I posted a summary of how things went down, along with screenshots, on my blog: http://www.natarem.com
Here is a x-post of what I put on my blog, but I had to remove the screenshots because they are too wide.
Hopefully this will explain it clearly for people.
---------
Okay, so, anyone who follows 2p2 or P5s or a lot of other forums has
probably noticed all of the Absolute Poker uproar. If you don’t know
about it, here’s the basic idea…
CrazyMarco, a well-known online tourney player, played in a 1K AP tournament on 9/12/07.
The tournament was won by a player named POTRIPPER who made a crazy
call with T high against Marco’s 9 high flush draw. In the following
days, Marco emailed with AP support and asked for a hand history so he
could review POTRIPPER’s play at the final table. There were rumors
that POTRIPPER could see hole cards and he wanted to follow up because
of the possibility that he was cheated. On Friday Sept 21st, AP sent
Marco a huge excel file (10 mb and a full 65,536 rows, the excel limit
for most versions being used currently). He didn’t think much of it and
it was too scambled and complicated to analyze, so he put it on the
backburner for the time being.
Fast forward a few weeks. Marco, along with his roommate Jared
“TheWacoKidd” Hamby, decided to take a look at the file. This happened
sometime around October 12th or 13th as I understand it. They realized
soon after that AP had send Marco ALL of the hole
cards in the hand history. This, of course, allowed them to watch how
POTRIPPER played and to examine what hands were at the table when
POTRIPPER was/was not playing hands. It quickly became apparent to all
who saw the history that POTRIPPER was cheating and, somehow, knew
peoples’ hole cards. You can view the hand history on PokerXFactor here.
One thing to note is that the spreadsheet only had the first 2 hours
and 20 minutes of the tournament because of the Excel line limit, so
the hole card access somewhat cuts off around hand 94.
Anyway, I noticed posts talking about this Excel file. On Saturday,
MrTimCaum sent me a copy of the spreadsheet. I started to play around
with it and noticed that there was random IP/email/user id numbers
interspersed with the player actions. It wasn’t clear at first exactly
what the info meant. It didn’t seem like the info pointed to people at
tables for the following reason:
[SCREENSHOT REMOVED]
The IP info looked something like that. It told me when someone
“entered” a table, what their email was, what their IP was, what their
user id was, etc. Note that I changed all of the info in this line to
protect the privacy of the real data. I put in my email address for the
hell of it. Anyway, there were 845 lines with either “TABLE_ENTER” or
“TABLE_LEAVE” and through some analysis, I realized that there were
tons of players in the event who I knew and they never appeared in the
“TABLE_ENTER” or “TABLE_LEAVE” lines. Eventually, we figured out that
Enter and Leave lines were recorded for people who were logged into the
software and opening or closing the table, but not seated at the table.
Next, I analyzed the lines related to table 13, where POTRIPPER was
seated. 2+2er snagglepuss, who I forwarded the spreadsheet to, had
already pointed out to me two sketchy observers, one of whom opened up
table 13. And when I looked at the data, I noticed something a little
weird. One of the sketchy observers opened up table 13 and he was user
number 363! This number is incredibly low and I instantly knew that the
account had been created by AP or someone who was associated in some
way with AP. It had to be a test account of some kind to be made that
early in the system.
[SCREENSHOT REMOVED]
I am still hiding some of the sensitive info, but this line in the
spreadsheet was probably the key to cracking the case in my opinion. It
showed a number of things:
- A Costa Rican IP address (and this IP address becomes more important)
- An observer entering the table and never leaving the table until at
least 11:20 PM (or over two hours later when the spreadsheet cuts off)
- A very very low user number that indicates AP involvement in some
way — not that the company as a whole knows, but that SOMEONE on the
inside was involved.
The next step was to cross reference the IP address within the file.
When I did that, some info on the other “sketchy” guy came up.
[SCREENSHOT REMOVED]
Once again I blacked out some of the info, but the important thing
is that SCOTT@RIVIERALTD.COM had the same IP address as user 363. He
stopped by table 9 for whatever reason for about 20 seconds. The only
real significance of table 9, as far as I know, was that Mark Seif, an
AP sponsored player and AP co-owner (I think?) was playing on it. That
doesn’t mean that Mark was involved, but it is a relevant fact with
regards to table 9.
The next step, which I think I did the next day, was to figure out
some info on rivieraltd.com. I pinged the domain and found the IP to be
66.212.244.147. Note that someone has since changed
this, but the IP can still be connected to the mail server as of this
writing. Then upon doing further research on that IP address, I traced
it to what I believed to be the Kahnawake gaming commission. I posted my findings on 2+2 and P5s. Then a poster on P5s named JackBileDuct pointed out the following:
66.212.244.147 is mail.riveraltd.com telneting to it on port 25 gets a greeting from a mail server. It *IS* a mail server.
Also that IP is NOT the Kahnawake Gaming Commission. Are you ready for this… It is AP.
Mohawk Internet Technologies MIT-BLK-01 (NET-66-212-224-0-1)
66.212.224.0 - 66.212.255.255
Absolute Entertainment S.A. MIT-ABPOK-02 (NET-66-212-244-128-1)
66.212.244.128 - 66.212.244.255
Go to http://www.arin.net and enter the IP address in a whois search. That connection is from one of their own IP’s….
CustName: Absolute Entertainment S.A.
Address: Plaza Mayor 2nd building 2nd floor
City: San Jose
StateProv:
PostalCode:
Country: CR
RegDate: 2006-08-16
Updated: 2006-09-26
That might be kind of technical, but the general idea is that the
email address was hosted by Kahnawake but actually belong to AP! So
this SCOTT@RIVIERALTD.COM fellow was actually connected to AP. This was
overwhelming evidence in my mind… remember:
- There was a low numbered user watching the table (and probably sharing hole card info) with the suspicious player POTRIPPER
- The low numbered user was connecting from Costa Rica
- An AP-associated person was on the same IP address and even though he wasn’t watching table 13, he revealed himself nonetheless
My head was spinning. I kept posting more and more of these
revelations online. One issue was that I didn’t know who Scott was. So
I sent out a feeler email (PM in some cases) asking various places to
check on the IP address that was used by the two sketchy accounts.
Sure enough, I woke up Tuesday morning to find a rash of evidence
sitting in front of me. 2+2 moderator Adanthar found that the IP
address was used by a 2+2 account with the login name scotttom. P5s
admin Adam Small told me that he knew one of the AP owners was named
Scott (although he didn’t say the last name). A few other sources who
do not want to be named told me that Scott Tom was associated with that
IP address. It was also pointed out to me that there was an online blog
post where some girl said that Scott and Phil Tom (brothers I think,
although only Scott seems to have been implicated) were AP owners and
executives. Adanthar posted his findings on 2+2 and revealed that he’d
connected the somewhat mysterious IP address to an actual person. Also,
other sources that do not want to be named confirmed that the IP
address was a residential cable modem tied specifically to the Tom
family.
So that’s how everything was tied together on as simple a level as I
can make it. I am not including a ton of various leads that I’ve
followed or some of the inside info that I received, but this is the
general gist of it. I’ll post more as time goes on, especially on
things like the media, AP and community reactions to this stuff.
|