The term “super user” entered the lexicon during the cheating scandal surrounding the poker sites UltimateBet and Absolute Poker in 2005-2007, referring to an online poker account that could see other players’ cards. Some of that controversy returned on Friday after GGPoker admitted that a player by the name “Moneytaker69” had been banned from the site for a similar scheme.
After being alerted by members of the poker community, GG said the company identified unusual playing patterns and “abnormal game client packages” involving the player. Additionally, $29,795 in unfair winnings were forfeited, and tournament winnings will be determined.
“Our technical security team investigated the issue, identified a client-side vulnerability, and fixed the cause of these unusual circumstances,” GG noted in a statement.
Details about the security breach
GG has detailed some of the issues with the security issue. Under certain circumstances related to the “Table Reaction Up/Down” feature, “Moneytaker69” can customize his game client.
This includes decompiling the Windows game client, intercepting network traffic, and making modifications to game packages. GG confirmed that the issue only affected the Windows client and that the player was never able to access servers, server data, or other players’ holed cards. However, the user manages to get some advantages.
“With this custom game client, he was able to infer end-to-end ownership rights by exploiting the client-side data leak vector,” JJ noted. “Our engineers discovered this vulnerability and released an emergency update on December 16 to disable thumb up/down table interactions.”
“However, the user already had the custom game client, which prevented him from receiving further updates, and was able to continue to accumulate data leaks as he tossed and turned. From this accumulated data, he could guess his probability of winning with reasonable certainty.”
The company has since released security patches to prevent similar leaks and added ways to detect and prevent players from customizing the game client to their advantage.
“We sincerely apologize for this incident, which caused many poker players to worry about the integrity of the game and shook their trust in GGPoker to deliver the best poker experience,” GG noted in the statement. “We take this incident very seriously and continue to work hard so as not to disappoint our poker players. Additionally, we are actively doubling the size of our technical security team and seeking assistance from renowned security professionals to ensure online poker is safer than ever.
Player interaction
The superuser’s discovery came on the 2+2 forums on Thursday. One poster alleges suspicious behavior from ‘Moneytaker69’, using an abnormal win rate and irregular hand history to support the claim.
Some players were happy that GG provided such a comprehensive clarification while others criticized that it took the company too long to fix the security issue. Others wondered if other users would be able to exploit the flaw.
“Are you conducting a thorough investigation to find other cheaters who have used this exploit?” One Twitter user responded. “Moneytaker69” was one of many. He almost certainly would have shared it with a team. It’s a bad look to simply pretend that the one player caught by the public is the one cheater.
This is the latest move by GG to ban players. In 2020, GG banned some players accused of “stalking bums” and other terms of service violations.
