Cheating and Cybercrimes @ Gambling Sites.Com John McMullan, PhD Saint Mary’s University Aunshul Rege, PhD Student Rutgers University Internet Gambling • Proliferation of cybercrimes @ gambling sites; yet little research done • Wood & Griffith (2008) – cheating & perceptions of poker players; American Gaming Association (2006) – cheating & perceptions of internet casino players; McMullan & Rege (2007) – cyberextortion & internet gambling; CERT-LEXSI (2006) – organized crime & internet gambling • No systematic mapping of relationships between internet gambling and criminal behaviour or cheating • This presentation covers: – Types of cheating and cybercrimes – Techniques of cheating and cybercrimes – Organizational dynamics of cheating and cybercrimes – Legal challenges of cybercrimes Methods • • • • • 48 combinations of keywords 10 page, 100 item cutoff; 4800 docs Approx. 500 documents 2000 to 2008 timeframe Document Analysis – Availability (Internet & Library) – Accessibility • Internet (News sites; FinCEN; FATF) • Reports & White Papers (Internet Gambling Report IV; Game Developers; Gaming Commissions) • Academic Databases (Sociological Abstracts; EBSCO Academic Search Premier; ACM Digital Library - Search Criteria • Technical skill • Tactical and strategic knowledge • Division of labour •Organizational traits of cybercrime - Credibility • Authenticated websites • Triangulating sources • Registry of sources Diversity of cybercrime • We uncovered hundreds of examples of alleged cheats and crimes related to internet gambling • For purposes of this presentation, we focus on 24 case studies indexing the diversity of criminal conduct • Cheating (3): PokerSmoke; HoldemGenius; PartyPoker (JJProdigy) • Collusion (3): FullTiltPoker; AbsolutePoker; UltimateBet • Malware and botnets (2): CheckRaised; BrotherSoft • Software exploitation (2): Cryptologic; Texas Hold ‘Em • Fraud (2): MaxLotto; India Lottery Scam • Money laundering (3): BetWWTS; Giordano; Uvari • DDoS attacks (2): FullTiltPoker; TitanPoker • Cyberextortion (3): BetCris; Canbet; Multibet • Phishing and identity theft (4): Euromillion Espana; PartyPoker; Lucky7Lottery; Massachusetts State Lottery Approach • Internet crime is rational • Structured to enhance successful outcomes • Structured to manage problems of social control – Opportunity – Relations with victims – Detection – Prosecution – Sanction • Different types of organizations emerge to survive in the digital environment – Techno-nomads – Digital Associates – Criminal Assemblages • Ten examples emphasizing some of the more complex criminal events • Cheating & Techno Nomads – PokerSmoke & HoldemGenius • Collusion & Digital Associates – AbsolutePoker & Ultimatebet • Identity Fraud & Criminal Networks – Euromillion Espana & PartyPoker • Cyberextortion & Criminal Networks – Betcris & Canbet • Money Laundering & Criminal Networks – Uvari Bookmaking Scheme & Giordano Group Cheating & Techno Nomads • • • • • • AI programs Hands-free, robotic poker player Plays at level of a professional player in tournaments Sophisticated Decision Engine Advanced Neural Network Technology Memorized opponents’ game styles, recognized betting patterns, calculated pot and hand odds – on auto-pilot! Cheating & Techno Nomads • Similar technology to PokerSmoke • Used in hundreds of online poker rooms to increase edge over other players • Fully functional website • Regular software upgrades • Online tutorials • Customer support Characteristics of Techno-nomads • Ranged in technical expertise: users, producers, marketers • Worked alone or on ‘contract’ • Underground economy: services, technical knowledge, digital loot, training, manufacturing • Anonymous • Avoided contact with victims • Impersonation • Surprise attacks • Escapist/ lived in digital shadows • Evasion & Avoidance of Law/Security Collusion & Digital Associates • • • • Tokwiro and Kahwanake Commission Player vigilance NioNio’s win rate: $300,000 in 3,000 hands Ten SD above average = winning one million dollar lottery six consecutive times • Nio Nio core of organized network of 19 super accounts using 88 virtual persons to cheat players for 43 months – May 04 – Jan 08. Collusion & Digital Associates (ctd) • Software code allowed systemic cheating and theft – take $25 mill US • Corporate Shell Game: Logic, Excapsa, Tokwiro, Blast Off Ltd. • 3 Super Accounts Connected to W.S.P winner and former founder of UltimateBet • (aka. allegedly Russ Hamilton) • Detection, Prosecution, Penalty Collusion & Digital Associates • Teams in both one-off or ongoing projects: fraud, theft, smallscale money laundering, seat stealing, and cheating scams • Tokwiro Enterprises and Kahnawake Gaming Commission • PotRipper aka A.J. Ripper aka allegedly to be A.J. Green (former executive) • Seven Superuser accounts • #363 aka allegedly to be Scott Tom (owner) – inside access • Real-time information sharing of hole cards • Stole b/w 0.5 and 1 mill in 6 weeks • Detection, Prosecution, and Compensation Other Digital Associates • Business crimes – Withholding winning revenue from players – Fraud by fabricating phantom websites and malware to deceive would be clients – Identity theft • Employee/workplace crimes – hacking into corporate data bases – selling gaming information, software, and algorithmic programs [BetonSports, Cryptologic] – small-scale organized crime – money laundering through botnet manipulations and chip dumping – online betting fraud [India 2007] Characteristics of Digital Associates • • • • • • • • • Working Crafts Routinization Impersonation/multiple identities Multiple, simultaneous targeting of victims Small takes Efficient Modus Operandi Effective Modus Vivendi: evading detection, avoiding punishment Managing Risk with Victims Size & density of sites, activities & users Identity Fraud & Crime Networks Euromillion Espana • Combined confidence cheating with identity theft • Multinational in scope • Valued at $200 mill. • OC groups in Spain, France, Australia, UK • Traditional tactics (social eng, fake docs) • Technological tactics (emails, fake sites) • • • • • Deceptive attack [tricked by fraudulent messages] Malware attack [use of malicious code to retrieve personal information] DNS attack [manipulate IP addresses to send personal information] 300 members of crime networks eventually arrested by undercover operation Yet crime networks remained regenerative Identity Fraud & Crime Networks • Well-organized phishing scam • Created perfect replica of Party Poker site • Hosted site on their own illegal servers • Sent spoofed email warning of Impact of new gambling law on PartyPoker users • Link to cloned site • Log in w/ personal information – ID theft; player impersonation; playing credit theft; digital data black marketing Phishing Site Screenshot Cyberextortion & Crime Networks • Between 2000 and 2006, hundreds of gambling sites targeted for hundreds of millions of dollars • British bookmakers alone in 2004 lost over $70 mill. to cyberextortion groups • DDoS attacks; digital shakedowns • Network Organization – organizers; extenders; executors • Lateral networked structures: – regenerative characteristics – minimum personal contacts – virtual recruitment via online mediums - dispersed automatic hierarchy of authority - top-down compartmentalization operation - fluid flexible modus operandi Tax Evasion, Avoidance & Crime Networks Computer Emergency Response Team - Laboratoire d'EXpertise en Sécurité Informatique (CERT-LEXSI) (2006). Online Gaming Cybercrime: CERT- LEXSI’S White Paper, July 2006. Tax Evasion, Avoidance & Crime Networks Uvari Group • Illegal gambling • Criminal members scattered globally • Intermediary between gamblers and sport betting companies • Use of virtual and terrestrial Sites • Uvari group opened accounts for players in offshore markets – Isle of Man, Curacao, etc • Traded player identities for incentives, bonuses, and tax benefits • Created hundreds of dummy accounts in Uvari names – tax evasion for players on wins and tax deductions for losses for Uvari members on dummy accounts • Family bonds & entrepreneurial ties • Flat; networked structure; no hierarchy Money Laundering & Crime Networks Gambling sites as laundering enterprises • Used shell corporations & bank accounts worldwide [Central America, Caribbean, and Hong Kong] to clean illicit capital • playwithal.com – 40,000 customer accounts were used to move money through gambling sites to offshore banks • Family affair – Giordano (organizer) – son-in-law (controller) – Wife & daughter (finances) • Other members – Clerks; runners; enforcers Characteristics of Crime Networks • • • • • • • • • • • • • Structured as businesses Global in scope and modus operandi More complex division of labour Greater organizational prominence and persistence Substantial financial takes and more complicated modus operandi Dot.cons networks = international pods of loosely connected groups Networks as nodal ‘contact points’ for crimes Rhizomatic structures/regenerative Yet crime assemblages were higher risk events: fusion of internet galaxy and terrestrial world Greater police ad private security interest The ‘dialectics’ of techno-war: opportunity reduction remedies vs. counter detection measures Private ‘fiefdoms’ of security vs. industry-wide security The rise of ‘civilian strikeback’ measures Legal Challenges • Revise standard laws – Up-to-date technically – Enact legal definitions for virtual environments – Harmonize definitions within nation states • Harmonize Legal Matters Across Jurisdictions – – – – Legal definitions Licensing agreements Evidence Admissibility On-site audits/inspections Legal Challenges (ctd) • Strengthen Transborder Enforcement – Unified Legal Permissions – Harmonize policing standards re: search & seizure, intangible data, warrants, notifications, and storage of evidence – Calibrate judicial approvals for the management and execution of intercepted data and decrypted data so as to permit wide use in multilateral contexts • Improve ‘market solutions’ to cybercrime – Extend & rationalize relations between public and private security – Create industry-wide benchmarks for cybersecurity that are cost-effective and applicable to all – Establish new modified legal environments to galvanize better technical preventative market-driven crime solutions Thank you Questions? John McMullan, PhD Saint Mary’s University Aunshul Rege, PhD Student Rutgers University