated with those accounts permanently banned from the site.
  • UltimateBet has worked closely and transparently with its governing body, the KGC and its designated expert auditors, to determine exactly what happened, how it happened, and who was involved, and has taken action to prevent any possibility of this situation recurring.
  • Tokwiro is pursuing its legal options in regard to this incident.
 
Makwa

Makwa

Undesirable Predator
Silver Level
Joined
Sep 30, 2007
Total posts
6,080
Chips
0
This is old news... Yes both AP and UB had serious security breaches, which are now fixed.

I agree this happens elsewhere also... at least these 2 sites are getting their act together now, I think...
 
Top