|
Furthre issues
I’ve read with interest the evolving developments in the Absolute Poker story but waited until now to enter the debate. My reasons for doing so will become evident.
Firstly a response to the poster who required “independent evidence”. I gathered as much information as I could from this and a variety of other websites and had discussions with three friends of mine. Each is independent and each a recognised expert in their field.
1. Mr. P*** H******** (Barrister)
2. Dr. J*** T******* (Lecturer in Applied Mathematics)
3. Dr. D** S**** (Lecturer in Computer Science)
Secondly, the following does not necessarily constitute my personal opinion and should be taken as nothing more than the results of analytical debate. You can draw your own conclusions.
Their responses were as follows:
1. There is probably sufficient documentary and empirical evidence to instigate a prosecution (by the losing participants in the relevant games), civil or otherwise. However, there are serious issues regarding jurisdiction so it would be wise to seek counsel from a specialist in multi-jurisdictional law by anyone contemplating this course. However, it would be reasonable to assume that AbsolutePoker.com are not directly to blame; a disgruntled employee perhaps, but probably not the corporate entity. There is a strong argument they too are victims in this affair.
2. After studying as many table deals in the suspect games as I could find (presumably all of them) it was calculated the statistical probability of the individual concerned making the correct decision (particularly on the ‘river card’) in the sequence he achieved (by chance) was around 43.0467 million to 1 against. This was based on a randomly dealt standard deck of 52 cards with live cards as base. For comparison, DNA testing probability requires a comparison statistic of 1 in 100 million (or thereabouts).
3. The third discussion centred on technical feasibility. It’s somewhat protracted but I’ll do my best to explain our conclusions. The initial questions were obviously: could the site be compromised and could other players ‘hole cards’ be visible to another participant? The simple answer…yes. It is even technically possible they could see the entire hand before it’s completely dealt. We dismissed the notion that AP had a ‘superuser account’ as this would open up an internal can of worms that couldn’t possibly be harnessed and concentrated instead on cracking. Let us assume AP runs a 128bit seed (although 64bit would not be out of the question) for their Random Number Generator (RNG). Ordinarily this would be sufficient to deflect an attack, but what if a cracker obtained the timing algorithms? There are around 4 billion possible card shuffle combinations in a 52-card deck so it would require a system at least equal if not superior to the client. However, five cards are known after the flop so this reduces the figure considerably, if there were just complicity at a single table and, say, two additional players were in cahoots, the potential shuffle combinations reduces once more - drastically. The other two players do not need to remain in the game until it’s conclusion but simply stay long enough for the cracker system to obtain the timing sequence and pair it unison with the RNG. Ok, you may shriek, but this would still take days (if not weeks) to obtain the correct seed. Now consider this; the individual was using the site unsuccessfully for a period prior to his unexplained and sudden winning streak. What if this time was spent synchronising the system? It certainly offers a plausible answer. Furthermore, many sites still use their system clock as the seed for their RNG (split into milliseconds per day) so the possible combinations reduces once more to a manageable cracking level (86 million for the seed and less than 1 million for the combination). Cigital famously used this as the basis for breaching an Internet poker site in 1999. Are we to believe the exercise couldn’t be duplicated in 2007? Maybe AP should employ the services of Cigital, they’re the acknowledged world leaders in online gambling security and would certainly help to restore AP’s reputation, not to mention providing a definitive answer. However, to continue with the technicalities in detail would generate a thread the size of ‘War and Peace’ but that is not the point. The contention is that the system could be compromised, no matter how unlikely. With complicity from an ‘insider’ it just makes it easier. However, there is one burning question: if the site was even possibly being breached, why the hell didn’t AP suspend the account?
4. Our final chat concerned betting patterns which were quite frankly outrageous but as this has been covered extensively on this site already I suggest you go through the archive pages as explanations have been given far more competently than I can offer here.
It was generally agreed something untoward happened and the authorities should be alerted even if it means the repercussions would be far reaching. But, is this an isolated case or just the tip of a very large iceberg?
This is by no means definitive and opens questions from two directions: those towards the individual and those towards AP. The first category is largely semantic but the second far more important for everyone concerned. Indeed, it should be argued that it is not the questions to AP that are paramount but rather their responses. It would be interesting to hear your reactions from each side of the camp regarding this matter, both those clearly affiliated with AP (to whatever degree) and those with only a perfunctorily interest. I’ll be happy to post again to clarify or expand on any of these points as best I can. I’ll leave the final word to one of my colleagues who noted after analysing everything we had. “This whole thing stinks to high heaven”.
|
3rd October 2007, 09:49 AM
Similar Threads
Linear Mode
