ARTICLE

Investigating Gaming Fraud: The Hustler Casino Live Scandal

How does one go about investigating a public incident that has divided the world poker community, involving conspiracy theories, accusations, and an unknown range of technologies?

This is exactly the challenge BULLETPROOF™, a GLI company was facing when they were contracted by Hustler Casino Live (HCL) to investigate one of the most controversial Poker Hands of all time. During a real money game live stream, $134K was lost in one hand between top cash player Garrett Adelstein and Robbi Jade Lew. The controversy took the poker and media world by storm. Conspiracy theories emerged immediately, including comparisons to the Chess cheating scandal, accusations of HCL employees, and advanced snooping technology being used. To make matters worse for HCL, it was quickly discovered by Hustler Casino that an internal HCL employee was stealing from the players and had a previous history with the law.

HCL is ran by High Stakes Poker Productions and operates at the Hustler Casino in Los Angeles.

If you are not familiar with the HCL scandal, you can find information here.

So back to the question, how does one go about this and why was Bulletproof selected? The answer: hire a hacker. A White Hat Hacker to be more specific. White Hat hackers tend to steer around known academia and rules for most projects when all else fails. Cheat, go outside the box, break the rules (with permission, of course), and obsessively exhaust all possibilities. Enter Bulletproof’s Security Research and Development department, an arm of our Information Security Services practice. To catch and prevent cheating, one must think like a cheater.

Article Sections

Article Sections

The Three Objectives in the Hustler Live Investigation

This type of investigation had never been done before, and it was a challenge to take on the task blindly without prior experience with HCL’s setup. Fortunately, Bulletproof’s team was up to the task. The objectives of the project were:

  1. Discover if there was any cheating.
  2. Determine all the ways there are to cheat.
  3. Develop methods to prevent cheating.

The one certain and common way of cheating with poker is having knowledge of the cards. Whether it’s the cards other players have or will have, or what is going to be the result for the player at the end of the game when the river card is presented.

The main theory of how this hand had been pulled off was that the player had knowledge of her opponents’ cards through signaling from an employee in the production booth or a device, such as an RFID card reader, on her that gave her the knowledge.

RFID Card Image

An RFID card is a credit card-sized card that is embedded with an antenna or transponder that allows it to receive, store, and transmit information via radio waves.

The standard investigating procedure for our gaming clients typically involves specialized forensic software for analyzing servers and desktops, analyzing logs, and more. Something that is covered by certifications and academia very well and follows a written procedure. However, to investigate a wide variety of ways to cheat, including radio signaling devices, rigged card shufflers, and capturing RFID playing cards remotely, not to mention unique methods never thought possible, the tactics are not covered in any books or classes. This is where a White Hat Hacker comes into play, and this is what separates Bulletproof from others in the gaming industry. Our Security Research Division has diverse expertise not only in gaming but in dealing with the new, the unknown, and a wide range of technologies.

One of the most popular theories as to how Lew pulled off this controversial win was that the RFID playing cards were being read by the player through her ring or water bottle on the table. This is where our investigator, Principal, Security Research & Development, Scott Melnick began, and one of the first theories he debunked. Read on to learn more, in Melnick’s own words.

The Investigation

One of the services we perform at Bulletproof for all types of clients is physical penetration (pen) testing against one method of sneaking into buildings where employee RFID access badges are captured with a special cloning device. One such device that is currently making news headlines is the Flipper Zero and of course, the poker community latched onto that instantly. Going into the investigation, I knew this wasn’t possible.

Why? Reading RFID, specifically the MiFare Ultralight that the poker cards used, takes a very close proximity of around 10cm to capture. But when the stakes are this high and the scandal this public, just knowing this information is not enough. For a public report that will reach thousands of viewers, a scientific method must be used.

With the scientific method, I must not only research what I know to be true but research counterarguments as well.

Scientific Method Workflow
The workflow of testing via Scientific Method.

In this case, my theory, based on previous experience, that this wasn’t possible was true. To prove it, I needed to discover what it would take to make it true. I researched Radio frequency science papers, talked with fellow hackers who design antennas, watched other security researchers’ previous presentations, and experimented with equipment. After my results supported all hypotheses, I marked the use of an RFID card off the list and moved on to other theories.

A short example of some of these tests and methods I had to think about almost read out like a MythBusters[1] show, such as:

-From what distance could I capture the player cards?
-What would it take to capture cards from where the player was sitting, and what was that distance?
-What would it take to hide a reader device in a water mug?
-Could one build wearable jewelry that could read RFID signals?
-What kind of technology or setup would it take in general to capture the cards at all?

[1] Mythbusters, developed by Peter Rees, Beyond Television Productions (2003-2016)

HCL_RFID-testing
Testing RFID Capture distance.

The Outcome – Was Robbi Jade Lew Cheating?

After a thorough analysis of many different possible ways cheating could have been accomplished, and after reviewing all the data from standard forensic images, and investigating hypotheses on strange ways to cheat, and even some new ways he discovered were possible, Melnick could not determine conclusively if cheating occurred. He issued a report summarizing his findings and outlining a course of action for HCL to further tighten its security controls and broadcast booth.

READ THE FULL REPORT

Bulletproof has more than 20 years of experience securing the gaming and lottery industry. Our Research and Development department handles cases such as catching and investigating internal fraud, examining foreign electronic devices found in your organization, software and hardware reverse engineering, and testing advanced security. As stated in the HCL report, “With security practices and policies, there should always be a balance between security and usability.” The experts at Bulletproof are here to help you find that balance. To learn more about how Bulletproof can help you with these projects, complete the contact form below.

Why Bulletproof?

BULLETPROOF CREDENTIALS

  • Microsoft 2021 Global Security Partner of the Year Winner.
  • Microsoft Solutions Partner for Modern Work + Security, specializing in Threat Protection and Cloud Security, and Digital &  App Innovation Azure.
  • Decades of technology, compliance, and security knowledge serving various industries of all sizes​.
  • We work with top gaming organizations, lotteries, U.S. Tribal Nations, government and local organizations, etc. across the globe. ​
  • Users on six continents trust Bulletproof to strengthen their IT & security posture.
  • Two State-of-the-art 24/7 Security Operations Centre (SOC) in North America.
  • Our security professionals hold industry-recognized certifications, including ISO/IEC 27001, WLA-SCS, CISSP, CISA, CEH, CPT, OSCP, and PCI-QSA.​
  • Awarded GSA Multiple Award Schedule (MSA) with holder of Highly Adaptive Cybersecurity Services (HACS)​.
  • Member of the Microsoft Intelligent Security Association. 

Microsoft Solutions Partner Logo White Transparent

“These remarkable partners have displayed a deep commitment to building world-class solutions for customers—from cloud-to-edge—and represent some of the best and brightest our ecosystem has to offer.”

-Rodney Clark, Corporate VP, Global Partner Solutions, Channel Sales and Channel Chief, Microsoft

Share This

Call Us

1.866.328.5538

© 2024 BULLETPROOF, a GLI Company