Tokwiro Enterprises ENRG (Tokwiro), proprietors of UltimateBet.com, today issued a formal statement detailing the complete results of an ongoing internal investigation into alleged unfair play on the site, occurring from March 2006 through December 2007. In its statement, Tokwiro confirmed that unfair play did occur, identified the online poker accounts involved in the fraudulent activities, created an investigative timeline covering the incidents and published a healthy list of corrective measures. Tokwiro worked in cooperation with the Kahnawake Gaming Commission (KGC) and other third-party experts in reviewing hand histories and game data, analyzing software and network security and auditing the site's security practices and procedures.
Allegations concerning unfair play on the site began when an online account named "NioNio" was identified as having results far beyond statistical norms, and other accounts were subsequently identified as having been used as part of the fraudulent scheme. Six player accounts were identified as being involved in the scheme, which targeted the highest-limit games on the site. The six accounts also changed screen names over the course of the fraudulent play, with 18 total screen names involved. Those screen names, per the official Tokwiro statement, are the following: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33, ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA, stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty, NYMobser, and WhoWhereWhen.
The fraudulent activity was traced to unauthorized software code that transferred hole-card information of other players at the tables to the perpetrators' accounts during live play. As of yet, no estimate of the total amount of illegitimate winnings through the cheating accounts has been released, though Tokwiro's formal statement accepts full responsibility for the situation and the firm will immediately begin refunding UltimateBet customers for losses incurred to the above screen names during the approximately 21 months that unfair play occurred.
In its statement, Tokwiro identified the unauthorized software code as being part of a "legacy auditing system that was manipulated by the perpetrators," referring to the fact that the hidden software was in place within the system prior to Tokwiro's 2006 purchase of the site. As the statement said: "The individuals responsible were found to have worked for the previous ownership of UltimateBet prior to the sale of the business to Tokwiro in October 2006." Tokwiro also announced that it was pursuing its legal options regarding the incident.
In addition, Tokwiro announced that a software audit conducted by independent firm Gaming Associates, hired by the KGC, confirmed that the hidden software has been permanently removed, and that games on the site are now fair.
In discussing the investigation, Tokwiro stated that they became aware of the hidden software vulnerability in February of 2008, after being alerted of the suspicious results of the "NioNio" account the month prior. After determining that unfair play had occurred, Tokwiro then began a four-pronged investigative effort. Those four points:
1. To permanently remove the ability to engage in unfair play;
2. To complete its investigation and come to a full understanding of what occurred;
3. To refund the affected customers; and
4. To implement measures that prevents future incidents.
Here's how the investigative timeline unfolded:
• January 2008: UltimateBet is alerted to suspicions of unfair play on the part of the account "NioNio". Within 24 hours, UltimateBet contacts the KGC to provide formal notice that UltimateBet has initiated an investigation of the incident. UltimateBet subsequently forwarded a copy of all related data to the KGC.
• January 2008: The "NioNio" account and related accounts are suspended pending further investigation.
• February 2008: Preliminary findings indicate abnormally high winning statistics for the suspect accounts. After discussions with the KGC, UltimateBet engages third-party gaming experts to assist with the analysis.
• February 2008: Investigators confirm that the suspect accounts are associated with individuals who had worked for UltimateBet under the previous ownership.
• February 2008: UltimateBet discovers the unauthorized code that allowed the perpetrators to obtain hole card information during live play. The code was part of a legacy auditing system that was manipulated by the perpetrators of the fraud.
• February 2008: UltimateBet immediately removes the unauthorized code and works with the KGC and with third-party auditors to verify that the security hole has been eliminated.
• March 2008: Six player accounts are confirmed to have participated in this scheme. No accounts were deleted at any point, although some account names were changed multiple times. The following account names are known to have been used in the fraudulent activity: NioNio, Sleepless, NoPaddles, nvtease, flatbroke33, ilike2win, UtakeIt2, FlipFlop2, erick456, WhackMe44, RockStarLA, stoned2nite, monizzle, FireNTexas, HeadKase01, LetsPatttty, NYMobser, and WhoWhereWhen.
• May 2008: The investigation confirms that the fraudulent activity took place from March 7, 2006 to December 3, 2007.
• May 2008: Gaming Associates certifies that the software code that enabled unfair play was removed from UltimateBet servers in February of 2008.
• May 2008: Customers affected by this incident are identified, and plans for corrective action are reviewed with the KGC.
The lengthy statement then concluded with a detailed list of corrective actions taken to ensure that this or similar episodes will never again occur on the site. From the official Tokwiro statement:
• The security hole identified in UltimateBet's investigation has been permanently eliminated.
• UltimateBet is establishing a state-of-the-art software Security Center that consolidates and greatly enhances existing security capabilities. The first release of the new Security Center focuses solely on the immediate detection of abnormal winnings. Gaming mathematicians, poker professionals, and security software developers have all contributed to the specifications for the new Security Center.
• UltimateBet customers are no longer permitted to change account names unless they have suffered abuse in chat rooms. Requests for changes must be supported by proof of abuse and must be approved by the Chief Compliance Officer.
• In addition to its existing security department, UltimateBet has established a new specialized Poker Security team of professionals dedicated to fraud prevention.
• The refund process will begin immediately. The accounts associated with fraudulent activity did not use an unfair advantage in all play sessions. Regardless, UltimateBet is refunding all losses to these accounts.
• Accounts related to the fraudulent activity have been disabled, and the individuals associated with those accounts permanently banned from the site.
• UltimateBet has worked closely and transparently with its governing body, the KGC and its designated expert auditors, to determine exactly what happened, how it happened, and who was involved, and has taken action to prevent any possibility of this situation recurring.
• Tokwiro is pursuing its legal options in regard to this incident.
In concluding its formal statement on the investigation, the company said this: "We would like to thank our customers for their patience, loyalty and support, as well as for their understanding that we are doing everything we can to correct this situation. The staff and management of UltimateBet are fully committed to providing a safe and secure environment for our players, and we want to assure customers of our unwavering resolve to monitor site security with every resource at our disposal."