About a week ago I received an email from a reader (J.C.) concerning an article we published here at Cardplayer Lifestyle back in 2015 about poker malware. His is an interesting (and unfortunate) story that I feel many online poker players can identify with. Rather than answering his questions on my own, I felt he’d best be served by hearing from true experts in the field. Moreover, I’ve received his permission to make the email public, so that the answers could potentially help many more online poker players finding themselves in similar situations.
To provide answers to J.C.’s questions, I’ve rounded up a panel of experts who have graciously agreed to give of their time to participate. In alphabetical order, then, I wish to express my sincere thanks to Eddie Harari, Michael Josem, Jonathan Little, Avi Rubin, and James “Splitsuit” Sweeney, whose answers appear below. As each of the panelists have slightly different qualifications and experience, their answers speak to different parts of J.C.’s concerns, providing a rather comprehensive assessment. I’ll follow up with a brief analysis/recap of at the end of this article as well as a brief personal anecdote, which I hope you all find to be helpful.
Without further ado, the email from our reader…
QUESTION: Am I Being Paranoid about Online Poker?
Thanks for your article about poker malware. I really enjoyed the read and I’m becoming more and more aware of advantages, both legal and illegal, that other players might have in an online poker environment. I started playing poker around 2007 and for a good year I was a solid poker player, tuning an initial $50 deposit into $3,500.
Then, at some point, I started gradually losing money on a daily basis. I could not understand why, as I had not changed my playing style and I did not increase the stakes that I was playing at. At that point in time I think it was when poker HUDs became more and more popular. Totally oblivious to this new technology, I was being beaten by weaker players that had a lot of inside info on the way that I played.
After this experience of gradually losing money for a substantial period in time. I stopped playing online poker, but a white paper published by Virtue poker got me very intrigued to the amount of crookery that is going on behind the scenes.
It opened my mind to a whole new world of legal software as well as plain right cheating that gave my weaker opponents a definitive edge over me.
There are a lot of very scary claims about large poker sites being dirty and crooked to the core, up to the point that I am starting to doubt if their random card shuffler is indeed random? Or do they tilt the odds a little bit in the favor of the fish to keep them hooked and keep them depositing money into the online poker economy? I also read about malware that takes screenshots of your screen and shares it with players that you are playing against. And I think the most scary one of all was the fact that there are poker bots available now that are fully automated and really hard to beat or to be caught by the poker sites’ screening software.
Have I become a bit paranoid? Or is this online poker environment buried deep into the foundation of the dark web?
The reason that I am writing to you is for advice on online poker tips and guidelines to protect me from legal and illegal software that might give opponents an unfair advantage. Do you know of any forums or blogs that I can join?
Also, is there any way of knowing if my computer has been infected with malware such as Odlanor that can display my hole cards to my opponents?
Thanks for your help and assistance.
I hear the claims about sites cheating in favor of certain players, but I cannot accept them. If a site were to be rigged, it would only cheat in its own favor. Therefore it would seat bot players which would “clean-up” at the tables.
If you want to find out if cheating is occurring on a site you are playing at, it is a very tough task. I believe that certain methods of cheating can go undetected for years. However, if you have your full hand history and there’s enough data in there, it is possible to analyze whether the statistics add up or not (and uncover the obvious method of cheating). My suggestion is that you only play at regulated online poker sites.
As for malware, let’s first understand what it is. Poker malware needs to send its Command and Control (C&C) channel while you are playing a session. This is also called the malware’s C2 channel. To protect myself, what I would do is use an external firewall (can be as cheap as $50-$100) to only allow communications needed for the poker session during the session.
This will ensure that even if you do have poker malware on your computer, it will not be able to send the C&C communication (your hole cards) to any third party, as the firewall will block that communication.
Eddie Harari has been a cyber security expert and a hacker for over 25 years. He is also an occasional Cardplayer Lifestyle contributor.
For most online poker players, the risk of being unfairly defrauded by hackers gaining access to your computer, installing malware, then being cheated by this malware inside a game of poker is extremely small. If someone can install malicious software on your computer, there are easier ways to defraud you: either by stealing money directly from your bank account, or just gaining access to your poker site account and stealing the money more simply.
That said, protecting your computer against greater risks will have the added benefit of protecting yourself against very unlikely risks. In short, you should immediately undertake the following key activities:
- Ensure that your operating system and other software is patched and kept up-to-date. If you use a version of Windows other than Windows 10 (which essentially forces you to keep your operating system current) then you need to get your PC updated immediately.
- Use good anti-virus software and ensure that it is being used and updated routinely. Windows 10 will help with this.
- Reduce the attack surface of your PC by not installing software unless you deeply trust it, it is maintained, and comes from a reputable source. Similar rules apply to other internet-connected devices on your home network.
- Practice good password hygiene by following the password advice published by the Electronic Frontier Foundation.
Each of these key activities will reduce – but not eliminate – the risk of being hacked by malicious people. In some situations (such as if you are playing poker for very high stakes or are otherwise likely to be individually targeted by sophisticated adversaries such as state-sponsored actors), you should obtain personal expert advice from a trusted source. If you are at risk of this, then you will probably know about it.
Michael Josem is a longtime online gaming security specialist and communications professional.
This story of winning initially, breaking even, and then eventually losing is quite common for players of all games. They start playing against incredibly weak, unstudied competition and then gradually move up in stakes until their opponents play better than they do. Our Hero realized that his opponents were using HUDs, but instead of learning to utilize the tools required to succeed, he called them weaker players and acted as if they had some sort of unfair advantage. In reality, they were playing well within the rules of the poker sites and were working harder and smarter than our Hero. If your opponents work harder, study more, and use better tools than you, they are stronger than you.
Instead of blaming others for your failures, you have to fully comprehend that your failures are due to your own decisions and inadequacies. Sticking with this view, I have never even considered online poker sites to be rigged because if I am losing, it is my fault. (I understand that there is significant variance in poker. That is why you have to put in lots of volume.) Of course, there have been cheating scandals in the past, but as far as I know, none of them have occurred on the three largest poker sites (the only ones I keep substantial money on) and when players collude to try to get an edge on those sites, they are quickly discovered and the stolen funds are returned.
If you take the risks to play on sites that are comfortable being unregulated or operate under very lax regulations, you must be aware that bad things may happen. Just because a site exists does not mean you have to play on it. Every time one of the American-facing sites closes, I have countless people email me feeling as if they got scammed. While they did get scammed, they also make the mistake of leaving themselves open to getting scammed. If you don’t allow yourself to be taken advantage of, no one can take advantage of you.
When you are playing, if something doesn’t feel right, it may not be. Instead of thinking or saying that you must be getting cheated, gather significant data to prove your point and then present your case. Saying “I lost 15 times with Aces in a row” or “My opponent called my all-in with only King-high” makes you appear foolish because those things happen to everyone due to the nature of the game.
The unfortunate thing about the issue of being cheated online is that so many losing players are quick to blame their losses on anything besides their own decisions. Their noise makes it difficult to actually know when cheating is occurring. If people would act in an intelligent manner of studying data, the cheaters would have a much more difficult time going undetected. Until people learn to protect themselves, they will be open to getting scammed, continuing the cycle of them blaming everyone else for their own failures.
Jonathan Little is a professional poker player, author, and coach. If you’re interested in more great poker tips from him, please visit PokerCoaching.com, where you can get a free 1-week trial.
Let me break this up into a few issues.
Security of the poker site
You are absolutely right that you cannot know what is happening in the software. Is the shuffle random? Is the game actually happening, or are you being duped into thinking you’re playing poker, but actually just dumping money into the site? The only assurance you have about the poker site is your belief in the integrity of the people running the poker site based on their reputation. The biggest, best-known sites have every incentive to run a fair game because they have everything to lose if they are discovered to be running a fraudulent operation, and very little to gain by facilitating cheating since they are making money hand over fist by collecting rake.
Integrity of the game
Are you up against other players or just bots? This is a very difficult question. Bots are gaining in sophistication, and they can easily penetrate any gaming site. While there are some measures legitimate sites can employ to try to limit the number of automated bots, there is no way for them to win that arms race, and it’s a fact of life that playing online you will never know if you are playing other humans, humans with software assistance (possibly the biggest threat), or total bots.
Malware on your computer
The bank robber, Willie Sutton was famously quoted as saying “because that’s where the money is” when asked why he robbed banks. Well, with real money online poker that’s where the money is, and you can be sure that dedicated malware, which has already surfaced at times, will continue to be a threat. There are a few technical approaches to dealing with this (see, for example secureonlinepoker.com), but the best advice is not to play for high stakes online and to consider online poker more for its entertainment value than moneymaking potential. If you can’t resist the urge to play online for real money, then make sure you are using one of the standard anti-virus, anti-malware software packages on your computer. Also be vigilant for “strange” play by the other players. If someone who seems like a reasonable player suddenly makes a ridiculous call and hits a runner runner one outer, that should raise alarm bells. If you observe this type of behavior, report it to the poker site and find somewhere else to play.
Avi Rubin is a Professor of Computer Science at Johns Hopkins University and Head of the JHU Information Security Institute.
James ‘Splitsuit’ Sweeney
The email presents a number of questions, so let’s examine one at a time.
Is online poker rigged and/or full of cheating?
There are clear cases of both throughout the history of online poker. Since the online boom in the early 2000s, scandals ranging from small-scale botting rings up to super-user accounts have impacted the poker community. So, yes, there is illicit behavior when it comes to online poker. That said, two major things should be considered here:
- Wherever there is a money-making opportunity, there will be cheating. This is evident even in institutions as large as Wall Street.
- Cheating in poker is not limited to online play.
It’s easy to say “well, I guess online is rigged…so I’ll just go play live poker instead.” There is collusion, angling, and other grey/black activities in live play, too. Hell… I ran a private game in college with 12 hand-picked players and STILL ended up with a cheating individual in the game!
I don’t say this to turn you away from poker. Rather, be aware that cheating is GOING to happen and you need to be diligent to look for it and protect yourself as much as possible. If you get wind that a particular site is shady, stop playing there immediately. If you think a player is colluding with another one, leave the game any time they sit down. If you truly feel that something is wrong, get up and cash out.
Has my computer been infected with malware leaving me open to hole card spying?
Chances are, probably not. If you avoid clicking random links, don’t open spammy emails, and use anti-virus software, you are likely fine. That said, it never hurts to run a full scan of your system to see if any yellow or red flags appear.
Personally, I suggest having a dedicated machine if you play with money you care about. The higher you play, the more I think this is a must. On your dedicated computer you literally only download the poker clients you are going to play on, your trusted poker software (like PokerTracker 4), and that’s it. You do not use your poker machine for ANYTHING else (not even checking email).
This approach eliminates any possible malware or black-hat processes from being installed on your machine.
Again, your focus is to protect yourself as much as possible (and in turn, protect your hard-earned bankroll). So, close as many security holes as possible.
I stopped winning. Is the site now rigged?
“Then at some point I started gradually losing money on a daily basis. I could not understand why as I had not changed my playing style…”
Players love to blame everyone and everything EXCEPT themselves. Of course, there is a possibility that the site is rigged. There is the possibility that a ring of solid bots infested the site. But it’s also possible that your strategy stagnated while the player pool improved.
Player pools change over time, and as such your strategy needs to continue evolving. The same strategy that won in 2005 would get hammered in 2018.
If you are not working to improve your game, you will get surpassed by players who are working tirelessly. If you want to start working on your game alongside a great community of players and coaches, sign up for CORE and (re)build your game from the ground-up.
Have I become paranoid?
Maybe. But I think you are over-focusing on the wrong stuff, and under-focusing on the right stuff.
You are focusing on card rooms rigging pots for fish. First, does that even make sense? There are two major player types: regs and recs. Regs put in lots of volume and as such pay a lot of rake (this makes the sites money). Regs also fill up games and start new tables (this makes the site look fuller and can attract more future customers). Both of these factors make regs very valuable to a poker site.
Recs make a few small deposits, play rarely, and don’t tend to stick around that long. Thus recs make the poker site very little money.
Based on which of these customer types is more valuable to a poker site, wouldn’t it make a lot more sense to rig things in favor of the regs to increase site-loyalty and increase LTV?
You are focusing on bots. Yes, bots exist. But bots are typically using a very rote and static strategy. This makes them easy to spot and easy to beat. You are not playing against top-tier GTO bots.
You are not focusing on how to better use legal software. On sites that allow you to use HUDs like PokerTracker 4 or HoldemManager, learning how to use these tools is a vital asset. These tools help you track your results, analyze hands you’ve played, and get a statistical breakdown of players you’ve encountered. This is all information you could track with pen and paper – but the software automates this for hands that you’ve played. If you are going to play on a site that allows these tools, be sure to use them.
You are not focusing enough on improving. Once you’ve closed as many loopholes as possible (malware, shady poker sites, known colluders, etc.), everything else is up to your strategy. Continue working to build your playbook, understand +EV lines, and patch existing leaks. Of course, you should always keep your head on a swivel to see if a player, set of players, or even site as a whole go rogue, but overall, spend extra energy improving your poker strategy.
There are only so many things you control in life, but your poker knowledge and strategy is one of those things!
James ‘Splitsuit’ Sweeney has been in the poker industry for more than a decade and is the co-founder of Red Chip Poker.
I remember the sinking feeling in my stomach the first time I heard about HUDs and realized that my opponents were using them against me. It was at that point that I realized that if I wanted to be able to keep up with the competition I would need to get a HUD and start studying to improve my skills. Not finding myself willing to put in the time and effort, I instead elected to stop playing online poker pretty much right then and there and stick to live poker exclusively.
While that “take flight” approach is a valid one, I would venture a guess that it’s not the most common choice people make these days. Taking poker courses, book study, and of course utilizing HUDs has pretty much become the standard for anyone who takes online poker even the least bit seriously. Online poker has long evolved past the “let’s deposit $50 and see what happens” phase.
Beyond improving your own game, of course, our panelists agree universally that it’s critical to take the necessary precautions to ensure that your online poker playing experience is as secure as possible.
Did you enjoy this panel discussion? Have you got any burning poker questions you’d like answered by some of the game’s top coaches, players, media personalities, tournament directors, or industry experts?
Send an email to [email protected] and yours might be the next question featured in our Ask the Poker Experts series.