Monday, February 28, 2011

Just Conjecturin', Volume 29: Inside the Makar Email

It's been a busy couple of weeks dealing with the latest revelations emerging in the UltimateBet online cheating scandal, triggered by Travis Makar's cold-call into the Donkdown radio podcast over at Donkdown Poker. Makar and the DD staff have had several contacts since then, with Makar forwarding a somewhat redacted version of an e-mail he had obtained at some point, with the e-mail clearly showing how the "God Mode" cheating ability was set up and delivered to cheating participants. A DonkDown forum member ("dougmanct") quickly helped decipher an old version of the UB client software and uncovered a hidden resource entry which seems linked to the God Mode ability. That string was "SuperAllah7642". Although this entry was changed from time to time, it now seems as though we have an answer to where the nickname "God Mode" came from -- it was a programmer's inside joke.

But that's not the point of this Volume 29. Instead, let's take a look at the image of the e-mail that Makar forwarded to Bryan Micon, which Micon then posted in this thread:



You can click on that image to view a larger version.

Let's take a look at the blacked-out bits as we also absorb the meaning of the message, which confirms various allegations that updates to God Mode were sent out via e-mail whenever the client program itself was updated. Indeed, God Mode ability was hidden within the generally download-able version of the UB client software, which is probably less shocking than it might seem when one remembers that the tool's original purpose was as an internal auditing device -- complete with either a 30-second or two-minute delay (accounts differ) -- and a lot of people could have had cause to use it in its original form. The delay was later removed and the tool was converted to its notorious cheating purpose.

'Tis true: If anyone also had the right account name(s) and password(s), one could install and run God Mode from any computer where the UB client itself was already also installed.

About those blacked-out bits.... They are clearly the e-mail addresses and actual names associated with the God Mode cheating, all in addition to Russ Hamilton, according to Makar. We also see the tags "superuser1," "superuser2" and "Programmer," which Makar probably added in via MSPaint or similar when he blacked out the names.

Let's save the "Programmer" entry for a later date. (I don't know for sure who this is likely to be at this time, anyway.) But the other two superusers? That's a different story. And now is as good a time as any to move this investigation forward.

I have very strong reasons to believe that "superuser1" will turn out to be company founder Greg Pierson, and I will devote a very lengthy Volume 30 of this series to laying out the extensive circumstantial case that points to Pierson. It's a post I've delayed writing for quite some time, partly in hopes that a true smoking gun would emerge to buttress the many puzzle pieces I've already obtained. It's also a distasteful post, as it goes into motive for the entire UB cheating scandal getting started, something no outside investigator has yet adequately explained.

I suspect that the blacked-out filename will turn out to be something that can directly tied to Pierson as well, on the order of "G_Pierson.reg" or similar. I'm quite certain that at some point an unredacted version of the snapshot Makar sent to Micon will emerge, and we will all know for sure.

Makar and others among my sources have alleged that there were three or four primary cheaters, and if we add Pierson to Hamilton, that makes two. So what about the others, and that mysterious "superuser2"?

Here's where we can take a bit of a detour. I've mentioned before that I've been fortunate to receive credible info from a number of sources, more than a dozen at past count. I've received stuff from two or three anonymous tipsters as well, including the stuff about the brainwashdodo blackmail game that Paul Leggett was finally forced to acknowledge.

In the category of "Can I really give this any credibility?" came a brief e-mail exchange with another anonymous e-mailer, who shared his own hearsay with me a year ago. He wrote this, in part, in one of our e-mails. I should also add that this source did not come across as a kook, as a few other anonymous tipsters have, and I don't count those in my running totals. Still, anonymous tipsters are often like free advice; you get what you pay for.

But here's a snippet now worth revisiting:

"I have fairly reliable information that Mansour [Matloubi] cashed out his stake in UB for $60,000,000 well before the cheating scandal broke. I'll say just that I know a lot of the same people he does and have met him a few times - and was told this by a mutual friend."

We checked back and forth to determine exactly when he heard this, and the hearsay dated from July of 2008, precisely the same time frame when brainwashdodo was playing his semiprivate games, and also about the same time that the ownership entities behind some 56% of the outstanding Excapsa general stock were leaked as part of an internal power move.

However, there was a hitch, and it also brought up a nagging question I'd had about one of the stock numbers in those proxies, specifically Matloubi's. Those proxies showed him as an owner in July of 2008, but with only three million shares (about 1.5% of the total Excapsa stock), a number which then as now seemed abnormally low given Matloubi's prominence within the company. According to my sources, Matloubi was the day-to-day operational boss, the true "manager" of the online room.

So I went back to this unknown source who nonetheless seemed to be sharing a tale, suggesting that the $60 million cash out seemed too high given the generally accepted value of the company at the time, which was about $135 million. And the tipster agreed with that part of it, writing this:

"3 million shares out of 200,000,000 - so 1.5%. Looks like he dumped a large chunk of shares somewhere, he was one of the original founders. The 60mil figure may have been exaggerated, as 2nd and 3rd had numbers often are - though I guess that still leaves him as a minority owner of the site(s) at the time of the scandal.

"Just checked my emails and my friend said exactly this "Monsour sold off his stake a few years ago for $60 million" - and email was eerily in exactly July of 2008. 2004-2006 if he owned 30%+ it's not outside the realm of possibility that he got mid to high 8 figures. I wouldn't be superusing if I had that kind of money..."


Nor would I, but money does different things to different people. There were also a couple of other interesting swirls of smoke regarding Matloubi. One was the matter of Matloubi turning down an invite to the same 2009 WSOP Tournament of Champions freeroll that Russ Hamilton was essentially barred from appearing in, while Matloubi at the time was welcome to appear but chose not to, despite this being a televised freeroll with significant image value for its participants.

I was there, one of only two writers actively covering that event, and I asked about the Matloubi no-show. The reasons told to me for Matloubi's non-appearance seemed sketchy at the time, and they haven't improved in the duration. Also unexplained and occurring in the same timeframe was Matloubi leaving the United Kingdom and relocating to Thailand. There are a couple of other significant UB investors who are either from Thailand or have spent extended time there, but it was still something worth pondering... especially since this was in the same timeframe as the David Carruthers arrest and significant news explorations of the extradition pact between the US and UK, post-UIGEA, that seemed to open the door for UK citizens and residents to be seized and sent to the States.

There was not, however, an active smoking gun of evidence pointing at "Shah". Just a lot of smoke and haze, and now we have even more of it.

Let's go back to the blacked-out bits in the Makar e-mail. I've said before and I'll repeat it here that while Annie Duke and Phil Hellmuth were prominent faces for the UB site, the evidence I've seen and the tales I've been told strongly indicate that neither Duke nor Hellmuth cheated. They didn't use God Mode, and that part of it seems clear. I bring this up because we can look at the blacked out name for "superuser2" and see that neither "Annie" nor "Phil" would fit in that spot, given the font (some form of Times Roman) and the approximate number of blacked-out letters. "Duke" is way too short and "Hellmuth" doesn't fit either, as one can easily see by this comparison of Makar's screengrab with some letters I've typed in using a slightly different version of Times Roman:



My version of Times Roman is slightly different, but "Hellmuth" clearly does not fit. "Greg" would be too short, but what about "Pierson"?



Nope, no good there, either. Now let's take a look at "Mansour" and remember again that my font version is just a hair different, as you can confirm by comparing the two instances of the lower-case "g". But this is scary close:



Beyond the size match, that could very well be an upper-case "M" peeking out from the start of the "superuser2" entry, and an "r" is one of the very few lower-case letters that could complete the name and still allow the proper leading and spacing for the following word, as it appears in Makar's e-mail. And a third point is that Makar's black-out of this name does not always go all the way up to the top of the presumed upper-case "M", and all the "short" letters in "Mansour" occur exactly where they would need to to make the black-out by Makar appear as it does. (Oddly enough, "Matloubi" is also a reasonable space-fit, but I think the middle tall "l" and concluding "i" cause issues.)

Yes, it's conjecture, not proof. It's also a bit of muckraking, and dear PRR hosts, just wait 'til Volume 30. I'm not nearly ready to indict Matloubi based on this stuff, but I will say that I had just about convinced myself that the UB cheating was masterminded by Hamilton and Pierson as the primary pair. I'm not sure as yet who could be the major fourth cheat, if there were indeed four, but I think I'm now willing to reconsider Matloubi as part of what might now seem a three-headed beast.

As always, time will tell. Motivations of those involved were destined to change over time, and the eventual revealing of the true story was always destined to happen, due to economic pressures if nothing else. I can't wait.

Wednesday, February 23, 2011

Just Conjecturin', Volume 28: The Brainwashdodo Correspondence

Continuing from the last time out, it was last fall when I was contacted by an anonymous source via e-mail who offered to share with me a few documents relating to the mysterious appearance/disappearance of a poster called "brainwashdodo" on the 2+2 discussion forums.

I'd already had brainwashdodo ID'd to me by this time, but I'd held back from publishing it, seeking confirmation, not wanting to accuse an anonymous man of blackmail without, as the saying goes, checking it twice. This new source and I tested each other on a few things before he decided to trust me and send three documents, two of which were clearly related to brainwashdodo. One of those was an e-mail exchange between Cereus CEO Paul Leggett and brainwashdodo, and the other was the work resume of the real man behind the "brainwashdodo", a Costa Rican former Cereus CR worker named Zoltan Rozsa.

But of course, as I also mentioned last time, it was still an anonymous source and the documents came with some strings attached. Quoting from an August 30, 2010 email:

This stays between us until I say, ok? you can talk about it just don't show the files this is the first part of trusting each other. The things I have been telling you are not what I have heard, I was there on everything[....]

I will look for the first part of the email about Paul offering the 80,00.00 because when others got involved he started to play dumb and act like he was turning it over to the authorities,he tried to intimidate Zoltan by sending his bodyguards over to Zoltans house and set in their car out front.


I've made a conscientious effort throughout my writing on the UB/AP scandals to protect my sources, and this was an anonymous source to boot, which made me more than a bit suspicious, as mentioned last time out. It seemed legit, but I really, really wanted to be sure, and I also wanted to check on the potential legal issues involved, though the crimes the e-mails seemed to point to all were alleged to have occurred in Costa Rica, per other accounts of the matter I had heard.

But it was still worth going slowly, and then around the holidays real-life matters intervened. (Hence my hiatus.) But between last fall and now, two things have changed:

1) Travis Makar, generally described as Russ Hamilton's computer guy, came forward last week with much of the information I already possessed regarding brainwashdodo's identity and motives. While there was a chance that Makar had indeed been the anonymous source that sent me the files -- and no, I don't know if he was -- it was still a second real, verifiable person that had come out with the same story. So it was good to go, in theory...;

2) And when I tried to contact my original anonymous source to verify and ask for permission, I received this bounceback:

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

-------@------.com


Account closed, e-mail bounced. I can't keep a continuing promise to someone who has broken the lines of communication. Misquoting from National Treasure, which was on USA again last week, "The status quo had changed."

So, without further ado, the complete transcript of the partial e-mail exchange I had sent to me, between Rozsa and Leggett. The file is in its original form except for my redacting of the actual e-mail addresses, meaning it reads backwards, with the last messages first and the earlier ones at the bottom. The smoking gun appears well down, the same message published earlier today by DonkDown Poker showing Leggett's apparent willingness to negotiate, but for a lesser price than what was seemingly paid later on to Rozsa.

The complete transcript follows. Note that Rozsa's a native Hungarian:


Címtár


Gyors kapcsolatok


Zola (Hotmail)

null

Állapot beállítása




brokev7
♫working
David Clainer
viktor rozsa
brokev7
cashier1
[address redacted]
joecacca666
john.ethan
Paul Meghívva
picsaszar


Hi Zoltan,

I was thinking about it over the weekend and I have decided to not pay the extortion money. I will not participate in the extortion because our company has nothing to hide and I think it will increase the chances of future extortion against our company.

I have submitted reports of your crimes to the OIJ. I do not think you are a completely bad person and I am hoping that you do not release any of our companies information because it will leave me with no choice except to do everything possible to prosecute everyone involved in these crimes.

Paul
This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

[address redacted]

Technical details of permanent failure:
PERM_FAILURE: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 553 553 sorry, your envelope sender is in my badmailfrom list (#5.7.1) (state 14).

----- Original message -----

Received: by 10.150.122.13 with SMTP id u13mr9106373ybc.69.1214858422556;
Mon, 30 Jun 2008 13:40:22 -0700 (PDT)
Received: by 10.150.11.8 with HTTP; Mon, 30 Jun 2008 13:40:22 -0700 (PDT)
Message-ID: [address redacted]
Date: Mon, 30 Jun 2008 14:40:22 -0600
From: "Zola (Hotmail)" [address redacted]
To: Paul [address redacted]
Subject: Re: Text Message
In-Reply-To:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_19290_10341382.1214858422517"
References: [address redacted]

------=_Part_19290_10341382.1214858422517
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Paul,



Believe me, I am way more confused than you are right now. Your way of
----- Message truncated -----
Hi Zoltan,

If you are saying that you are giving up on the extortion and confirming that you will not disclose the information you took from us... I am very happy to hear this.

I realize that you do not trust me, and obviously it is impossible for me to trust you.

Before you decide to disclose any information, I would just like to reaffirm that if you do release confidential company information, I will be forced to involve the police in this situation. However, I would prefer to exhaust all avenues of negotiation prior to doing this. I realize that money is important to you and the confidentiality of our information is important to us.

If you want to meet I would be willing to give you a reasonable amount of money (much smaller than the amount you requested), but I need you convince me that day that you will bring all of the important information, and you will stop with the threats and illegal activities against our company.

Regards,

Paul

On 7/1/08 1:32 PM, "poker ass" [address redacted] wrote:
Hi,

I tried to respond 22 hrs ago, but you have blocked my other email addresses. The message was sent below.


……………………………..

Hi Paul,

Believe me, I am way more confused than you are right now. Your way of handling this matter, thought me a lot about you, the most important one maybe, that I can not really trust you. It is hard for me to tell you, how to proceed, which you always politely ask me in the end of your messages. I learned, if you say there will be a meeting, than five more email/text message lather you will confirm that the priority of our meeting is very low. Than stop communicate.

I am sorry, but I can no longer be your partner of arrange meetings, or wait for a business proposals. If you have any desire to meet me, you will do it in a casual way as a friend. Give me a call when you think it's appropriate, than we will sit down for a cheviche. I will never again go to meet you in a street, or any junk food rest, had enough of those.

If you wish to sit down with me for a talk, this is how I would like to proceed.

Regards,

Zoltan





2008/6/30 Paul [address redacted]:
- Idézett szöveg elrejtése -


Hi Zoltan,

I am currently in Canada. I am not back in CR until Wednesday morning. I am very confused by your recent emails and I do not understand what you want or are trying to achieve at this point. I am not concerned or scared by any threats that you send to me, which I think you have learned by now. However, I am willing to meet you and try to sort out this mess once and for all.

Let me know how you would like to proceed.

Regards,

Paul


Válasz Válasz mindenkinek Továbbítás Paul meghívása a(z) Gmail programba





"Zola (Hotmail)" Hi Paul, This can be a bit of a disappointment to you, but I need no money fr...
júl. 3.


Válasz


Válasz mindenkinek Továbbítás Nyomtatás Mail hozzáadása a Címtárhoz Levél törlése Adathalászat jelentése Eredeti megjelenítése Üzenetének szövege fura karaktereket tartalmaz?

Mail Delivery Subsystem saját magam részére
részletek megjelenítése júl. 3.
This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

[address redacted]

Technical details of permanent failure:
PERM_FAILURE: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 553 553 sorry, your envelope sender is in my badmailfrom list (#5.7.1) (state 14).

----- Original message -----

Received: by 10.151.155.10 with SMTP id h10mr1106509ybo.96.1215127689636;
Thu, 03 Jul 2008 16:28:09 -0700 (PDT)
Received: by 10.150.11.8 with HTTP; Thu, 3 Jul 2008 16:28:09 -0700 (PDT)
Message-ID: [address redacted]
Date: Thu, 3 Jul 2008 17:28:09 -0600
From: "Zola (Hotmail)" [address redacted]
To: Paul [address redacted]
Subject: Re: Was undeliverable?
In-Reply-To: <[address redacted]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_16934_ 24313566.1215127689625"
References: [address redacted]
[address redacted]

------=_Part_16934_24313566.1215127689625
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Paul,



This can be a bit of a disappointment to you, but I need no money from you
----- Message truncated -----




Válasz Továbbítás Mail meghívása beszélgetésre

Friday, February 18, 2011

Just Conjecturin', Volume 27: Uncovering Brainwashdodo

For all things there comes a time, and now is the time to return to the ongoing scandals at UltimateBet and Absolute Poker, in a continuing attempt to out all of the crooked people involved. This time out we take a bit of a detour and explore not one of the corporate bigwigs, but rather the bit player whose personal greed ended up outing Russ Hamilton as one of the primary cheats behind the UB mess.

Hamilton's involvement became apparent after a series of posts on the 2+2 poker forums by an account called Brainwashdodo, which was posting from Costa Rica, where by 2008 (and the appearance of these posts) the call center for the combined UB/AP operation was located. Brainwashdodo's posts were suspicious from the start, not because of the explosive data within but because of the veiled threat attached that there was much more that would soon be released. It was as if 2+2 was being used as a tool of blackmail, and sure enough, the posts from Brainwashdodo soon stopped, with only Hamilton directly outed as a cheating conspirator, even though indications pointing to several others were also present.

And now, in true Paul Harvey fashion, the rest of this particular sideline story.

I've accumulated lots of sources during the past three years of investigating and writing these and other pieces, on both sides of the UB/AP aisle. People who think that such-and-such a person must be "my source" are just wrong, because my work has been an assemblage from at least a dozen well-placed people... even if none of them ever knew the whole story about everything, due to the incredibly tangled net that was in play. But as for brainwashdodo, I soon received little pieces -- first from one source, than a second... then a third. The name, the background, the story behind brainwashdodo, it all came out in little bitty chunks. He was described to me first as a $3.50 an hour customer service rep with a clue -- he knew that the stuff he had was dangerous... and it seemed he'd cooked up a plan to personally profit from a chaotic situation.

Later on I got his full name, then still later supporting documentation for the blackmail attempts. And yet I held back -- because what if it was somehow forged? The hardest of the documentation itself was received from an anonymous source, too, creating another set of concerns. I needed to know that this was indeed the story behind brainwashdodo beyond any reasonable doubt, and today, at last, that final glimmer of doubt has been removed. I will not publish that documentation quite yet, but I will say I am in possession of both brainwashdodo's personal work resume and background, and an e-mail exchange between he and Paul Leggett regarding potential "compensation" for brainwashdodo's info. I was 99.44% sure the stuff was legit anyway, but after reading a transcript forwarded to me earlier today, it's time to open it up for everyone.

That transcript was from a recent Donkdown Radio podcast were Micon and Druff were graced by a phone call from the mysterious Travis Makar, who has often been described in scandal-related postings as Russ Hamilton's right-hand man, though some of the stuff I've been told painted a different tale. I've read the transcript, and it is indeed the real Travis Makar, as he mentioned a couple of specifics that no one other than the real Makar would know. They are also different specifics than those confirmed by Mookman and RolloTomasi, who were present in the chat room during the conversation. Be it also stated here that while I have -many- sources, none of those to date include Travis Makar, unless he's one of the two or three anonymous ones that have still provided credible data. To the best of my knowledge Makar had gone completely and utterly to ground, though that now seems not to be the case.

Okay, enough of the foreshadowing and teasing. It's time to get on with.

Based on all of the evidence at hand, I can no longer see any reasonable doubt nor need to delay publication. Brainwashdodo's real identity is Zoltan Rozsa, a presumed former AP customer service worker. Rozsa is a Hungarian national who worked in Canada for several years, working as a tour guide and carpenter before becoming involved in the online-poker world, and he relocated to Costa Rica to continue working with AP.

Now on to the real dirty stuff. When the cheating scandals broke, Rozsa somehow came into possession of many incriminating documents, though I now know he was far from the only one to do so. A lot of people were (rightfully) interested in covering their own ass, and a lot of people are still sitting on caches of important information. Rozsa was not, to my knowledge, the only customer-service rep to make copies of suspicious activity, and of course many of the bigger names already linked to the scandal had their own reasons to save things as well.

But unlike many of the others, Rosza at some point decided to make use of his knowledge for personal profit. The story I was told, long before I ever received any hard documentation, went like this:

1) Rozsa went to CEO Paul Leggett looking to get beaucoup bucks in exchange for his cooperation;

2) Leggett gave the matter some thought, but decided not to pay. Leggett instead decided to try to intimidate Rozsa by hiring some thugs to sit in a parked car outside Rozsa's apartment;

-- Aside: For those of you thinking the above is beyond the pale, just let it sit for a few posts, and we'll come back to it at some point and see if it makes sense. There were some strange things going on in Costa Rica, including a couple of pathetically hilarious Scott Tom anecdotes I've yet to share.

3) Rozsa, turned down by Leggett, gets hold of Russ Hamilton instead. Hamilton recognizes that he's already burned and that there's worse dirt to come out, and he immediately calls Leggett and says, "Are you crazy?? Do you realize what he has?" In any event, though, it's Hamilton that pays some amounts to Rozsa, and Rozsa duly ceases posting on 2+2.

I had been told by one of my most trusted sources that Hamilton initially paid Rozsa $80,000 in 2008, although Travis Makar in his Donkdown call-in said that no, 80 grand was the amount Leggett wanted to give Rozsa, Rozsa wanted more, and that Hamilton paid some other amount. I have also been told that Rozsa went back to Hamilton in 2010 for a second helping and received some smaller additional payment. I have not been able to verify this from additional sources, however, though I believe it to be true.

Indeed, a lot of the apocryphal tales I've been told still need verification, though I've been able to confirm many things not yet published. It was interesting to read Makar's account of the thugs parked outside Rozsa's apartment, because I'd heard that from a source not close to Makar. While it's not proof, it's unusual to hear the same story i two different ways.

What I can verify, however, is the nature of the exchange between Rozsa, who went by the tag "Zola", and Leggett. Leggett began his denial by writing, "I was thinking about it over the weekend and I have decided to not pay the extortion money." However, the exact nature of the information nor what the proposed business arrangement Rozsa had in mind is not included in the portion of the exchange I have received. What is included, though, is that Leggett slammed the door by reporting Rozsa to the authorities, these being rather more real authorities than those purportedly notified by the Mohawks of Kahnawake in their hilarious cover-up efforts.

Leggett wrote this to Rozsa:

"I have submitted reports of your crimes to the OIJ." The OIJ is the Organismo de Investigación Judicial, Costa Rica's version of the FBI. (Whether or not Leggett actually did notify the OIJ is of course another question.)

Anyhow, knowing that the information I have is indeed legit and that the information brainwashdodo holds is also possessed by others, it's time to swing the hammer again and knock down another wall. Let's see where the rats scurry this time.