Over the last few days the entire poker world has been buzzing over the controversial hand between the Garrett Adelstein and Robbi Lew. The way the hand played out led Adelstein to believe Lew had to be cheating, as she had made a $109,000 all-in call on the turn with Jack high and won the pot after running it twice on the river.
While it is obvious why Adelstein would be suspicious about Lew’s actions, what seems to have been neglected thus far throughout the poker community’s public analysis of the hand is the technological side of how such a potential cheat could have occurred in the first place. As someone who – through my work as a cyber security consultant – has spent many hours breaking into sophisticated technological system including casinos and banks, understanding the technological aspect of such a “hack” is critical to a proper evaluation of the situation.
As such, before moving on to examining the specific hand, a couple of concepts need to be explained.
An attack vector is a direction via which one chooses to perform a malicious act. When attempting to cheat a live poker game, there are several possible attack vectors, namely:
- Rigging the deck – inserting a rigged deck to the game
- Marking the deck during the game – marking the deck slowly, one hand at a time, as a player has access to two cards per hand
- Chip insertion – duplicating chips one hasn’t payed for or won and inserting them into the game
The attacker will often choose the vector that will produce the best results with least amount of effort and investment, provided that it is also hard to detect. In the above examples, Inserting a rigged deck to a game is obviously much more complicated than inserting rigged chips.
The likelihood of someone using an attack against the game differs from one vector to another, yet it plays an essential role in the process of evaluating cheating allegations.
Secure Game Technology and Processes
Technology can add security to a game. For example, casino chips have certain characteristics and may be digitally marked with a special implanted computer chip. That’s how a casino cashier would easily be able to detect whether chips are genuine or not. While rigged chips can be detected, it doesn’t mean they can’t be inserted into a game in the first place. Nonetheless, players are less likely to do so as secure technology makes it a higher risk attack vector.
Beside the technology, no less important is the security process. If in the above example the process of cashing out chips does not include checking them as being genuine, even the most sophisticated technology will not help. Thus, if an attacker knows that the process does not involve chip verification, then their risk of getting caught is much lower.
Now we can discuss the Hustler Casino Live (HCL) incident. The hand in question took place in a (delayed) streamed cash with special cards (RFID) that are read by devices under the table.
There are three main potential attack vectors for such a game, where attackers are not being helped by a casino insider:
- Deck Replacement – While this is highly improbable, it’s not 100% impossible. Deck replacement attacks can be carried out in so many ways that most people wouldn’t even consider. It does not even have to be done on casino grounds, but could potentially happen at some point between the card manufacturing process and delivery of the cards to the casino. There are at least a few attack vectors here, all of which are applicable in the HCL game. However, those are far less likely since there are high risks involved and easier attack vectors exist.
- Video Stream Tapping – The process of preparing the video stream matters here. If the card images are blended into the video stream in real time and not delayed, then attacking the video stream would produce a high benefit for the attacker, as they would be able to know the opponents’ hole cards in real time.
- Attacking the RFID System – Another potential attack vector could be reading the cards as they are dealt by inserting a third party device or, alternatively, coming up with a different way to read the RFID tags inside the cards from a distance. By definition, we know that each card has some kind of ID that can be read remotely, so for this method to work an attacker would have to devise technology to relay card reader results. This has been carried out in several tests with credit cards and near-field communication (NFC) able devices.
The security process of how technology is being used is a key factor in choosing which attack vector to use and how likely it is to work. Often an attacker will spend very long time in observing the environment prior to choosing an attack method. As previously mentioned, however, taking the technology alone into consideration is 100% wrong.
Rigged Decks and Vibrating Devices
There are several forms of rigged decks. One can create a rigged deck by marking “hidden” signs on the (hole) cards they have access to. One very simple form of rigging is to mark the Aces and Kings by bending their edges. Though it is detectable, in most home games (for instance) such attack will go unnoticed.
A more sophisticated way of rigging the deck would be to mark cards with special Infrared “ink” which can be seen only through a special lens. In such an attack the attacker is often wearing special sunglasses through which they can see markings on the cards.
The two aforementioned methods do not provide information about the cards to come, but rather only about cards that have been dealt to other players as well as the top card on the deck in the dealer’s hands.
One well known cheating method involves a special infrared marking on the edge of the cards and a camera that can see the infrared markings. Once the shuffle in between hands is complete, the camera takes a picture of the full deck and the image is sent to a computer or a phone for image processing. Since the image contains the infrared markings on the card edges, the image can be processed so that the full order of cards is correctly determined. From there on, knowing the outcome of the hand is just a matter of which poker variant is being played and the amount of players dealt into the specific hand.
This is obviously highly beneficial to an attacker. The only “missing component” is transmitting the information to the player. This is often done via vibrating device or a tiny earpiece.
Video Stream Tapping
As mentioned, video stream tapping would only be beneficial if the hole card information is relayed in real time to the stream. Hacking the stream can be accomplished in several ways and it is hard to determine which is easiest and most beneficial as it would depend on the system setup and the process surrounding the stream broadcast.
The security of the stream is highly dependent on the security of the computer involved with the stream process. One with access to this computer (legitimate or illegitimate) would be able to know anyone’s cards at any given time in the hand. However, this person would not be able to know which community cards would be dealt next or any of the cards in the muck (e.g., burnt cards).
Video stream tapping is often relatively easy to achieve, as many people are involved in the production of the stream and each of them is a potential “weak link” who can be brought into the attack for the right amount of money.
While I am not familiar with the HCL setup, it stands to reason that they secure the integrity of their stream in a number of ways:
- Carefully vetting and selecting the members of their production team.
- Not connecting the streaming computer via internet infrastructure but instead via private dedicated lines.
- Encrypting the stream with a delay so that even in the event of outside tampering, no information would be visible in real-time.
- Not letting anyone near the streaming computer and blocking any human interaction with it.
These are some representative examples and there are many other things that can be done to protect the security of the stream and the technology involved.
NOTE: There are rumors of military-grade technology that can read an image of a screen remotely. If such technology got into the hand of an attacker who became aware of the location of a monitor displaying the stream in real time, this could also be a potential (though highly unlikely) attack vector.
Attacking the RFID Card Reader System
RFID stands for Radio Frequency Identification, but everything explained below is applicable to almost any kind of “remote card reading” technology. RFID technology can tag any kind of object by utilizing radio frequency waves. The technology is unnoticeable as the implementation can be as thin as a sticker.
While there are several types of RFID tags (passive / active) the range of a passive RFID tag is usually around 3-20 feet (depending on the tag technology), while some readers with special antennas could read RFID tags from about 60 feet away.
It would stand to reason that reading the card IDs would not provide enough information to carry out a successful attack as that information would likely be encrypted for the HCL stream. The attacker would thus still need to know the encryption key to understand each card’s value. Even if equipped with the encryption key, an attacker utilizing an RFID reader still wouldn’t know which cards would be next to come off the deck.
Another way to cheat would be by tampering with the RFID system reader itself. If someone has access to the reader, they could potentially program it to transmit the card result information to a secondary location outside of the video stream. Once again, this method would still entail needing to hack the card reading process itself.
So, Did Any Cheating Take Place?!
While everyone has an opinion on the matter, the poker world will have to await the results of the official investigations to know the definitive answer to this question.
With that said, I hope that by having explained the technologies involved in poker streaming, potential attack vectors, and the security involved in live poker and video production processes, readers now have a greater understanding of what it would take for any poker player to have cheated in such a situation.
I look forward to seeing the results of the official investigation.