Cheating and Cybercrimes @

Gambling Sites.Com

John McMullan, PhDSaint Mary’s University

Aunshul Rege, PhD StudentRutgers University

Internet Gambling• Proliferation of cybercrimes

@ gambling sites; yet little research done

• Wood & Griffith (2008) – cheating & perceptions of poker players; American Gaming Association (2006) – cheating & perceptions of internet casino players; McMullan & Rege (2007) – cyberextortion & internet gambling; CERT-LEXSI (2006) – organized crime & internet gambling

• No systematic mapping of relationships between internet gambling and criminal behaviour or cheating

• This presentation covers:– Types of cheating and cybercrimes– Techniques of cheating and cybercrimes– Organizational dynamics of cheating and cybercrimes– Legal challenges of cybercrimes

Methods• 48 combinations of keywords• 10 page, 100 item cutoff; 4800 docs • Approx. 500 documents• 2000 to 2008 timeframe• Document Analysis

– Availability (Internet & Library)– Accessibility

• Internet (News sites; FinCEN; FATF)

• Reports & White Papers (Internet Gambling Report IV; Game Developers; Gaming Commissions)

• Academic Databases (Sociological

Abstracts; EBSCO Academic Search Premier; ACM Digital Library- Search Criteria

• Technical skill• Tactical and strategic knowledge• Division of labour•Organizational traits of cybercrime

- Credibility• Authenticated websites• Triangulating sources• Registry of sources

Diversity of cybercrime• We uncovered hundreds of examples of alleged cheats and

crimes related to internet gambling• For purposes of this presentation, we focus on 24 case studies

indexing the diversity of criminal conduct• Cheating (3): PokerSmoke; HoldemGenius; PartyPoker

(JJProdigy)• Collusion (3): FullTiltPoker; AbsolutePoker; UltimateBet• Malware and botnets (2): CheckRaised; BrotherSoft• Software exploitation (2): Cryptologic; Texas Hold ‘Em• Fraud (2): MaxLotto; India Lottery Scam • Money laundering (3): BetWWTS; Giordano; Uvari• DDoS attacks (2): FullTiltPoker; TitanPoker• Cyberextortion (3): BetCris; Canbet; Multibet• Phishing and identity theft (4): Euromillion Espana;

PartyPoker; Lucky7Lottery; Massachusetts State Lottery

Approach• Internet crime is rational• Structured to enhance successful outcomes• Structured to manage problems of social control

– Opportunity– Relations with victims– Detection– Prosecution– Sanction

• Different types of organizations emerge to survive in the digital environment– Techno-nomads– Digital Associates– Criminal Assemblages

• Ten examples emphasizing some of the more complex criminal events

• Cheating & Techno Nomads– PokerSmoke & HoldemGenius

• Collusion & Digital Associates– AbsolutePoker & Ultimatebet

• Identity Fraud & Criminal Networks – Euromillion Espana & PartyPoker

• Cyberextortion & Criminal Networks– Betcris & Canbet

• Money Laundering & Criminal Networks– Uvari Bookmaking Scheme & Giordano Group

Cheating & Techno Nomads

• AI programs• Hands-free, robotic poker player• Plays at level of a professional player in tournaments• Sophisticated Decision Engine• Advanced Neural Network Technology• Memorized opponents’ game styles, recognized

betting patterns, calculated pot and hand odds – on auto-pilot!

Cheating & Techno Nomads

• Similar technology to PokerSmoke

• Used in hundreds of online poker rooms to increase edge over other players

• Fully functional website• Regular software upgrades• Online tutorials• Customer support

Characteristics of Techno-nomads• Ranged in technical expertise: users,

producers, marketers• Worked alone or on ‘contract’• Underground economy: services,

technical knowledge, digital loot, training, manufacturing

• Anonymous• Avoided contact with victims• Impersonation• Surprise attacks• Escapist/ lived in digital shadows• Evasion & Avoidance of Law/Security

Collusion & Digital Associates• Tokwiro and Kahwanake Commission• Player vigilance• NioNio’s win rate: $300,000 in 3,000

hands• Ten SD above average = winning one

million dollar lottery six consecutive times

• Nio Nio core of organized network of 19 super accounts using 88 virtual persons to cheat players for 43 months – May 04 – Jan 08.

Collusion & Digital Associates (ctd)• Software code allowed systemic cheating

and theft – take $25 mill US• Corporate Shell Game: Logic, Excapsa,

Tokwiro, Blast Off Ltd.• 3 Super Accounts Connected to W.S.P

winner and former founder of UltimateBet• (aka. allegedly Russ Hamilton)• Detection, Prosecution, Penalty

Collusion & Digital Associates• Teams in both one-off or ongoing projects: fraud,

theft, small-scale money laundering, seat stealing, and cheating scams

• Tokwiro Enterprises and Kahnawake Gaming Commission

• PotRipper aka A.J. Ripper aka allegedly to be A.J. Green (former executive)

• Seven Superuser accounts• #363 aka allegedly to be Scott Tom (owner) –

inside access• Real-time information sharing of hole

cards• Stole b/w 0.5 and 1 mill in 6 weeks• Detection, Prosecution, and Compensation

Other Digital Associates• Business crimes

– Withholding winning revenue from players– Fraud by fabricating phantom websites and malware to

deceive would be clients– Identity theft

• Employee/workplace crimes– hacking into corporate data bases– selling gaming information, software, and algorithmic

programs [BetonSports, Cryptologic]– small-scale organized crime– money laundering through botnet manipulations and chip

dumping– online betting fraud [India 2007]

Characteristics of Digital Associates• Working Crafts• Routinization• Impersonation/multiple identities• Multiple, simultaneous targeting

of victims• Small takes• Efficient Modus Operandi• Effective Modus Vivendi: evading detection,

avoiding punishment• Managing Risk with Victims• Size & density of sites, activities & users

Identity Fraud & Crime NetworksEuromillion Espana • Combined confidence cheating

with identity theft• Multinational in scope• Valued at $200 mill.• OC groups in Spain, France,

Australia, UK• Traditional tactics

(social eng, fake docs)• Technological tactics

(emails, fake sites) • Deceptive attack [tricked by fraudulent messages]• Malware attack [use of malicious code to retrieve personal information]• DNS attack [manipulate IP addresses to send personal information]• 300 members of crime networks eventually arrested by undercover operation• Yet crime networks remained regenerative

Identity Fraud & Crime Networks• Well-organized phishing scam• Created perfect replica of

Party Poker site• Hosted site on their own

illegal servers• Sent spoofed email warning of

Impact of new gambling law onPartyPoker users

• Link to cloned site• Log in w/ personal

information– ID theft; player

impersonation;playing credit theft; digital data black marketing

Phishing Site Screenshot

Cyberextortion & Crime Networks• Between 2000 and 2006, hundreds of gambling sites targeted for

hundreds of millions of dollars• British bookmakers alone in 2004 lost over $70 mill. to cyberextortion

groups• DDoS attacks; digital shakedowns• Network Organization – organizers; extenders; executors• Lateral networked structures:

– regenerative characteristics– minimum personal contacts– virtual recruitment via online mediums

- dispersed automatic hierarchy of authority- top-down compartmentalization operation- fluid flexible modus operandi

Tax Evasion, Avoidance & Crime Networks

Computer Emergency Response Team - Laboratoire d'EXpertise en Sécurité Informatique (CERT-LEXSI) (2006). Online Gaming Cybercrime: CERT- LEXSI’S White Paper, July 2006.

Tax Evasion, Avoidance & Crime Networks

Uvari Group• Illegal gambling• Criminal members scattered globally• Intermediary between gamblers and sport betting

companies• Use of virtual and terrestrial Sites• Uvari group opened accounts for

players in offshore markets – Isle of Man, Curacao, etc

• Traded player identities for incentives, bonuses, and tax benefits

• Created hundreds of dummy accounts in Uvari names – tax evasion for players on wins and tax deductions for losses for Uvari members on dummy accounts

• Family bonds & entrepreneurial ties• Flat; networked structure; no hierarchy

Money Laundering & Crime Networks

• Used shell corporations & bank accounts worldwide [Central America, Caribbean, and Hong Kong] to clean illicit capital

• playwithal.com – 40,000 customer accounts were used to move

money through gambling sites to offshore banks• Family affair

– Giordano (organizer)– son-in-law (controller)– Wife & daughter (finances)

• Other members– Clerks; runners; enforcers

Gambling sites as laundering enterprises

Characteristics of Crime Networks• Structured as businesses• Global in scope and modus operandi• More complex division of labour• Greater organizational prominence and persistence• Substantial financial takes and more complicated modus

operandi• Dot.cons networks = international pods of loosely

connected groups• Networks as nodal ‘contact points’ for crimes• Rhizomatic structures/regenerative• Yet crime assemblages were higher risk events: fusion of

internet galaxy and terrestrial world• Greater police ad private security interest• The ‘dialectics’ of techno-war: opportunity reduction

remedies vs. counter detection measures• Private ‘fiefdoms’ of security vs. industry-wide security• The rise of ‘civilian strikeback’ measures

Legal Challenges• Revise standard laws

– Up-to-date technically– Enact legal definitions for

virtual environments– Harmonize definitions within nation states

• Harmonize Legal Matters Across Jurisdictions– Legal definitions– Licensing agreements– Evidence Admissibility– On-site audits/inspections

Legal Challenges (ctd)• Strengthen Transborder Enforcement

– Unified Legal Permissions– Harmonize policing standards re: search & seizure,

intangible data, warrants, notifications, and storage of evidence

– Calibrate judicial approvals for the management and execution of intercepted data and decrypted data so as to permit wide use in multilateral contexts

• Improve ‘market solutions’ to cybercrime– Extend & rationalize relations between public and

private security– Create industry-wide benchmarks for cybersecurity

that are cost-effective and applicable to all– Establish new modified legal environments to

galvanize better technical preventative market-driven crime solutions

Thank youQuestions?

John McMullan, PhDSaint Mary’s University

Aunshul Rege, PhD StudentRutgers University