Saturday, April 24, 2010

Just Conjecturin', Volume 11: Meanwhile, Over at Absolute Poker, It Seems Scott Tom Really Did It

You'll pardon this interruption from the ongoing conjecture about the UltimateBet online cheating scandal to visit the similar situation that unfolded during the same era at then-not-quite-sister-site Absolute Poker. While my investigation into the much larger cheating saga at UB.com* has always been rather clinical in nature, I've focused my attention on it for two reasons. First, the UB scandal was of much larger scope, a magnitude or more. Second, the AP scandal was more personal to me, because of the two -- not one, but two -- libel threats I've received in the past three years from Scott Tom, the then-official-boss at Absolute.

In any event, in trying to remain professional, I temporarily shelved the scandal involving my personal animosity in order to focus on the one that in solving would greater benefit the public good. While Scott Tom ran around threatening his silly libel suits against anyone that dared mention his name, trying to bully his way back into a position of industry responsibility, I let it be, even though I knew it was his name and e-mail account that was tied to the "observer" account monitoring the action in that infamous "Potripper" tournament cheating episode. Even though the IP address linked to that observing account was in turn traced to Scott Tom's house, it was hearsay evidence that wouldn't hold up in court on its own (like there was a court waiting to investigate this stuff, har-de-har), despite it being specific enough that falsification was unlikely.

Also, the preposterous stories that (a) it was A.J. Green (real name Allan Grimard) using Scott's house while Scotty was away on extended vacation, or (b) Scott's computers had been hacked into by another unknown villain, were just barely plausible enough in the absence of more evidence that they had to be let slide in major news outlets. Even if the ridiculous excuses were true, Scott Tom would still have been guilty of something best described as criminal negligence, for allowing his personal resources, as CEO or whatever of Absolute at the time, to be used in the theft of millions from Absolute Poker customers. It was almost as preposterous as the "low-level employee trying to prove a point" BS that Scott tried to peddle when the AP scandal first broke.

Yes, there were supposedly screen grabs showing some of the stuff, but they were quashed, too. Until today, that is. It's taken more than two years for me to obtain these, but I've managed to do so. With a little bit more of the background to follow, let's move on with this.

When the KGC handed down its punishments in the Absolute matter, they identified one person as receiving a lifetime ban from online gaming as regulated by the KGC, while a second person got the boot for a one-year period. Neither person was named, to the KGC's lasting shame. It was always presumed by observers that Green/Grimard got the lifetime ban, while Scott Tom received the shorter penalty, which he then subsequently was able to argue the remainder of away before the year was fully served by continuing to press his mostly spurious case... and perhaps apply other financial pressures.

The greater truth? Grimard and others may or may not have been heavily involved in the cheating, but Scott Tom was the real force behind the ongoing scandal at AP. While there is a miniscule chance that the evidence was somehow doctored itself before it reached me, its content correlates so well with what I'd already learned elsewhere that I believe it to be genuine. In full and honest faith, I believe the images you'll see to undoctored, and that Scott Tom himself was the primary Absolute Poker cheater.

One of the things that happened after AP bought UB was that UB's "ieSnare" anti-fraud tool was enhanced, to be able to look at the AP customer base as well. The snares were done by screen name, not player ID #, and could be directed to look at games running on either UB or AP, or both.

Scott Tom created a UB account, "PotChopper", in June of 2005, about the time UB and AP began to get buddy-buddy. The basis of that growing closeness was a budding friendship between Tom and UB boss Greg Pierson, though for the moment that digresses from this storyline. I normally would black out certain items of personal info but it hardly seems necessary here, since:

a) The given street address is an SBO box;
b) the home phone number given was actually that of AP's customer-service switchboard at the time;
c) Scott's "stom@fiducix.com" e-mail address is already all over the web anyway in connection to the scandal.

Yeah, go ahead and chuckle at the "PotChopper" bit. Here's that screen grab:



Clicking on the image should open a larger version of the above, and it's also stored independently online at: http://img18.imageshack.us/img18/6416/scotttom1.jpg

Now, part of the ieSnare's capabilities was, that as it built its relational database, it assigned a sequential device number to all new computers ("devices") that logged in. I believe this was derived from each computer's physical MAC address, one of the unique identifiers that a modern computer carries. In any event, Scott Tom's primary computer was assigned an ieSnare ID of "11451887" as it related to his account at UltimateBet. Here's visual evidence showing his log-ons at UB via his "potchopper" account:



(Larger version at http://img88.imageshack.us/img88/3750/scotttom2.jpg)

The snare also grabbed the originating IP address for each log-in and assigned an "NUID", an internal identifier, based on the computer's physical ID. The exact nature of the "NUID" field has not been explained to me, but it may include a modifier based on the type of hook-up itself (i.e.: being hard-wired in versus using a wireless modem, or something similar). In any event, no matter where in the Caribbean Scott Tom logged in from, he was assigned either "24877017" or "24902502" when doing so as PotChopper. I suspect that "24877017" indicated his laptop in wireless mode, given Tom's island-hopping nature.

Now, when the ieSnare query was extended down the AP side of operations, based on Scott Tom's user ID of "11451887", it showed a direct link to several of the major cheating accounts. When run against that AP side, that same ieSnare produced the following for the account "PotRipper", that infamous account used in the cheated tournament that polarized the whole investigation. Here's the screen grab of that snare:



(Larger version at http://img219.imageshack.us/img219/2089/scotttom3.jpg)

It's the same device number, and in four of the five cases, the same NUID Set # as well. The fifth was generated at almost the same time as the one immediately below it in the list, suggesting that the two log-ins were related in another way. The top line in the screen grab, for September 13th, 2007, is for the span of time covering the $1,000-buyin Sunday tourney that PotRipper won through blatant cheating, meaning this is indeed a snare of the computer physically used to do that cheating.

But wait, there's more, much much more, though I'm only publishing a small percentage of it today. Device "11451887" (a/k/a Scott Tom) was tied to more than just the PotRipper account; it enjoyed a lengthy relationship over long stretches of time with several of the major cheating accounts. Here's how the "11451887" snare connected to cheating account "Graycat":



(Larger version at http://img219.imageshack.us/img219/2046/scotttom4.jpg)

Same user IDs, same NUID assignments, same originating IP addresses, etc., and this screen grab just shows the final two weeks of what was a much longer history for the account. As you'll see in a bit, the "hacking" story doesn't wash, not that it ever did.

Here's the same thing for cheating account "Doubledrag":



(Larger version at http://img219.imageshack.us/img219/5341/scotttom5.jpg)

The question that the doubter should be asking is, "Okay, maybe we have reason to place Scott Tom at the computer, but can we really say he was in control of all these cheating accounts?" Yes, yes we can. While he likely held significant help from one or more other high-level cheaters at AP, Scott Tom was pulling the strings directly regarding several of these cheating accounts.

Here's a screen grab showing the entire financial transaction history for the infamous "PotRipper" account. It had a notably brief life span, for obvious reasons:



(Larger version at http://img80.imageshack.us/img80/3180/scottom6.jpg)

Note that the above is a financial-transactions history of the PotRipper account, not a recording of what happened at the tables. Here, $70,000 was transferred in from another cheating account, which seemingly immediately triggered an automatic black-list in the system, based on the transaction's size. That was immediately overridden by an operations supervisor based on directives from upper management (Scott Tom and others) for this and for all of the cheating accounts.

I'll get to these directives in a moment, but let's first examine the PotRipper account history. The account was first used on September 11th, 2007, had a large sum dumped into it from another cheating account, and two days later, was used to take down a large tournament score. That win on September 13th would have swelled the account balance to something like $150,000, barring other activity, so what must have happened between September 13th and 16th is that money was chip-dumped to other accounts during live play at the tables. Many of these affiliated accounts -- "ROMNALDO" is one of these, just off the top of my head -- were used in this manner, and chip dumping at the tables would not be captured by the transactions inquiry shown here.

In any event, there must have been plenty of internal heat at AP in the days immediately following the PotRipper escapade, because on September 16th, Scott Tom cashed out most of the remaining money in the PotRipper account, leaving enough behind and then re-blacklisting it, so it appeared there was still active play should anyone investigate at a later date. (He did the same thing with other accounts as well.) By then, of course, the vast majority of cheated monies had been siphoned off the site.

I mentioned those internal high-level directives to handle these cheating accounts with kid gloves. Several such accounts carried special notations like PotRipper's: "Please do not close this account for any reason. Issues please consult with Brent, Adrian or Nolan." So the customer-level support staff was being warned to leave these accounts alone, and this Brent is believed to be Brent Beckley, Scott Tom's step-brother, also involved with AP from its inception.

Here's the account overview for "PotRipper", the famed cheating account. I've gone ahead and redacted most of the name and street address, though I believe this to be one of Scott Tom's college buddies being used for money-laundering purposes. That said, a lot of the information here was still faked, from the mismatch between state and zip code to the use -- again -- of AP's own customer-service number in the phone field.



(Larger version at http://img90.imageshack.us/img90/6580/scotttompotripperacctin.jpg)

Okay, that's enough of a "Ka-Boom!" for today. There will be plenty more in future posts, on both AP and UB. I've always believed that the truth in these matters would come out, and here's one piece of it, right here.



* Not its name at that point in time, but I can't help but create some artificial link candy.

10 comments:

Unknown said...

wow! Thanks Haley! Jon@pokulator.com

Tom Hedonist said...

Thank you very much for all your hard work and perserverance!

I wasn't personally effected by either of these scandals, but I feel EVERY poker player is tarnished by the actions of these thieving b*st*rds!

Again, thank you. Maybe one day, the LEO agencies will take an interest.

Wolf Web said...

thank you for the info.

Henk said...

Highly impresive and convincing. Any news of TS´s current whereabouts and weelings and dealings? Not still in online poker I hope and presume?

Mookman said...

So how does The KGC, Joe Norton, Paul Leggett, or Tokwiro fit with all of this? Seeing as they went with the cover-up story. They claimed no money left the site, but it appears cashouts were made. Thanks for the work

PTP said...

nice work, will spread the word

Scott Tom said...

NOOOOOOOOOOOOO :(

Anonymous said...

Great work here Haley, as always.

Anonymous said...

Great research Healy, I believe you understand very well how the security job is done at a poker site. I have worked running security for poker sites for the last 6 years. Although in my personal opinion every one on the the upper management staff knew about this. Most fraudulent accounts are based in the US, hence most IP addresses are registered to Costa Rica? As far as my knowledge it is nearly impossible to duplicate an exact IP, unless you have a crappy security set up, which I doubt considering the hardware AP/UB must have. Just a heads up on my impressions.

skoldpadda said...

Fantastic job!