POKER OP-EDS

A Cyber Security Expert’s Assessment of A5 Labs Challenge to the Online Poker Industry

By Eddie Harari
July 25, 2022

Online poker security/integrity has always been a source of some controversy. In the last year alone there were several incidents involving several well-known players and online poker cheating schemes. While the ability to cheat at online poker seems easy and may fly under the radar, some organizations are working to curb this nefarious activity. A5 labs, which describe themselves as “a team of tech entrepreneurs, AI scientists, online game operators, and die-hard fans, committed to shaping the future of online competitive games”, recently published a white paper about the future of online gaming security and integrity detailing several methods that can help operators keep the game integrity intact.

A5 labs online poker security

The paper deals with explaining what online poker integrity is all about as well as describing some of the basic terminology like RTA (real-time assistance) and data encryption. The paper then goes into deeper security and integrity concepts like using machine learning (ML) and artificial intelligence (AI) to profile players and for measuring deviations from the basic player profile in order to detect online game integrity violations.

While I completely agree with most of the paper’s content and I think the group is doing an excellent job in planning the future concepts of online poker security and integrity, I would like to offer some additional insights that may better explain to the reader about the concepts mentioned within the paper.

Serious Papers Demand More Serious Titles

First, I would like to state that I do not agree with the paper’s title “Advanced Technologies for Secure, Fair and Fun Online Poker”. While I understand what the authors were getting after, I think using such a title is a little bit misleading given the paper’s context. In particular, in the context of system and game security, poker should not be considered as a “fun game”. For many people, poker is a full-time job, and as nefarious activity is most likely to have a significant negative effect on these players, I do not think that referring to or treating it as game of “fun” is suitable in such a paper.

This is a game where huge amounts of money circulate and therefore it makes for an obvious target for criminals to try and profit in an illegal way that will allow them to “clean” money off the tables. As anything security-related, the value of the protected asset has a direct connection to the risk as well as to the protection mechanisms that should protect it. Thus, the use of “fun” in the title is a bit misplaced.

The Hidden Cost of AI and ML

The paper mentions the use of AI and ML for the benefit of creating player profiles and measuring risk profiles as well as predicting player behavior and measuring player behavior; i.e., whether a player account belongs to a bot group or a collusion group. While these ideas are very good ideas, they may come with a price. ML as well as deep learning (DL) are not true/false solutions. AI, ML, and DL often produce false positive results meaning that some of the findings are mis-categorized. For example: While an algorithm finds bots within the game with the help of ML, it may also conclude that a normal (real) player is a bot based on his/her playing data features. One should not treat such solutions as complete and intact. From my experience with ML and AI (in different arenas), while they are predicting and classifying correctly most of the time they also have an amount of false positive results. The question as far as online poker is concerned is just how many false positive results are produced, as well as how do we deal with those results and what do we do to avoid “hurting” those incorrectly classified players?

Solvers Offer a (Partial) Solution; NFT Technology, Too

GTO (Game Theory Optimal) solvers are mentioned within the paper for the benefit of detecting cheaters that use software that helps them make the correct decision (profitable). I am 100% in agreement that all online poker operators should measure player error rates and if a player is found to be making very few errors in complicated spots, further investigation is warranted to check whether this player is using RTA software.

This is very much like backgammon, where each move has an effect on your chances of winning the game. While this calculation is almost unmeasurable for humans, computer software can tell you the best move for each dice roll in any given situation as well as measure how this move versus other possible moves affect your chances of winning. Online backgammon sites has been long time using such technology to detect cheaters who are using computers to let them know how to play. I fully agree with the white paper’s authors on this and I think that even great poker players will still make notable mistakes in certain situations time after time. So if GTO solvers detect that a player has no mistakes or near zero mistakes, this should be looked into.

An excellent usage (finally, may I say) for NFT technology is suggested that will basically ensure player identity is kept anonymously but still identified by the different online game operators and is also non-fungible. This will allow different operators to establish trust with the user based on his previous activity and behavior without the need to go through the KYC (know your customer) process. I think this is brilliant use of NFT technology. That said, it will require some kind of standardization within the industry and I am uncertain that online poker operators will be so quick to adopt such technology.

On Security and Fairness: What About the Operators?

The last part of the white paper discusses how to know if your online poker operator is secure and fair? In my view, this should be the biggest issue with online gaming; however, it is the briefest section of the paper. The simple answer to this question is that you can never know for sure if an online game operator is fair and secure. The main question that pops in my mind is “what makes us players trust online game operator?”

  1. Proven winnings
  2. Good PR by trusted people (and influencers) from the industry

While conventional solutions, from a purely security-oriented standpoint, both reasons are simply not enough for trusting an online operator. Even if an operator has been fair and secure for the duration of one poker session, it does not mean that it would be kept this way for other sessions.

Understanding the following point is critical: An operator can do whatever it wants at any given time as they control the infrastructure and data, as well as determine site policies and his procedures. Judging from previous incidents in the online poker world, we have unfortunately seen operators going rouge (or an employee going rouge) and the nefarious activity was only detected due to the incompetence of the cheater. If it is done in a smart and methodological way, the operator can (in principle) cheat and there will be nothing a player can do to detect it, as it will seem to be part of poker’s “natural” variance.

Conclusions

I think that on this final point the paper unfortunately fails to deliver a suitable solution. Truthfully, there may not actually be a perfect solution to this problem.

A few weeks ago during a $1 million guaranteed tournament on GGPoker a hand of pocket tens (incorrectly) took down a monster pot against a hand of pocket queens on a board reading: Ks 6d Kc 7c 5c. This was a clear glitch, but it was only tackled a few hours after the incident. In my view:

  1. The explanation given by GGPoker after the incident was incomplete and very strange.
  2. Not dealing with this situation more quickly created negative publicity for the operator, as well as for online poker in general,
  3. The operator’s lack of full disclosure to the online poker community re: what exactly happened is wrong.

This would seem to have been the perfect instance where GGPoker’s own newly-instituted poker integrity council ought to have been called in to investigate and then give the “all-clear” to the player community.

If online poker operators want the trust of the users they must be 100% clear and transparent with regard to online game security issues. From my experience playing online poker, if and when nefarious activity was detected in games I played, the operator would reach out to report that I was entitled to a particular dollar amount and issue me a refund, but they would never give the reason. In other words, they’d inform you that cheating had taken place, but they would never disclose the specific incident that led to the issuing of a refund.

In my professional opinion, the only thing that can make us fully trust online operators would be full 100% transparency, which is governed by online players representations.

For those of us just risking $50 on a “fun game” this may perhaps sound like overkill. But for those of us playing online poker for much higher amounts and/or trying to make a living from the game, it is a completely different story.

7

LIKE THIS STORY?
GET OUR BEST ONES IN YOUR INBOX EACH MONTH!

Sign up
Written By.

Eddie Harari

Eddie Harari has been a cyber security expert and a hacker for 25 years. He has done private consultant work for a number of governments and online gaming sites, as well as multinational companies. He has published numerous articles in professional journals and given talks in security conferences around the world.

Latest Post

Tags

Don’t miss our top stories, exclusive offers and giveaways!


Pokercoaching All Access