The Ultimate Bet Superuser Scandal

Ultimate Bet released a press release today admitting that employees of “the previous ownership of UltimateBet” were responsible for cheating high limit players out of an unspecified amount of money, largely believed to run into the millions, thanks to “unauthorized software code that allowed the perpetrators to obtain hole card information during live play”. In other words, UB employees could see players’ hole cards and exploited this to steal quite a lot of money from high stakes players over the course of about two years.

The theft was uncovered through the collective effort of several 2+2’ers who were high stakes regulars at UB affected by the theft, most prominently trambopoline, dlpnyc21, josem, and also Nat Arem. 2+2 Moderator Cornell Fiji composed a thorough summary of what is believed to have happened along with the damning evidence that goes well beyond what UB admits in its press release.

In this new thread, Cornell is once again doing an admirable job exposing all of the deception in the press release. I’m not going to try to summarize it all, but basically it is at the very least a shameful lapse, and more probably deliberate negligence, that UB’s security didn’t notice any of this until 2+2’s amateur investigators compiled undeniable evidence. If security isn’t tracking win rates and investigating the play of the biggest winners in the biggest games on the site, what exactly are they doing? How is it that amateurs with nothing more than Poker Tracker databases can unravel this stuff, but a supposedly professional security team cannot?

Moreover, UB claims that it knew nothing about the potential for its software to be exploited in this way. But UB is owned by Tokwiro Enterprises, which also owns Absolute Poker, which was the subject of another scandal where a similar vulnerability was exploited from the inside. It’s absurd for them to claim that they couldn’t have anticipated this, and it’s disgraceful that they either didn’t anticipate it or actively facilitated the theft.

Nat Arem had a chance to question one of their representatives, but don’t expect too much new info from that Q&A session.

Like Absolute Poker, UB tries to reassure its customers by pointing to its “regulatory agency”, the Kahnawake Gaming Commission. Aside from the gross incompetence (or worse) demonstrated above, there’s another big problem with the KGC: Joe Norton, the owner of Tokwiro Enterprises, is also the former Grand Chief of the Kahnawake Mohawk tribe of Montreal! In other words, there is nothing independent about the KGC.

During his time as Grand Chief, Norton was accused of more than his share of shady dealings and corrupt bargains. Though members of his tribe accused him of being a puppet of the Quebec government, he also had a well-publicized (in Canada) clash with Canadian police and soldiers.

In a lot of ways, this latest scandal is very discouraging and disheartening. However, both UB and AP were eventually forced to admit that something had gone wrong and to return player funds that were stolen. This demonstrates the power of the online poker community to exercise some level of independent oversight over the sites where we play. Ideally, this will discourage other sites from trying anything shady in the future. However, if the only ramification for UB, after all this time and effort, is that they have to return the funds that weren’t theirs to begin with, then this will not be much of a deterrent.

So what can we do? I’ve got some ideas, and I hope you’ll offer others.

1. Boycott AP and UB. I never played on AP, and I’ve pulled all of my money off of UB. If a scandal like this doesn’t bankrupt UB or at least crush their market share, then it will not be a deterrent to any future malfeasance by them or anyone else. I was probably one of maybe twenty people regularly playing 25/50 NL on their site, so hopefully my action will be missed, as will that of other high limit players who refuse to play there.

2. Stop endorsing them. High-profile players like Annie Duke and Phil Hellmuth need to end their affiliation with UB. It is downright unethical for them to be encouraging people to play on this site. Similarly, Cliff “JohnnyBax” Josephy should be ashamed of himself for signing with them this week. He claims he was convinced of their desire to change, but based on what he’s said publicly about this, it doesn’t seem like he was especially well-informed about the allegations nor that he went to great lengths to question whomever he spoke with from UB’s management. Then again, he is supposedly a pretty shrewd businessman, so perhaps he knows something I don’t. But I think he ought to either say a lot more about why he has confidence in UB or stop encouraging others to play there.

3. Ask tough questions of other sites. I’m no expert on this, but personally, Poker Stars and Full Tilt Poker are the only sites I’m comfortable playing on right now. Still, I think it would be best to get specific, public statements from them about the nature of their security, why their software is not vulnerable to the exploits that led to the theft on UB and AP, who regulates them and how, etc. UB and AP have been able to hedge, make misleading statements, and deny responsibility because in many cases they had not made explicit statements before these scandals about the nature of their security. As players, we should have a more explicit understanding of the level of security the sites will provide. There should be measurable benchmarks and pre-agreed ramifications for them if something illicit happens on their site. If 2+2 could create a Players’ Bill of Rights or something, thousands of us could ask sites like Poker Stars, FTP, and especially UB to agree to it as a condition for our business.

4. Create a genuinely independent regulatory authority with teeth. Similar to (3), there should at least be an independent regulator whom sites could voluntarily hire to certify the security of their software. Then we as players could refuse our business to anyone who didn’t pay for that certification. There’s probably money to be made here if it’s done right, and it would be a huge boon for online poker generally.

5. Legalize and regulate online poker in the US. Obviously I think this would be a good thing anyway, but as much as opponents of poker may try to use scandals such as this as arguments against legalization, I believe they are actually arguments in favor. Not that government involvement is a guarantor of legitimacy, but it’s got to be better than the legal netherworld in which internet poker currently exists. Once again, there’s money to be made here.

6. Spread a genuine understanding of the issue. Casual players have a right to know about the security issues at AP and UB, and its in our interest to have them playing on the more reputable sites where we are taking our business. At the same time, we don’t want to be fearmongers turning the poker world off to internet poker in general. We need simultaneously to inform people that UB and AP are unsafe but that there have not even been any plausible suspicions raised about extensive cheating at sites like FTP and Poker Stars. I honestly feel that the risk of cheating on those sites is barely higher than it is in brick and mortar casinos and much lower than at underground poker clubs. However, I’ll feel a lot more comfortable vouching for the credibility of those sites if and when some of my above suggestions are implemented.

6 thoughts on “The Ultimate Bet Superuser Scandal”

  1. Well said, Foucault. If players vote with their feet, the cheating sites will be out of business.

  2. My feelings exactly. UB was the first site I ever played on and even though I am a lower stakes player felt compelled to delete it from my pc. I don’t trust any site completely and prefer live games, which is a pity as on-line would be so much more convenient.

  3. Thanks, fawlty. I must say, though, that I don’t think it’s fair to hold this against online poker in general nor is it rational to conclude that live poker is necessarily safer. Cheating can and does happen in live poker, and when it does, there aren’t Poker Tracker records and 2+2 sleuths to figure it out and get the money refunded.

Comments are closed.