Cheating and Cybercrimes Gambling Sites.Com

1
Cheating and Cybercrimes _at_ Gambling Sites.Com
John McMullan, PhD Saint Marys University Aun
shul Rege, PhD Student
Rutgers University
2
Internet Gambling

• Proliferation of cybercrimes _at_ gambling sites
  yet little research done
  
• Wood Griffith (2008) cheating perceptions
  of poker players American Gaming Association
  (2006) cheating perceptions of internet
  casino players McMullan Rege (2007)
  cyberextortion internet gambling CERT-LEXSI
  (2006) organized crime internet gambling
• No systematic mapping of relationships between
  internet gambling and criminal behaviour or
  cheating
  
• This presentation covers
• Types of cheating and cybercrimes
• Techniques of cheating and cybercrimes
• Organizational dynamics of cheating and
  cybercrimes
  
• Legal challenges of cybercrimes

3
Methods

• 48 combinations of keywords
• 10 page, 100 item cutoff 4800 docs
• Approx. 500 documents
• 2000 to 2008 timeframe
• Document Analysis
• Availability (Internet Library)
• Accessibility
• Internet (News sites FinCEN FATF)
• Reports White Papers (Internet Gambling Report
  IV Game Developers Gaming Commissions)

• Academic Databases (Sociological Abstracts
  EBSCO Academic Search Premier ACM Digital
  Library
  
• - Search Criteria
• Technical skill
• Tactical and strategic knowledge
• Division of labour
• Organizational traits of cybercrime

• - Credibility
• Authenticated websites
• Triangulating sources
• Registry of sources

4
Diversity of cybercrime

• We uncovered hundreds of examples of alleged
  cheats and crimes related to internet gambling
  
• For purposes of this presentation, we focus on 24
  case studies indexing the diversity of criminal
  conduct
  
• Cheating (3) PokerSmoke HoldemGenius
  PartyPoker (JJProdigy)
  
• Collusion (3) FullTiltPoker AbsolutePoker
  UltimateBet
  
• Malware and botnets (2) CheckRaised
  BrotherSoft
  
• Software exploitation (2) Cryptologic Texas
  Hold Em
  
• Fraud (2) MaxLotto India Lottery Scam
• Money laundering (3) BetWWTS Giordano Uvari
• DDoS attacks (2) FullTiltPoker TitanPoker
• Cyberextortion (3) BetCris Canbet Multibet
• Phishing and identity theft (4) Euromillion
  Espana PartyPoker Lucky7Lottery Massachusetts
  State Lottery
  

5
Approach

• Internet crime is rational
• Structured to enhance successful outcomes
• Structured to manage problems of social control
• Opportunity
• Relations with victims
• Detection
• Prosecution
• Sanction
• Different types of organizations emerge to
  survive in the digital environment
  
• Techno-nomads
• Digital Associates
• Criminal Assemblages

6

• Ten examples emphasizing some of the more
  complex criminal events
  
• Cheating Techno Nomads
• PokerSmoke HoldemGenius
• Collusion Digital Associates
• AbsolutePoker Ultimatebet
• Identity Fraud Criminal Networks
• Euromillion Espana PartyPoker
• Cyberextortion Criminal Networks
• Betcris Canbet
• Money Laundering Criminal Networks
• Uvari Bookmaking Scheme Giordano Group

7
Cheating Techno Nomads

• AI programs
• Hands-free, robotic poker player
• Plays at level of a professional player in
  tournaments
  
• Sophisticated Decision Engine
• Advanced Neural Network Technology
• Memorized opponents game styles, recognized
  betting patterns, calculated pot and hand odds
  on auto-pilot!
  

8
Cheating Techno Nomads

• Similar technology to PokerSmoke
• Used in hundreds of online poker rooms to
  increase edge over other players
  
• Fully functional website
• Regular software upgrades
• Online tutorials
• Customer support

9
Characteristics of Techno-nomads

• Ranged in technical expertise users, producers,
  marketers
  
• Worked alone or on contract
• Underground economy services, technical
  knowledge, digital loot, training, manufacturing
  
• Anonymous
• Avoided contact with victims
• Impersonation
• Surprise attacks
• Escapist/ lived in digital shadows
• Evasion Avoidance of Law/Security

10
Collusion Digital Associates

• Tokwiro and Kahwanake Commission
• Player vigilance
• NioNios win rate 300,000 in 3,000 hands
• Ten SD above average winning one million
  dollar lottery six consecutive times
  
• Nio Nio core of organized network of 19 super
  accounts using 88 virtual persons to cheat
  players for 43 months May 04 Jan 08.

11
Collusion Digital Associates (ctd)

• Software code allowed systemic cheating and
  theft take 25 mill US
  
• Corporate Shell Game Logic, Excapsa, Tokwiro,
  Blast Off Ltd.
  
• 3 Super Accounts Connected to W.S.P winner and
  former founder of UltimateBet
  
• (aka. allegedly Russ Hamilton)
• Detection, Prosecution, Penalty

12
Collusion Digital Associates

• Teams in both one-off or ongoing projects fraud,
  theft, small-scale money laundering, seat
  stealing, and cheating scams
  
• Tokwiro Enterprises and Kahnawake Gaming
  Commission
  
• PotRipper aka A.J. Ripper aka allegedly to be
  A.J. Green (former executive)
  
• Seven Superuser accounts
• 363 aka allegedly to be Scott Tom (owner)
  inside access
  
• Real-time information sharing of hole cards
• Stole b/w 0.5 and 1 mill in 6 weeks
• Detection, Prosecution, and Compensation

13
Other Digital Associates

• Business crimes
• Withholding winning revenue from players
• Fraud by fabricating phantom websites and malware
  to deceive would be clients
  
• Identity theft
• Employee/workplace crimes
• hacking into corporate data bases
• selling gaming information, software, and
  algorithmic programs BetonSports, Cryptologic
  
• small-scale organized crime
• money laundering through botnet manipulations and
  chip dumping
  
• online betting fraud India 2007

14
Characteristics of Digital Associates

• Working Crafts
• Routinization
• Impersonation/multiple identities
• Multiple, simultaneous targeting of victims
• Small takes
• Efficient Modus Operandi
• Effective Modus Vivendi evading detection,
  avoiding punishment
  
• Managing Risk with Victims
• Size density of sites, activities users

15
Identity Fraud Crime Networks

• Euromillion Espana
• Combined confidence cheating with identity
  theft
  
• Multinational in scope
• Valued at 200 mill.
• OC groups in Spain, France, Australia, UK
• Traditional tactics (social eng, fake docs)
• Technological tactics (emails, fake sites)

• Deceptive attack tricked by fraudulent
  messages
  
• Malware attack use of malicious code to
  retrieve personal information
  
• DNS attack manipulate IP addresses to send
  personal information
  
• 300 members of crime networks eventually
  arrested by undercover operation
  
• Yet crime networks remained regenerative

16
Identity Fraud Crime Networks

• Well-organized phishing scam
• Created perfect replica of Party Poker site
• Hosted site on their own illegal servers
• Sent spoofed email warning of Impact of new
  gambling law onPartyPoker users
  
• Link to cloned site
• Log in w/ personalinformation
• ID theft playerimpersonationplaying credit
  theft digital data black marketing

Phishing Site Screenshot
17
Cyberextortion Crime Networks

• Between 2000 and 2006, hundreds of gambling sites
  targeted for hundreds of millions of dollars
  
• British bookmakers alone in 2004 lost over 70
  mill. to cyberextortion groups
  
• DDoS attacks digital shakedowns
• Network Organization organizers extenders
  executors
  
• Lateral networked structures
• regenerative characteristics
• minimum personal contacts
• virtual recruitment via online mediums

- dispersed automatic hierarchy of authority
- top-down compartmentalization operation
- fluid flexible modus operandi
18
Tax Evasion, Avoidance Crime Networks
Computer Emergency Response Team - Laboratoire
d'EXpertise en Sécurité Informatique
(CERT-LEXSI) (2006). Online Gaming Cybercrime
CERT- LEXSIS White Paper, July 2006.
19
Tax Evasion, Avoidance Crime Networks

• Uvari Group
• Illegal gambling
• Criminal members scattered globally
• Intermediary between gamblers and sport betting
  companies
  
• Use of virtual and terrestrial Sites
• Uvari group opened accounts for players in
  offshore markets Isle of Man, Curacao, etc
  
• Traded player identities for incentives, bonuses,
  and tax benefits
  
• Created hundreds of dummy accounts in Uvari names
  tax evasion for players on wins and tax
  deductions for losses for Uvari members on dummy
  accounts
• Family bonds entrepreneurial ties
• Flat networked structure no hierarchy

20
Money Laundering Crime Networks
Gambling sites as laundering enterprises

• Used shell corporations bank accounts worldwide
  Central America, Caribbean, and Hong Kong to
  clean illicit capital
  
• playwithal.com
• 40,000 customer accounts were used to move money
  through gambling sites to offshore banks
  
• Family affair
• Giordano (organizer)
• son-in-law (controller)
• Wife daughter (finances)
• Other members
• Clerks runners enforcers

21
Characteristics of Crime Networks

• Structured as businesses
• Global in scope and modus operandi
• More complex division of labour
• Greater organizational prominence and
  persistence
  
• Substantial financial takes and more complicated
  modus operandi
  
• Dot.cons networks international pods of loosely
  connected groups
  
• Networks as nodal contact points for crimes
• Rhizomatic structures/regenerative
• Yet crime assemblages were higher risk events
  fusion of internet galaxy and terrestrial world
  
• Greater police ad private security interest
• The dialectics of techno-war opportunity
  reduction remedies vs. counter detection
  measures
  
• Private fiefdoms of security vs. industry-wide
  security
  
• The rise of civilian strikeback measures

22
Legal Challenges

• Revise standard laws
• Up-to-date technically
• Enact legal definitions for virtual
  environments
  
• Harmonize definitions within nation states
• Harmonize Legal Matters Across Jurisdictions
• Legal definitions
• Licensing agreements
• Evidence Admissibility
• On-site audits/inspections

23
Legal Challenges (ctd)

• Strengthen Transborder Enforcement
• Unified Legal Permissions
• Harmonize policing standards re search
  seizure, intangible data, warrants,
  notifications, and storage of evidence
  
• Calibrate judicial approvals for the management
  and execution of intercepted data and decrypted
  data so as to permit wide use in multilateral
  contexts
• Improve market solutions to cybercrime
• Extend rationalize relations between public and
  private security
  
• Create industry-wide benchmarks for cybersecurity
  that are cost-effective and applicable to all
  
• Establish new modified legal environments to
  galvanize better technical preventative
  market-driven crime solutions

24
Thank youQuestions?
John McMullan, PhD Saint Marys University Aun
shul Rege, PhD Student
Rutgers University