When I was asked to look at suspected blackjack cheaters I rarely bothered trying to see if they marked cards or whether their glasses were funny. All I really did was see whether their obvious deviations from basic strategy made sense given the dealers hole card and/or first card off. If that was true and he was winning, he was cheating. I didn't have to figure out what he was doing to know that.

Likewise that is the crux to catching online cheats of every stripe. Since cheater catchers online are able to see every card this should be easy to do. The difference between blackjack and poker is that the cheater need not be a winner. Because unlike blackjack he could be dumping chips to others. Furthermore the poker cheat might engage in a lot more camouflage than the blackjack cheat because his edge is greater, he might have partners who he shows off that camouflage with, and he knows he may be under serious scrutiny.

Any smart superuser, besides having confederates to dump chips to and help with camouflage, would follow a few rules if he thought he might be being watched.

1. Be very aware of what his reasonable plays would be if he saw no cards.

2. Stick with the reasonable play unless he substantially increases his EV by doing otherwise

3. Never choose an absurd play even if there is a big EV gain.

This strategy is almost undectectable. The problem with this strategy is that it doesn't win very fast. Since most cheats are greedy they will probably push the envelope. At that point a good analyst will probably catch them.

I'm sure that much of what I just wrote is nothing new to many of you. Which is why Cake should consider hiring some of you. In fact I myself have permission from Mason to offer my services (at an exhorbitant price) and if they accepted I would take on some of you as assistants.

Awesome post david, I agree

I haven't been following the Cake scandal closely, but them paying you exorbitant fees seems incredibly stupid because if you find something it is horrible for them and if you don't nobody will care because smart superusers are too hard to find based on HH anyway. And after the AP/UB thing anybody with superuser capability would have found somebody competent to run the poker aspect of it. Or atleast thats what everybody will think.

I have a lot of free time and would be happy to help in said situation

You could say that about their decision to hire anybody who the public knows is honest and competant. But there might be a few extra upsides in some people's mind if it was me. Many have already been clamoring for Mason burt he is not interested.

I'd imagine he's far too busy amirite?

I agree w/ everything you say David, but catching a superuser would be much harder than catching a blackjack cheater. Most lines poker players take can be justified by some kind of logic, so it would be hard to prove unless he took a bunch of absurd lines and was crushing the game. If the superuser is 1/2 smart w/ some poker knowledge, he should be very successful without being caught imo. The good news is most superusers, well the ones that were caught, are either not so smart or lack poker knowledge.

some day a site will see the upside to going the extra distance instead of the shortest distance on an issue like this.

and I see Lirv has already shown up before my obligatory "let LirvA sort it all out".

meh, id agree in general that someone good would be pretty much undetectable but not everyone is good at poker or has enough common sense to get someone that is. also due to high stakes action being scarce there if there was one or more they could have gotten greedy and been sloppy w/ how they won the money. its def worth a look but its also possible that there was 1 or more that were in the hands of capable ppl and they flew under the radar.

Your site david has helped keep online poker 'clean" for the most part. Many users here are the "sheriffs" of the online poker world.

Even if the superuser stuck to alternatives that are completley justifiable it would start to become noticeable if, when he had more than one reasonable alternative, he always picked the one that was clearly better, (given the other's hole cards).

Meanwhile I think it is fair to say that even if cheaters were especially careful the last two weeks, they would almost certainly have been at least a bit more sloppy the previous eighteen months.

you should definitely hire Mookman5 that dude is dedicated

It's a matter of making sure the people looking know what they should be looking for and frame the hunt with that in mind.

I think Noah said it in the other thread, the people looking should be suspicious of what they may find. Curious may be another word that works there.

Fundamental theorem of online poker:

"Every time you play a hand differently from the way you would have played it if you could see all your opponents' cards, they gain; and every time you play your hand the same way you would have played it if you could see all their cards, you're cheating. Conversely, every time opponents play their hands differently from the way they would have if they could see all your cards, you gain; and every time they play their hands the same way they would have played if they could see all your cards, you lose."

j/k obv and a 2+2 committee given access and authority to investigate cheating would be amazing.

Woops, I just now read what the problem with Cake actually was. I hesitate to boost your healthy ego, but I think you might be the absolute best person to lead the lead the investigation. No matter what, there is going to be some chance that money was stolen and just was done well enough to avoid detection, but you getting full access would do more than anything else to help build back their reputation.

Superusers are a slightly different problem than packet sniffers; and my understanding of the Cake security issue is that they've made themselves vulnerable to easy attacks by packet sniffers.

Superusers, being insiders, have an interest in the site where they operate continuing to appear to be on the level. Packet sniffers don't have that interest. If a disposable account gets burned, the perpetrator can open up a new disposable account. Superusers will be more discreet along the lines David suggest. Packet sniffers will rape and run with more blatant moves.

And I think that while poker-aware people like us would be useful in sniffing out either sort of hole-card-sharing exploit, what Cake really needs right now is an independent security audit by someone with serious computer security chops. Bruce Schneier comes to mind; if he's booked, I'm sure he could easily give referrals to dozens of other security consultants.

David, Nat in the other thread admitted that he told Lee that the two people (one of which he recommended personally) who would be doing the investigation would be completely useless in terms of finding anything but the most obvious kind of superusing there is.

Lee apparently said something to the effect of "it's cool, we're doing our own investigation"

Basically, this investigation is useless because they're not doing any in depth statistical analysis, etc...they're just going to review a couple of hands, looking for obvious detection mistakes even Potripper wouldn't make, and come back here to declare that they did "audit" Cake and didn't find anything, which is exactly what Cake wants.

I would love to see you audit that place, but it's obviously never going to happen.
First they would have to spend money hiring you, and then spend money reimbursing the victims of the superusing that's probably been going on over the 18 months during which there was close to no encryption on their network...

The team that Lee choose for this is lacking.
Adanthar has conflict of interest and I wasn't impressed with his posts on the issue...at all.
Yellosub I don't even know let alone trust.
I suggested Mason because I remember few years ago he offered AP to head investigation if I remember corectly.

I approve of Sklansky though, I'll take his word on it and I believe he is capable of doing a good review of the HHs.
I think NoahSD doesn't mind to give it a shot too.
I'm fine with that.

Yea, agree w/ you. It would take a lot of hand histories to reach this conclusion tho.

Detecting a packet sniffer should be pretty straight-forward given all of the info available. Chances are a packet sniffer is exploiting a single account, since he spent the time to sniff a wireless network and then sat around and prayed that they played poker on Cake. Once you find someone like that, you don't just abuse them once and move on, you hammer the sh*t out of them for as long as you can. Which means they should start by looking at the most money moved between 2 players, and then look at the hands they played together and their seating tendencies at the table (the sniffer would always be sitting down after the mark had already sat).

It's much tougher if the hacker is exploiting someone for a short period and then moves on to another target, but the # of people who play on Cake just isn't nearly high enough for a hacker to even consider doing. If someone did use this hack, chances are they just kept exploiting the same target for as long as possible.

Of course, the hacker also has the player's username and pw, in which case he should just do a money transfer or chip dump by playing on both accounts at once. In this event, it's still super easy to catch him since the victim is going to send in an email saying "wtf my account is empty".

That's why you are the best.

thanks for the post DS.

good point.

DS, I'll take that assistant job for a relatively ridiculous hourly as well

From the numerous correspondences I have had with people who have been compromised (due to their PC being infected, and a perpetrator watching their screen in real time in HU matches, AIM/email compromises, etc), the best way to detect such things, is obviously a statistical analysis of hand histories (ie noah SD); but there will be room for doubt even if it is done, if as David said in teh OP the perpetrator has poker knowledge to mask the obv (calling down with 10 high etc). the nail in the coffin though, if we had access, is statistical correlation of account information, I currently have a web analysis, of current suspected cheaters (email, aim, IPs, suspected geolcation, modus operandi etc) the only real way to get to prove guilt though is 100% cooperation w/ the sites so we can look at chip dumping, association with other accounts, limits played, time of activity on teh account etc.

http://www.paterva.com/web5/


might come in handy if anyone is into these things

Great post, I'm no expert, but have tried to follow all the cake security issues recently, due to the fact I've played 200k+ hands there in the last 2 years.

Now from what I see shouldn't PTR be invited to help here, they found the leak, they clearly are 'for the players' and have the technical side in place to help any investigation. So why not link whoever they want on their side, with PTR and another independent expert such as David, and let that team get to the bottom of this mess.

Also if anyone can suggest further ways I can check my own HH's for obvious superuser accounts then please let me know.