Detective Druff solves AP Cheating Scandal, You read it here first

Okay, so I didn't completely "solve" the whole AP mess. After all, nobody has received any compensation, nor has Absolute even admitted that any sort of fraud even occurred.

However, some recent damning evidence has come to light that has allowed me to put together a complete start-to-finish re-creation of the crime. The newest development again involves the POTRIPPER tournament. Thanks to a blunder by support, one of the players in that tournament accidentally received an Excel spreadsheet containing the hole cards, IP addresses, AP account ID numbers, and e-mail addresses of most players in the tournament. Nat Arem of pokerdb.com analyzed it, and came up with the following new conclusions:

1) POTRIPPER was initially placed at Table 13. He folded his first few hands.

2) About 2 1/2 minutes into the tournament, a railtard opened up Table 13. This railtard had a Costa Rican IP address, which is where AP is located. The ID number of this account was 363 -- a number so low that it probably pre-dated AP's opening to the public.

3) Account 363 stayed at Table 13 for the entire duration that POTRIPPER was there.

4) POTRIPPER started cold-calling every hand as soon as Account 363 showed up.

The Excel spreadsheet is incomplete. Not all hands are listed, and not all users are listed. However, the part that has been seen has been authenticated by several players in the tournament, according to those on 2+2, and it is generally accepted as being legit.

Obviously, given the Costa Rican connection, as well as account #363 being involved, it is now clear that this was an inside job, as opposed to being perpetrated by outside hackers.

===================================================================

Given the above, as well as everything else that has come to light over the past 2 months, I now have competely pieced together this entire situation. I will outline it below, in "timeline" format:


Sometime in 2003 or 2004: Absolute Poker's software is under development. Several hundred test accounts are created during the development and QA process. Among them is account #363, which is a superuser account. Account #363, unlike the others, has the ability to see hole cards at any table it opens. This can be an important tool during the testing process, as the developers can quickly and easily see that the pots are being shipped to the correct people. Of course, Account #363 is not actually registered to anyone, nor is it ever enabled to play in real money games. It exists strictly for "visual" purposes, and only used during the testing and development process.



Sometime between AP's opening and the middle of 2007: Four totally unrelated accounts are opened by four differnet people in different areas of the United States. GRAYCAT likes Limit Hold 'Em, but he isn't particularly good at it. He takes a few shots at the game, but is outclassed by his opponents and busts. He finally gives up on the site and stops logging in. The same happens with STEAMROLLER, who plays both Limit and NL. Again, he's a donk who plays some here and there, is never too active, but is active enough for a few people to remember him. Like most donks, he chunks off one too many buyins and is done with AP. DOUBLEDRAG, who likes NL, has a similar story. He plays a number of times, yet can't seem to consistently win and eventually busts. POTRIPPER enjoys tournaments, but he just isn't catching the right cards or making the right moves. Like the other three, he goes donk down and tries his luck elsewhere. These four guys are not cheaters. They aren't friends. They have never met, rarely (or never) played in the same game, and each had a different focus on the type of poker they liked to play. However, they all have one important thing in common: They were donks, lost their money, live in the United States, and have apparently not logged into their AP accounts for at least a few months.



July or early August, 2007: AP is in the process of a major software upgrade. One of the programmers, who lives locally in Costa Rica, stumbles upon account #363. He realizes how much money one could make by exploiting this little test account at the highest games the site has to offer. He realizes that this would need to be done carefully, as much suspicion will be placed upon a new account that inexplicably crushes the best players in the world. This rogue programmer comes up with the following plan of action:

1) Take over legitimate (but now inactive) accounts on AP. This can easily be done at the server side of AP, by simply changing the password of such accounts. He looks for an inactive, losing Limit player and comes up with GRAYCAT. When searching for an NL counterpart, he finds DOUBLEDRAG. He sees the apparently abandoned POTRIPPER with a history of losing tournament play. Finally, he finds an all-purpose account, STEAMROLLER, who has a (losing) history in all three areas. The password to all four accounts is changed, and they are now in the possession of the rogue programmer. The actual owners of the accounts are not likely to find out, as they seem to have already given up on AP.

2) Plan to play short sessions at the highest limit games with each of these accounts. Log onto account 363 on another computer, opening up the table where you're playing, so as to see everyone's hole cards. Don't multi-table, as there is a lot of information to see at once, and this will be too hard to manage. Regarding game selection, stick to the area of interest previously shown by each account. GRAYCAT will stay at Limit, DOUBLEDRAG will play primarily NL, etc. Don't win too much at one sitting, and don't stay for too long. Come up with excuses such as, "Time for dinner" when abruptly leaving.

3) When winning pots, act excited in chat, saying things like "Yes!" or "All right!" when winning. This will make you look like a maniac-type donk who is giddy about winning thanks to freak luck.

4) Get friends and relatives involved, preferably those who might already have accounts on AP. Have them deposit some money to get started, even if you need to front it to them.

5) You cannot use GRAYCAT, STEAMROLLER, DOUBLEDRAG, or POTRIPPER to cash out, since they are still registered to innocent, legitimate players in the United States! That's where the friends and relatives will come into the mix. After winning a lot of money on GRAYCAT, STEAMROLLER, DOUBLEDRAG, and POTRIPPER, play against these friends/relatives heads up, and dump all the winnings. Make sure that each friend/relative plays a different cheat-account heads up, so as to not arouse suspicion. GRAYCAT will play SUPERCARDM55 and lose badly. DOUBLEDRAG will drop his entire roll to ROMNALDO. STEAMROLLER and POTRIPPER will also play different friend/relative accounts and, like the other two, will lose everything.

6) Cash out of the friend/relative accounts. Enjoy the hundreds of thousands of dollars stolen from the top online poker players in the world.



Mid-late August, 2007: The plan actually goes into effect. It happens to start just a few days before the major software upgrade is complete. There is particular reason to begin on this day, but rather is just an arbitrary date that the rogue programmer decides to begin the operation.


Late August, 2007: Plan is proceeding well. A lot is being won, but never too much in one sitting. Even heads up, the cheater restrains himself and keeps the winnings relatively moderate. Still, after numerous very successful short sessions, he is now up in the multiple six figures. The first chip dump operation commences. GRAYCAT drops 55k to SUPERCARDM55 at a 200-400 Limit heads-up table. For the benefit of anyone watching this supposed drubbing, "GRAYCAT" constantly laments his terrible luck, but overacts a bit. SUPERCARDM55 plays one session the next day, loses a few thousand, intentionally, and never plays again. He initiates a cashout.


Early-mid September, 2007: Greed takes over. The money is rolling in so easily, and nobody seems wise to what is going on. GRAYCAT starts to absolutely destroy people both heads-up and full ring. DOUBLEDRAG does the same at NL, often calling huge all-in bets with as little as king-high, if it's the best hand at the moment. POTRIPPER plays his now-infamous tournament on the 12th, blatantly taking advantage of what he sees under account 363 without concern about later scrutiny. The STEAMROLLER account is brought into the NL and Limit games to try and take some suspicion off GRAYCAT and DOUBLEDRAG. In the meantime, DOUBLEDRAG dumps 300k+ of his winnings to fellow Costa Rican friend ROMNALDO. ROMNALDO initiates a cashout shortly thereafter.


September 16, 2007: Perhaps greed isn't always good. People start remarking in chat that they are suspecting cheating. As a cover-up attempt, DOUBLEDRAG plays NL again, this time intentionally LOSING every hand. While a decent amount of money is lost in this session, it's a drop in the bucket compared to what has been won, and is in fact a necessary evil for damage control.


September 17, 2007: The accounts in question are frozen by AP, pending an investigation. It is unclear whether the cashouts of SUPERCARDM55, ROMNALDO, and other recipients of chip-dumping were successful.


====================================================================


There you have it. I strongly believe that the above is VERY close to what actually happened. If the full story ever comes out, you'll see how close the above is to the actual truth.

Strangely enough, I believe that the actual owners of GRAYCAT, DOUBLEDRAG, POTRIPPER, and STEAMROLLER are innocent. I remember seeing the cities of GRAYCAT and STEAMROLLER, who both played Limit, before the update. (They eliminated the ability to see cities after the update.) Both lived in the U.S. I remember STEAMROLLER being from Miami and GRAYCAT being somewhere further north, like Chicago.

There is a myth that the cheating began after the update. This is not true. I saw cheating occur a few days BEFORE the update. I believe the only part the update has in this whole thing is the fact that it allowed this rogue programmer to go through the AP software and stumble onto the existence of account 363. Account 363 has clearly existed since the beginning. This was not a vulnerability brought on by any recent software change.

I also believe that, before greed took over, the guy behind this was more careful. Near the beginning of the whole thing, in mid-late August, he kept things more moderate. He lost some hands on purpose, and he never killed anyone heads up too badly. For example, GRAYCAT beat me for 6k heads up at 200-400, then quit the game and insulted me from the rail. Obviously he did this to keep things in moderation, not due to any fear of losing to me. This differs from what he did later, such as when he slammed STEREOFLAVAS for 28k in an hourlong September heads-up match. The POTRIPPER tournament was also executed highly carelessly, but again he was probably blinded by greed at this point.

I believe that the guy playing all accounts was one person. I also believe he had a second computer logged into superuser account 363. I think that the only time he invovled others was for chip-dumping. I am relatively certain that you will find SUPERCARDM55, ROMNALDO, and the other dump recipients with Costa Rican addresses, while the four accounts used to cheat all have U.S. addresses.

Also, keep in mind that the cheater simply needed to open account 363 at the right table on a second computer in order to see the hole cards. I am certain that POTRIPPER, GRAYCAT, STEAMROLLER, and DOUBLEDRAG were not special or superuser accounts, and were just like any other account on the system. Perhaps AP support simply looked at these accounts themselves and stupidly determined that no cheating went on. More likely, however, they know what happened and are covering it up.

This is how it happened. You heard it here first.

---------------------------------------------------------------------------------------------------------------------------

EDIT: As of 10/16/07, some startling new information has come to light on 2+2, possibly implicating former a AP founder as the guilty party. In any case, it now seems clear that POTRIPPER and possibly STEAMROLLER were not compromised accounts, but rather accounts directly set up to cheat and cash out. However, it does appear that my original theory about GRAYCAT and DOUBLEDRAG, who both chip-dumped, is correct. Read this thread for further details!

10/18/07 update: STEAMROLLER is said to also have chip-dumped over 100k to SUPERCARDM55.

was POTRIPPER ever moved during the tournament? If so, I am assuming user 363 switched to watch his new table?

Also, how do you account for how the stolen accounts were initially funded to play the highest limits? I can't remember but I am assuming you can turn off the email notification in the case of a transfer? If so, Im sure AP can figure out who funded the accounts and if it was the same person for all accounts

Druff is the man. You heard it here first.


And what are the chances that it wasn't a blunder by support to send out the wrong info?

I think he was moved, but the Excel spreadsheet is incomplete and they could not follow where account 363 went.

How were the stolen accounts initially funded? Good question. I think there are a few fairly anonymous ways you can deposit, such as buying those prepaid VISA cards. Probably something like that.

he cheated freerolls to fund the accounts early. lol

good read druff.

very good write up druff

would make a good documentary.
the peasant computer programmer rolling rich americans.

You got rolled. Accept it. Move on.

go to heaven.

Trust me. I won't be going to heaven.

Back to the topic at hand. Here are some questions that need to be asked to AP management:

1) What were the IP addresses being used by GRAYCAT, STEAMROLLER, DOUBLEDRAG, and POTRIPPER? Were they all the same? Did they all correspond to the same area? Did they match the listed geographic locations of those 4 accounts?

2) Did those 4 accounts ever cash out (or attempt to)? If so, how much?

3) What were the IPs of SUPERCARDM55 and REYMNALDO? Were these guys from Costa Rica? Did they ever successfully cash out?

4) What is the story with account 363?

5) How do you explain POTRIPPER's play if there is no superuser account?

6) Did your security team immediately suspend SUPERCARDM55 and REYMNALDO after they received hundreds of thousands of dollars of dumped chips? If not, how did they miss this?

7) If it is an accepted fact that such chip dumping occurred, why haven't the funds been confiscated and returned to those who lost to these accounts, regardless of whether or not a superuser was involved?

8) Have the actual owners of GRAYCAT, STEAMROLLER, DOUBLEDRAG, and POTRIPPER been contacted by telephone? Have they admitted to being the ones on the accounts, or do they deny knowledge of playing in the first place?

9) How were SUPERCARDM55, DOUBLEDRAG, POTRIPPER, REYMNALDO, GRAYCAT, and STEAMROLLER initially funded? Did someone transfer money to them? If so, who?

Do you think it's possible that AP told the new programmers about account 363 so they could test the new software while developing it, and that the programmers in turn used that to cheat?

Maybe AP is in Costa Rica but I'm also guessing so is the programming company they used to develop the new software. Might just be a case of letting the wrong people in on information like that.

From P5s... here is a sample hh accidently sent to another player by support showing that there are log files showing every players holdings. Easy bluff for POTRIPPER, big raise to get the opponent off AQ when he has the Q3o.

Stage #896667678 Tourney ID 1883389 Holdem Multi Normal Tournament No Limit $100 - 2007-09-12 21:58:21.011 (ET)
Table: 13 (Real Money) Seat #5 is the dealer
Seat 7 - DZ00NUTS ($6324.50 in chips)
Seat 8 - KOOLKEITH13 ($7220 in chips)
Seat 9 - SCARFACE_79 ($9852.50 in chips)
Seat 1 - BIGREDAK86 ($6466 in chips)
Seat 2 - JOSIAHW ($6657 in chips)
Seat 3 - POTRIPPER ($30547 in chips)
Seat 4 - POTR0AST ($12023 in chips)
Seat 5 - POKERME420 ($10840 in chips)
DZ00NUTS - Posts small blind $50
KOOLKEITH13 - Posts big blind $100
*** POCKET CARDS ***
Dealt to BIGREDAK86 [7s 8s]
Dealt to JOSIAHW [Qs Ad]
Dealt to POTRIPPER [3s Qc]
Dealt to POTR0AST [Qd 7c]
Dealt to POKERME420 [Jd 3h]
Dealt to DZ00NUTS [2d Kd]
Dealt to KOOLKEITH13 [Qh Jh]
Dealt to SCARFACE_79 [As 8c]
SCARFACE_79 - Folds
BIGREDAK86 - Raises $266 to $266
JOSIAHW - Calls $266
POTRIPPER - Calls $266
POKERME420 - Folds
POTR0AST - Folds
DZ00NUTS - Calls $216
KOOLKEITH13 - Calls $166
*** FLOP *** [5h 6c 6d]
DZ00NUTS - Checks
KOOLKEITH13 - Checks
BIGREDAK86 - Checks
JOSIAHW - Bets $700
POTRIPPER - Raises $3100 to $3100
DZ00NUTS - Folds
KOOLKEITH13 - Folds
BIGREDAK86 - Folds
JOSIAHW - Folds
POTRIPPER - returned ($2400) : not called

Online poker employees/game security programmers could be anywhere, PokerStars has employees in Costa Rica, Canada, London, and Isle of Man.

Absolute Poker was recently aquired by 1994 WSOP Main Event Champion Russ Hamilton who owns Blast Off Limited (Malta) which also owns UltimateBet.

Russ Hamilton also owns the Ultimate Blackjack Tour and clubUBT.com (the only legal Poker and Blackjack site, actually just a freeroll site that charges $20 a month membership fee).

Phil Hellmuth once said that Russ Hamilton could be worth a billion dollars, that's probably bullshit but he might be worth over $100 million.

very good job dan ... best resume and thoughts about that shit...

Don't you think it hurts posting this? Seriously? You posting every detail gives AP time to answer all the questions they're going to be asked, and gives them time to come up with bogus answers etc. Making it easier to coverup?



The Ego just couldn't hold back:)

all in all, this is very bad for the industry. AP is fucking more then just the players that lost money due to the cheats.

Great read. I think this shows how online poker can be manipulated. All poker rooms should be addressing this issue at AP.

Druff, what about the fact that the email address for 363 is an msn account? That doesnt follow your internal superaccount line of thinking, imo.

this is obv an inside job, but maybe 363 is close to the top in AP and AP would be critically embarassed to come out and say that one of the top dogs here was the one who did this. If they did come out and say that then everyone would leave AP as it would have no respectability and the site would go under.

They could only admit to it being a member of "TEAM AP" if it was someone with no credibility that could get fired and taken care of. However, if it is someone near the top then they probably won't say anything as they can't risk losing their customers due to having no credibility.

What are your thoughts on this Druff?

Cmon Weiss, all this stuff is already out in the open...Druff merely added a story to all the info. Plus AP doesn't have to answer to anyone at all anyways.