Potripper Controversy
Things have been raging about the Potripper controvery for a while now.
To summerize, a long term internet pro CrazyMarco came second to Potripper in Absolute Poker's biggest tournament (the $1000 buy-in). He was so suspicious of his play, which included some outrageous calls, that he asked for the hand histories.
The hand histories sent included a little more than perhaps Absolute would normally send out, in fact it contains IPs of players, email addresses of players, and similar for the observers as well.
One of these observers tracked Potripper for the entire tournament. You'd have to say that was unusual.
After considerable investigations it transpired that this observer ID belonged to a consultant of Absolute, who had somehow managed use his high status position to breach elaborate security to create a superuser account which count see the hole cards. He ran this ID alongside (railing) his Potripper ID (part of his cover-up), so he could see the cards as he was playing.
If we fastforward to the present, Absolute has done initial investigations and confirmed the breach and have compensated players, and people who had there personal information leaked.
Security has been tightened, but they are also undergoing a far more detailed investigation and review to ensure that any person affected isnt out of pocket and to ensure the matter doesnt happen again.
The problem with employing systems experts is probably always this sort of temptation to them, and the online industry will have to learn a little from high cash volume activities in the real world. Activities such as the elaborate security at bricks and mortar casinos, where all employees with potential access to minipulating events to steal money are monitored by an elaborate chain of security levels, where huge numbers of people would have to be in cahoots for activities to go undetected. Similarly, high level IT professionals need to have similar monitoring by others who do not "touch the money", and in turn those doing the monitoring need to be monitored. It is too much to expect to be able to just trust employees/consultants with access to core code in a "cash" industry. Many more levels should, and inevitably will, be put in place to prevent a repeat of these events.
To summerize, a long term internet pro CrazyMarco came second to Potripper in Absolute Poker's biggest tournament (the $1000 buy-in). He was so suspicious of his play, which included some outrageous calls, that he asked for the hand histories.
The hand histories sent included a little more than perhaps Absolute would normally send out, in fact it contains IPs of players, email addresses of players, and similar for the observers as well.
One of these observers tracked Potripper for the entire tournament. You'd have to say that was unusual.
After considerable investigations it transpired that this observer ID belonged to a consultant of Absolute, who had somehow managed use his high status position to breach elaborate security to create a superuser account which count see the hole cards. He ran this ID alongside (railing) his Potripper ID (part of his cover-up), so he could see the cards as he was playing.
If we fastforward to the present, Absolute has done initial investigations and confirmed the breach and have compensated players, and people who had there personal information leaked.
Security has been tightened, but they are also undergoing a far more detailed investigation and review to ensure that any person affected isnt out of pocket and to ensure the matter doesnt happen again.
The problem with employing systems experts is probably always this sort of temptation to them, and the online industry will have to learn a little from high cash volume activities in the real world. Activities such as the elaborate security at bricks and mortar casinos, where all employees with potential access to minipulating events to steal money are monitored by an elaborate chain of security levels, where huge numbers of people would have to be in cahoots for activities to go undetected. Similarly, high level IT professionals need to have similar monitoring by others who do not "touch the money", and in turn those doing the monitoring need to be monitored. It is too much to expect to be able to just trust employees/consultants with access to core code in a "cash" industry. Many more levels should, and inevitably will, be put in place to prevent a repeat of these events.
posted by Poker Player at 7:48 AM
0 Comments:
Post a Comment
<< Home