Wednesday, February 08, 2012

Just Conjecturin', Volume 40: Three Records

For various reasons, I'm going to release three records culled from the roughly three million UB records accidentally leaked a couple of months ago by whom I believe to be an Israeli spammer. Before getting down to the records themselves, I'd like to reaffirm a few things about the more than 200 data files that were leaked.

1) The files were not Cereus Network databases specifically, but the working material for spammers who had data from many sites. It just so happened that the largest share of the data was from UB.

2) The vast majority of the Cereus Network files were UB records, not AP ones. Despite Todd Witteles' assertion that a couple of his AP accounts are present, I've been unable to pinpoint a single record elsewhere that I know to have originated as an AP account.

3) The records included both real- and play-money accounts, and my best estimate based on known populations of certain types of accounts is that roughly 60% of the US player records are present in one form or another, split across many files.

4) Despite these largely being UltimateBet records, they have been transformed with new AP account numbers, in a batch process that looks to have been done over several nights around Thanksgiving of 2008. The actual date of the databases is somewhat later, and buried in one of the many files are the first couple of "UB.com" test accounts. It's a strong indicator of when these databases were created.

Ok, that's out of the way. I continue to search and sift these files for records of interest, and while I've found several hundred records of interest, I'm choosing today to publish three, with a fourth on an unrelated matter coming soon. These three are Brent Beckley accounts, but these are Beckley accounts from the UB side of the operation, not the AP stuff. It's almost certain that Beckley had many more accounts over on the AP side.

Without further ado, Beckley account #1:


BRENT BECKLEY Canada BRENT@BRENTBECKLEY.COM 3329A YONGE STREET Male 6/3/1980 TORONTO ON M4N2L9 Canada 186.15.17.68 7/18/2010 17:39 1 200000 0 (Toronto cel-phone number) 0 0 7/18/2010 17:39 UltimateBet.Com Blacklist User 0 E362B3E8-4477-5D1E-87D7-7A534447B209 47:05.6 Other 47:05.6 Ontario Y N IN 0 0 0 ecs_hn

This account shows just a tiny bit of play in 2008 when one checks the various online tracking sites, evidence that Beckley just dabbled on the UB side. The brentbeckley.com domain once existed but is now defunct. The "Blacklist User" tag is interesting, as it's a code applied to many accounts where shenanigans of many types occurred, but one can find the same code on accounts used for credit-card fraud, collusion, and other offenses against the site.

Account #2:

Brent Beckley United States bbeckley@fiducix.com 91 Campus Drive PMB 1512 6/3/1980 Missoula MT 8331632 M0RNINGW00D 59801 196.40.37.120 7/23/2008 22:41 99000 25943 (Atlanta-area phone number) (Atlanta-area phone number) 421.25 0 7/23/2008 22:41 UltimateBet.Com 0 Test(ALL) 0 Male Other Sichuan China Y MT 0 0 0

"M0RNINGW00D" was a test account, probably used lightly in-house in connection with the transition to the unified Cerues Network and the creation of the new UB.com. It doesn't show up in any hand-tracking databases as far as I can tell. The "91 Campus Drive" comes from the boys' old SAE frat house, and the fiducix.com is a known business entity associated with the corporation operations of AP. The account's just a jumble of marginally interesting info.

Then there's account #3:


BRENT BECKLEY Canada BRENT@CASCADEDEVELOPMENTS.COM (Boise ID street address) Male 6/3/1980 TORONTO ON M4N2L9 Canada 200.122.182.37 11/24/2008 17:58 Television 257000 5000 (same Toronto cel-number as above) 0 0 5/15/2009 17:10 UltimateBet.Com Bronze VIP 0 {65A4971C-F69D-4257-A446-FD6A401E1B8D} 45:55.2 26:29.1 Television 26:29.1 Ontario Y N PW 0 0 0 03:4

To me this is the most interesting record of the three, and its account name was deleted from these records. The Boise street address (Cascade St.) corresponds to a listing for Beckley's mom, Debbie, but it's the "CascadeDevelopments.com" entry that warrants further digging. I would characterize that as a lead as to where some small bit of money might have went, as one can follow the domain link to various Beckley business-network entries, such as this info from Naymz:




It's no longer really a question of what happened to millions from the AP funds -- it's more a process of identifying all the possible channels that might have been used. Since Beckley's up for sentencing fairly soon, I'd be remiss in my civic duty if I didn't do my part to open up Cascade Developments as an operation worth investigating.

6 comments:

Cole said...

Thanks for your continued research into this mess. Looking forward to the book.

Cole

aaron watson "doc31" said...

why does account number 2 from brent beckley resolve to "sichaun" CHINA??

just a theory but wouldnt running a tool for ap/ub that included running a master network for example ddos attacks be made possible in light of prevention of software ,?
To put that into perspective haley there was a very detailed note about blacklsted accounts and rogue players having in the earlier days of online gaming to have been ddos attacked whenever they tried logging into poker servers,this was a recourse of action for the sites to blacklist any unwanted /needed players that simply flouted/broke rules..It was a detection and recourse method that the sites hold in order to throw or dismiss illegal players that were either banned or simply not allowed to play.
Please note There is a proof of this is the early days of poker that the sites used as a fallback in chat relay hosted games that had this tool made available..In short they could attack any machine with malware or spam attacks to any poker playing account that was blacklisted

Haley said...

Doc, it's good that you care and that you keep bringing up this DOS attack stuff, but let me assure that in this specific case of UltimateBet, you are wrong.

The site had np reason to launch a DOS attack to steal information. since they could use God Mode to access high stakes' opponents hole cards directly. Thieves that are in the process of stealing millions via a direct method would not implicate something as complicated as a DOS attack to steal stuff of much less net value.

It's not that your theory doesn't have some basis in technical facts; it's that it makes no sense in the context. It would be like getting to a city to your east by driving west and going all the way around the globe.

I've not published your comments before because they don't hold up against the nature of this case. Thank you, though, for your continued interest. The "Sichaun, China" stuff is also not related to what you think it is, and I'll probably do Vol. 41 a bit off-topic just to clear that up.

David said...

Awesome that you did publish his comment this time though, Hayley. I find it fascinating that doc is here (I'm assuming the same doc from a thread or two at that poker forum owned by the asshat)and his overall theory. He shows much conviction and again I find that interesting, especially with where online poker, and namely ap/ub are now...pretty much dead.

Anyway, was linked here via a new forum I found cread by one one the DD guys and looking forward to reading the last two entries here. They are new to me :) Also, patiently awaiting news of your book :) :)

Haley said...

I'll be stopping by at Druff's forum once in a while, lurking more often than posting.

After a slow couple of months, work has picked up again on the book, buoyed by a few new sources, the leaked UB files (which took many weeks to fully understand), and of course a couple of ongoing news stories like that player civil lawsuit.

I know people had hoped the book would have been out by now, but it has turned out to be a difficult and complex project, needing significantly longer to do than originally expected. But it'll be a great tale when it's done, you have my word.

David said...

Thanks for the reply, Haley. TBH I'm sitting here imagining the possible quandary of putting out a book, when so much new news seems to still be coming out. Does this factor into it, or are you confident for the most part that you have the full story and anything else is just further confirmations? Looking forward to reading your latest entries, as I see there are new ones and I've not read them yet. Thanks as always...