GGPoker apanha e bane superuser MoneyTaker69
Como todas as boas histórias/escândalos de batota no poker online, esta não começou de forma diferente das outras, post nº1 de um novo user no fórum twoplustwo.
Desta feitas tivemos o utilizador GGSuperUser do fórum a acusar o username Moneytaker69 da GGPoker de ser um superuser.
O que é um superuser?
Um superuser é um utilizador com privilégios especiais que lhe permitem realizar tarefas e aceder a recursos do sistema que normalmente não estão acessíveis aos utilizadores regulares.
Segundo a thread durante o mês de dezembro o referido utilizador estava a ganhar 90bb/100 com 53% de VPIP* e 17% PFR** em 8.900 mãos, e para além disso tinha ainda ganho $47.586 no GGMasters $150 $400k GTD. Tudo isto a jogar de forma bastante "volátil" e que levanta suspeitas. A thread tem várias imagens que suportam as acusações, podes vê-las abaixo.
GGSuperUser afirmou ainda que o operador sabia da situação e que se iria pronunciar sobre a mesma. O medo deste jogador não se verificou e a GGPoker acabou mesmo por lançar um comunicado sobre o tema durante a tarde de hoje (29/12/23).
O comunicado da GGPoker faz luz sobre a situação e confirma mesmo as capacidades de superuser à conta Moneytaker. Segundo a sala, Moneytaker69 não conseguiu aceder às cartas dos adversários mas explorou uma falha de segurança que lhe permitia "deduzir a sua equidade em all in" explorando uma falha de segurança do lado do cliente.
Esta falha foi detetada pela GGPoker que com o intuito de resolver a situação lançou uma atualização no dia 16 de dezembro. A mesma não foi eficaz porque o user já tinha o seu software de cliente "tratado" e bloqueou a actualização. Nesse mesmo comunicado que podes ler de forma integral abaixo, pode ler-se que foram confiscados $29.795.
GGPoker recently spotted unusual game patterns and abnormal game client packets from a user nicknamed ‘Moneytaker69’. Our technical security team investigated the issue, identified a client-side vulnerability, and fixed what caused these unusual circumstances. We have banned the user and confiscated the unfair winnings, equating to $29,795. Below are the details of how this player exploited the system and gained an unfair advantage:
Under a specific set of circumstances related to the ‘Thumbs Up/Down Table Reaction’ feature, which involves decompilation of our Windows game client, interception of network traffic, and alterations of our game packets, Moneytaker69 was able to customize his own game client. These customizations could only be made to our Windows desktop game client since part of our desktop client leverages the Adobe Air framework, which has attack vectors that other frameworks do not. At no point was the user able to access our servers or server data, including others’ hole cards. Through this customized game client, he was able to deduce all-in equity by exploiting a client-side data leak vector. Our engineers detected this vulnerability and issued an emergency update on December 16th to disable the Thumbs up/down table reactions. However, the user was already in possession of the customized game client, which he blocked from receiving further updates, and was able to continue to accumulate the data leak during the flop and turn. Through this accumulated data, he could guess his win probability with reasonable assurance.
We have since issued security patches to prevent further client-side data leaks of this kind and have added solutions that will detect and prevent players from customizing the game client to their benefit. We will refund $29,795 to the affected players and also reconcile the payout for the impacted tournaments in the next 24 hours.
We sincerely apologize for the incident, which has caused many poker players to worry about the game’s integrity and shaken their trust in GGPoker to provide the best poker experience. We take this incident very seriously and continue to work hard not to disappoint poker players. Additionally, we are actively recruiting to double the size of our technical security team and are enlisting help from renowned security professionals to ensure that online poker is safer than ever.
We would also like to thank the poker community. This incident further proves the power of our community and the poker players’ hive minds, as constructive community feedback gave us great confidence in resolving the issue. We will continue to take community feedback seriously and open our ears to all comments and suggestions. Let’s build a safe future together.
* dinheiro colocado de forma voluntária no pote
** percentagam de vezes que faz raise pré-flop