When determining the risk to a system and the data stored on it, insider threats are generally regarded as lower risk. Despite the complete access (high risk) that insiders generally have, most of the time insiders are trusted agents (very low risk) on the network. When it breaks down, it can break down in a catastrophic manner, especially if there is money at stake.
One such incident took place in the middle of last year when one or more individuals with trusted access to the systems of UltimateBet and Absolute Poker used that access to create several fake usernames and used them to make an undisclosed amount of money off online poker players. While creating the fake player accounts may not necessarily be cheating, it was the use of software that allowed the insiders to view the competing players' hole cards which was.
An investigation by a Canadian gaming commission found that the cheating continued for six weeks and that the management and admins of Absolute Poker had further exacerbated the situation through the deletion of critical gaming logs and failed to report the breach within 24 hours of discovery.
Absolute Poker was Absolute Poker fined US$500,000 in January for four breaches of the gaming commission's rules, three of which were for inaction or attempt to cover up the incident by the site. In addition to the fine, Absolute Poker will be subject to random auditing over the next 24 months, at their expense.
On the positive side for the affected human players, it was found that Absolute Poker had acted to refund losses and taken steps to prevent similar action in the future.
Online poker playing has always been surrounded by the whispers of cheating when it comes to the actions of other players at the table and ongoing investigations with Absolute Poker turned up a more serious cheating scheme that had been operational for 21 months, completely encompassing the above incident, but unrelated.
When big money is on the virtual table for playing a card game across the Internet, people are going to be motivated to do what they can to weight the odds in their favour. At the US$1.2 million 2007 World Championship of Online Poker, managed by PokerStars, the first place finisher was disqualified for cheating (believed to have been multiple accounts active at the same time to improve chances of winning, though at $2,500 per buy-in the cheating is believed to be somewhat more substantial).
Questions should now be asked about the sale of UltimateBet and Absolute Poker, given that the cheating was shown to have been ongoing from before the sale (October 2006) and that the individuals involved were shown to be linked to the company prior to the sale. With potentially multi-million dollar losses, fines, and refunds liable to be paid out there may be a case to be made against the previous owners.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.