A reputable poker software news site is reporting that a software company has allegedly been able to decipher the latest innovation by the online poker site Bodog – their “anonymous” table option – and is offering this information to the public.
Earlier this month, Bodog became the latest company to introduce these tables, which identify players only by individual numbers instead of a traceable name. The innovation has led to some criticism from players, especially those who use Heads-Up Displays, track their performance through programs like PokerTracker and who track their opponents as well. In the article written by David Huber on PokerSoftware.com, HH Smithy, a company that sells bulk hand histories to online players and attempts to determine what online poker sites learn about the players, reports that they have allegedly figured out how to break the “anonymous” nature of the tables.
In a post on the HH Smithy blog entitled “Security Through Obscurity,” the site contends that Bodog said that their version of the “anonymous” tables couldn’t be cracked. The organization took it as a challenge when a Bodog representative stated on TwoPlusTwo, “Bodog NEVER sends (player) information to the tables, there is NOTHING to intercept. That information stays on the server side for reporting and security.”
HH Smithy, who also allegedly was able to crack the PartyPoker version of an “anonymous” table system through allegedly using similar methods at Bodog, states that it took them less than three hours to hack their way through the data and make the “anonymous” players identifiable.
According to HH Smithy (and in layman’s terms), Bodog basically sends data through its system to the user’s computer, so that the systems will interact correctly (AKA, play poker). HH Smithy alleges that Bodog doesn’t encrypt this information at all and instead depends on the possibility that the user will not analyze this information in depth. If a user has some knowledge of computer coding, then the information that is transferred to the tables can be cracked.
The website reports that this is a common mistake by companies, even those with a tremendous amount of expertise in the field. The recent PlayStation Network hacking – where critical data regarding players’ personal information was hacked – is an example that HH Smithy compares the Bodog situation with.
For a website with a short history, HH Smithy has been able to attack many of the popular online poker sites in the industry. In addition to their alleged Bodog and PartyPoker “anonymous” table cracking, they have also claimed to point out security issues at the former site Full Tilt Poker, which allegedly picked up a user’s Windows Product Key. The product key is used to activate an owner’s version of Windows; if this is stolen and used by others, Microsoft can disable that (and your) usage of Windows remotely at the minimum, even though you haven’t done anything wrong.
TwoPlusTwo has been abuzz with the details of the HH Smithy announcement since December 5 – when the original HH Smithy blog piece was written – with many players concerned about the security issue. Several posters on the boards have put up a response template from Bodog that stated, “As per the anonymity of our Poker tables, for the vast majority of our players, they will not know who they are playing against as they can’t see a screen name or account number while at the tables; however, if someone wants to and has the technical skills to develop the software you saw on the forum they are able to…we are confident this will only be pursued in very isolated cases between now and a future upgrade which will prevent it from working.”
As of today, several players have reported that the “future upgrade” from Bodog that would correct this situation has yet to be created.
