Just Conjecturin', Volume 12: The Absolute Scandal and the Day Occam Rolled Over in His Grave
One of the things that was amusing to me when I was recently forwarded information on the Absolute Poker online scandal was that attached to the account information for "PotRipper" was a screen grab, presumably done internally, of the IP address 18.104.22.168, which back in October of 2007 became vital as investigation into that infamous tourney continued. I've reformatted the table I've received just a hair here to make it fit better, though the data itself is as I received it, right down to the background colors:
(Larger version of image also available at http://img80.imageshack.us/img80/8643/coffbscott01.jpg)
I chuckled when I saw this, for not only did I know what it was, but I doubted that the sources I'd received the data from knew that I'd already seen the same thing, way back when the scandal was breaking. It made the information that I'd received that much more believable -- an unknown seal of authenticity, if you will. Matter of fact, I'd had that different version of the same information in my AP scandal archives ever since: It also appears, in different form, within Marco "CrazyMarco" Johnson's famous spreadsheet of the PotRipper affair.
I've recopied those lines from the original spreadsheet Johnson received into a separate spreadsheet page, which look like this (the extra fields are associated with the chip counts themselves during tourney play, and were "0" for all non-playing observers):
(Larger version of image also available at http://img80.imageshack.us/img80/3558/coffbscottcrazymarco.jpg)
What both images show are the "observer" table log-ins for the famed "PotRipper" cheating tournament, for IP address 22.214.171.124, one of the same IP already tied to Scott Tom through other means. The PotRipper account itself played at Table 13 for almost the entire duration of the tourney history captured in that spreadsheet, and it was the "email@example.com" account, whatever its name was, that by all indications was logged in from the same computer that had access to the "superuser" software. While I would normally redact an address such as that, its involvement in the PotRipper fraud was so seminal that it cannot be omitted from this story.
There were lots of people poring over that spreadsheet back in the last part of October, 2007 -- players, a couple of writers (including me), and other interested observers. It was obvious that the "firstname.lastname@example.org" account was the key, for the bizarre, obviously-cheating play by PotRipper not only began the very hand after "email@example.com" began to monitor the action, but this observing account never left Table 13 after that point. That in itself was highly unusual behavior, because the spreadsheet captured well over an hour of the entire tournament play, and nowhere else, to my recollection, did an observing account sweat any other table in this manner. It stood out in a big way.
Other investigators were looking into some of the other players, as was I, and I got the idea to search on that IP address: 126.96.36.199. That's when the single check-in/check-out of the same IP address popped up, but with a different e-mail address (firstname.lastname@example.org) and at a different table (Table 9). I was in chat that evening with other people searching into various things, and I typed something like "Hey, check out that email@example.com address and domain. It might lead to something."
It was my one small contribution to that investigation back then, though others did far more, and for all I know, someone else also might have been searching on that domain already. Still, if not for that brief, one-second click-in to check something at another table, perhaps even done by mistake when some tables were broken down into others, the firstname.lastname@example.org connection to all of this might never have emerged. At least that's how I remember it.
The chat came back to me all excited, and again, this is a re-creation based on my memory, as I'm not even sure which chat system we were using though I think it was MSN Messenger back then. It went something like, "That's it! That domain points to another company with Absolute Poker! How did you know?"
And I responded that I didn't know, it was just that the domain part seemed odd to me. It smelled bad, seeming to be out of place in an exceptionally corporate way in a sea of so many yahoo.com and msn.com and similar log-ons as used by most Internet players. I'd had experience with holding companies, and this address just seemed wrong. I'd scratched at that itch.
Within minutes the information had found its way into the investigatory threads then going on at 2+2 and PocketFives, but it was only a short time later -- perhaps an hour -- that I received another chat. It went something like, "They've just changed the domain info! They're covering it up!"
And indeed, to this day I believe that's what happened; the cheater(s) was or were in panic mode and when they saw the "rivieraltd.com" name mentioned on the forums, they immediately went into their domain registration access and changed the entry. It was either that, or they had changed it hours or days before and it had not just propagated yet, which would have made our find extremely timely and lucky. A simple search on that domain info today provides nothing of value; one would have to purchase the historical domain records to access the changes that have occurred, though that's hardly a prohibitive expense.
In any event, it was still just a bit later that very same evening that I received yet another chat message, which was something like: "We had a way to check that IP address, and it goes right to Scott Tom's house!"
To say I was flabbergasted at that news was an understatement. I fully expected at that point that the domain would trace to Canada or Costa Rica, perhaps even to a corporate block of addresses connected to AP, but to have it be reported back to me as a Costa Rican residential IP just floored me. It made no sense. If someone was doing it to set up another person -- in other words, to frame Scott Tom -- then they had to be both brilliant enough to plant some random phone-company or ISP dude to tell us the IP address traced to Scott Tom's house, while at the same time being stupid enough to cheat in the ridiculous manner demonstrated in the PotRipper tourney.
Occam, as you surely know, refers to Occam's Razor, that idiom that states that the simplest explanation for a series of events is also the most likely. The contrapositive to the idiom (the other true statement that can be derived, if one believes ol' Occam) is that as an explanation becomes exceedingly complex, it also becomes exceedingly unlikely. Expecting someone to have framed Scott Tom in the way the evidence rolled out would have required planting evidence in a whole bunch of different files, including this specific one-second click-in on a different table during this table, somehow setting up some faked home-ISP stuff in advance, being powerful enough to be able to change domain registrations on the fly, yet being so lacking in oversight as to think that calling an all-in bluff with 10-high for several tens of thousands of dollars of real prize money wouldn't arouse suspicion. And mind that this wasn't the only episode of cheating going on; it happened to be the one that drew the most attention, and even this one was denied by AP for weeks afterword.
The greater question was, if Scott Tom somehow were being framed, how could someone set up such a ridiculously perfect frame and still have no knowledge of how the core game -- poker, and how it is played... or badly cheated -- would be an impetus for others to search for the cheaters?
The overall mix clearly violated Occam's Razor. The far simpler explanation was that the cheating was done with arrogance and impunity by a person or several people with enough internal power to strangle any inquiries, should they arise. The problem with that attitude has to do with human nature; when people get screwed, they have this curious tendency to fight back. It instead likely meant that it wasn't a frame, and that people were getting fed up with whatever brazen shenanigans were going on.
As for those addresses, and related matters....
The "email@example.com" address, to the best of my knowledge, has never been publicly released, though it is of course vital, given the later cover-up by AP, Blast-Off (Tokwiro) and quite probably the KGC.
Note that the "firstname.lastname@example.org" address is not the same address that adorned the PotRipper account when the screen grab that I published (previous post) was obtained. This would not be absolving or incriminating on its own in either event. Not only was an active coverup in progress in the days immediately following the PotRipper affair, meaning account information could have been changed, there's also no reason to assume that Scott Tom and/or cohorts used only two computers. There always had to be at least two -- one for playing and one for observing -- but the fact that there was excessive chip-dumping between cheating accounts during other episodes suggests that three or more could have been in play, at least two of which would have been active at the same table.
In addition, Scott Tom had access to many dozens of accounts that were created, all of which were shown be associated through the company's own internal ieSnare traces. Each of those would have had a separate e-mail address, so there had to have been lots and lots of extra e-mail addresses being used in connection with these accounts. I have info regarding some of those accounts, and will share that the next time out.