pres.ppt vancouver2 - North American Gaming Regulators Association

Virtual Villainy:
Cyber-Fraud, Cyber-Extortion and the
Internet Gambling Environment
John McMullan, PhD
Saint Mary’s University
Vancouver, British Columbia, 2010
Background and
Internet Gambling
• Internet Gambling is Big Business (14 years)
• Economic value = “20 billion” or 5% of overall Gambling Market
• As of July 1, 2009 there were 2296 internet gambling sites owned by
619 companies, operating in 69 different jurisdictions
• Top 5 jurisdictions are: Malta (338 sites), Netherland Antilles (297
sites), Kahnawake Mohawk Territory (240 sites), Gibraltar (225 sites)
and the UK (96 sites)
• Revenues come mostly from Europe (44%), North America (35%) and
Asia (11%)
• Regulation of industry is local, haphazard, and uneven.
– Prohibition, Permitted & Hybrids
• Online Crime has emerged in the shadows of regulatory absence,
diversity, uncertainty, and confusion
Background (ctd)
• Yet only a few select studies of computer hacking and gambling
(McMullan and Perrier, 2003, 2007a, 2007b) cyber-extortion and
Internet gambling (McMullan and Rege, 2007; Paulson and
Weber, 2006), organized crime and Internet gambling (CERT
LETSI, 2006), Internet gambling fraud (Griffiths, 2010), poker
fraud (McMullan, 2010) and cybercrimes at online gambling
habitats (McMullan and Rege, 2010)
Types of gambling fraud on the Internet:
(1) Non Payment of Winnings Fraud
•
•
•
•
•
•
Perhaps the most commonly reported
(a) sites take gamblers’ money
Refuse to pay out winnings
Pays out only a portion of winnings OR
(b) sites create gambling systems that are ‘tight’
So little chance of consumer success because the redistribution
“pay out” is very low
• When player complains or desists from play, monies in their
accounts are withdrawn and not returned (Griffiths, 2010)
• [i.e. GlobalSport.com, Fallons, Bingo World]
(2) Lottery Fraud
• Emails inform persons saying they are lottery winners via random
computer ballot system and told to reply to collect winnings.
• Victim answers asking for more details on how to proceed.
• Scammers answer by asking for personal and financial information
from winners such as bank accounts, driving licenses, proof of identity
documents and promise payment of winnings pending verification.
• The victims provide the required documents.
• The scammers “check identity” but require that the winner s pay
‘unlocking fees’ for legal, administration and bank transfer costs and
taxes on winnings.
• In order to prove their “trustworthiness” they send the victim s a
lottery certificate or similar fake document.
• The victims send the required money through Western Union or
similar payment options.
• However no lottery winnings are ever awarded.
• Secondary crimes then result if information is provided – theft of
identity, credit card fraud, stealing from bank accounts (Cert Lexsi,
2006; Griffiths, 2010; McMullan & Rege, 2010)
• [i.e. Canadian Lottery Scam, British Lottery Scam, Max Lotto].
WINNING NOTIFICATION:
We happily announce to you the draw (1155) of the U.K. NATIONAL
LOTTERY, online Sweepstakes International program. Your e-mail address
“Attached to ticket number:” 56475600545188” with Serial number” 5368/02”
drew the lucky numbers: 12.17.21.25.31.37. [30] Bonus Ball which subsequently
won you the lottery in the 1st category i.e. match 5. You have therefore been
approved to claim a total sum of £4,000,000.00 (Four Million Pounds Sterling) in
cash credited to file “KTU/9023118308/03.” This is from a total cash prize of
£12,000,000.00” shared amongst the (3) lucky winners in this category i.e. Match 5
plus bonus. All participants for the online version were selected randomly from
World Wide Web sites through a computer draw system and extracted from over
“100,000” unions, associations and corporate bodies that are listed online. This
promotion takes place weekly. To file for your Claim please contact our fiduciary
agent, Catherine Nola (Mrs.) Email: nola107@jmail.co.za
Sincerely,
U.K. NATIONAL LOTTERY Member Services
Sweepstakes International Program
NORRIS WARNER
Warning! Fraudulent emails are circulating that appear to be using
National Lottery addresses but are not from The National Lottery.
PLEASE REPORT IMMEDIATELY
Copyright ©1994-2008 U.K.Sweepstakes Lotto Inc. All rights reserved.
(3) Phishing Fraud
• Create fake gambling sites.
• Steal existing website designs, graphics, logos, winners pages,
testimonial pages, etc.
• Forge copies or reproduce replicas that mirror bona fide sites.
• Distribute the “fake” as the “real” on the Internet.
• Recruit gamblers on to fake sites and relieve them of money and
personal data via deceptive malware and DNS attacks that either
trick players by fraudulent messaging or place malicious code on
their computers to obtain confidential information without user
consent.
• Secondary crimes may result such as identity theft, stealing from
bank accounts, and selling stolen data to organized crime groups
(Cert Lexsi, 2006; McMullan & Rege, 2010).
• [i.e. Beton Sports, Euromillion Espana Lottery, Party Poker]
Phishing Screenshot
(4) Toolkit and Software Fraud
• Involves AI and software packages that claim to provide players
with an “edge” when they gamble so that they can consistently
win money at casino, sport betting, and poker sites.
• Some are “retrospective” showing consumers “what could have
been won” if they purchased the betting software, others are
“prospective” encouraging consumers’ to buy software or “bots”
as tools to out compete other players in live action.
• These tools require up front cost and ongoing fees for tutorials,
bug fixes, auto-resizing and upgrades.
• They are, however, unlikely to live up to their advertising claims,
because it is not possible to predict the outcome of events such
as horse racing with certainty and because the AI technology is
not yet sophisticated enough to beat anyone but inept gamblers
(McMullan & Rege, 2010).
• [i.e. Smoke-Poker, Hold’em Genius,
Rake tracker, Poker Sherlock, Cheat on
Poker]
(5) Incentive and Inducement Fraud
• Almost all online gambling sites offer incentives and inducements to
get gamblers on their sites and retain them. [i.e. sign up and deposit
bonuses, refer a friend commissions, affiliate program benefits, reload
bonuses, stay and play bonuses based on rate of play, prize guarantees,
etc]. Three patterns prevail:
• Refusal to honour bonus pledges because the site is ‘fly by night’.
• Refused to honour bonus pledges because a site claims “bonus abuse”
by consumers [i.e. signing up for many bonuses using multiple
accounts], knowing that their refusal to pay will have no consequences
for the site because they are in an ungovernable environment.
• Refusal to honour bonus pledges on the grounds that actively targeted
and “banned gamblers’ were just that “banned”, after making their
deposit and usually playing it, they are told they are ineligible for
bonuses because they are on a list of banned players (Griffiths, 2010).
(6) Cheats at Play Fraud
•
•
•
•
•
Occurs in the course of play at online sites.
Entails players or/and providers as offenders or/and victims.
Involves an act of deception, trickery, imposture or imposition.
May apply to the breaking of rules or/and the breaking of laws.
Deployed to create an unfair advantage, usually in one’s interest and
often at the expense of others.
• Typically includes:
– (a) player collusion with players using instant messenger or Skype
to share card information in real time play or setting up multiple
gambling account manipulation that gives them advantages over
other players;
– (b) Seat Selling with one player selling his seat to another more
experienced player in a tournament to give them an edge against
other players;
Mizzi & Vaughn
– (c) insider cheating with a person with trusted access to the system
(i.e. an employee, manager, security consultant, former owner, etc)
using their position or prior knowledge to play poker themselves
or/and in collusion with others to gain an unfair advantage by using
software that allows him/them to set up “monster audit accounts” so
that he/they can see their opponent’s cards in real time action;
– (d) hacking adware or malware propagation where hackers probe site
software for vulnerabilities related to RNGs or shuffling algorithms
and develop programs to exploit flaws so that they can unlock them
and predict winning outcomes in advance for their advantage
• [i.e. The Void, Vaughn-Mizzi, JJ Prodigy Field, Absolute Poker, Planet
Poker, Crypto Logic].
• The above forms of gambling fraud on the internet are not necessarily
mutually exclusive. Just as a drug dealer might rely on
telecommunications equipment to facilitate organized trafficking so too
can one steal or illegally intercept information and communication
services at a gambling site to “spoof” it online or to hold it to ransom.
Computer-related fraud at gambling venues may be compound in nature,
combining two or more of the generic forms outlined above (McMullan,
2010; McMullan & Perrier, 2007b; McMullan & Rege, 2010; Arkin et al.,
2008).
Cyber Fraud at the portals of poker play
Context
• Site owned by Tokwiro Enterprises and regulated by the Kahnawake
Gaming Commission (K.G.C.) in the Kahnawake Mohawk Territory in
Canada
• AbsolutePoker (A.P.) was initially licensed by the regulator in 2001
• Shortly after licensing, a programmer working for A.P. registered a
stealth account #363
• #363 was designed to oversee the integrity of games and ensure fair
distribution of winnings
• At the same time industry insiders also set up 4 additional ‘secret’
accounts Greycat, Steamroller, Double Drag and Potripper which they
used to play on at the site
• Programmers, who were hired to upgrade the software in 2007 when
Tokwiro took over ownership of A.P., discovered these 5 accounts,
changed the passwords on 4 of them and opened up a new account
#363 on a different computer
• Shortly thereafter these 5 accounts evinced a pattern of regular but
curious play, (i.e. wins but no cash outs and almost always losing to
particular players at the same tables)
Discovery
• Players grew suspicious [the blogs, forums and chat rooms were buzzing]
and on September 17, 2007 a player by the screen name of Crazy Marco
claimed he was cheated by Potripper in a tournament
• He requested a hand history of final table and learned that Steamroller,
Double Drag and Greycat who were at the table along with Potripper were
apparently suspended
• On September 21, Crazy Marco received a 10 M.B. Microsoft Excel
Spreadsheet “by mistake” that contained all players hand history, hole card
data and IP addresses
• When the “player community” [Two Plus Two Poker Forum] analyzed the
data they discovered
– #363 was a spectator at every game played by Potripper
– Potripper appeared to have prior knowledge of other players cards as
evinced in his pre-flop betting behaviours
– Potripper’s email address was cross-referenced to a cable modem in
Costa Rica originally owned by a previous part owner and former
executive of A.P. and traced to a former Director of Operations at A.P.
– The mail server on the IP address was traced to Absolute Entertainment
S.A. located at the data centre owned by Mohawk Internet Technologies
•
•
•
•
•
– Within two hours of this web revelation the domain server for the
email address was deleted from the web
Despite the apparent ‘insider’ connections, A.P. insisted that none of the
identified agents now worked at A.P. and no one can see the hole cards
and thus there is no super-user account responsible for fraud
In October A.P. stated that their security algorithms were not
compromised
Several days later they admitted an “internal security breach” caused by a
rogue employee but that had been quickly fixed
The “player community” was incredulous and posted online tables,
diagrams and statistical models that showed that the win rate for Potripper
was 100 times faster than a good player could reasonably win (McMullan,
2010; Leggett, 2008).
The scandal became publicized in mainstream
media such as CBS News, ABC News, MSNBC
and several simulations replaying the cheating and
fraud were posted on YouTube where it was viewed
by hundreds of thousands.
Investigation
• After much online shaming, ridicule and derisory speech, the K.G.C.
agreed to investigate the situation at A.P. and provide copies of their
findings to PocketFives and BluffMedia poker forums
• In November 2007, the K.G.C. released a report and in January 2008 they
released a final report based on audits conducted by Gaming Associates
• The reports revealed:
– Fraud had occurred and involved persons who had internal positions
with AP
– $1.6 million had been fraudulently taken from consumers
– 9 AbsolutePoker accounts were used to cheat players in real time
action
– The modus operandi was to use hole card information to fraudulently
win large amounts of cash and then collude with trusted accomplices
to deliberately lose winnings to them to transfer funds to minimize
suspicion and evade discovery
– The main perpetrator was a high ranking trusted consultant with
access to Absolute Poker security systems
Sanctions
– AbsolutePoker was ordered to
refund the $1.6 million to consumers
– Decommission the 9 accounts
– Implement a new compliance system
– Pay a $500,000 fine as well as the costs
of the audit and investigation
– Post a security deposit for 2 years
against any further breaches
– Names of offenders never released
– No further legal action taken
against fraudsters
– Private Justice model
(KGC, 2008a)
Cyber Fraud at the Portals of Poker Play
Context
• While Tokwiro and the K.G.C. were struggling to manage the A.P. fraud
scandal, another player-driven discussion thread was growing in early
January on several poker forums alleging fraud at Ultimatebet (U.B.) also
owned by Tokwiro and regulated by the K.G.C.
• The software code at the central of this dispute was developed by
IELogic in the late 1990’s with the help of several high stakes poker
players.
• Shortly thereafter IELogic sold their software to Excapsa and the U.B.
trademark was registered to eWorld Holdings, an Antiguan company that
the K.G.C. licensed in March 2001.
• In 2004, Excapsa was formally established to hold rights of the software
used by U.B. and in February 2006it went on the stock exchange with
40% of its shares held by industry insiders, chiefly the original founder of
IELogic who was also an on-going owner of e-World Holdings.
• However, because of U.S. prohibition of online gambling Excapsa quickly
sold its assets to Blast-Off Ltd., a privately owned license based in Malta.
But the majority of Excapsa’s assets in the sale were deferred to Tokwiro
Enterprises and for all intents and purposes Blast-Off Ltd and Tokwiro
were the same company
• At about the same time Tokwiro acquired Ultimatebet from eWorld and in
2006 a CPA permit was issued by the K.G.C. to carry on business as
Ultimatebet with the existing software in place.
Discovery
• The fraud discovery at Ultimatebet was similar to AbsolutePoker.
• A screen account Nio Nio was accused of winning by fraudulent means.
• Two accounts trambolaine and diPnyc 21 had their hand histories reviewed
and discovered that:
– Nio Nio won 13 of 14 sessions and banked $300,000 profit in 3,000
hands of play
– Win rate was 15 standard deviations above the mean
– Win rate was equivalent to winning a one in a million jackpot 6
consecutive times
• Further investigations conducted on the behalf of players and placed
on their forums, blogs and chat rooms alleged that Nio Nio was at the
centre of several organized fraud operations that likely used secret
software to cheat consumers (McMullan, 2010; CBS News, 2008).
• The scandal became publicized in mainstream media such as CBS
News, ABC News, MSNBC and several simulations relating to the
cheating and fraud including one with Russ Hamilton were posted on
YouTube where it was viewed by thousands.
Investigation
• Surprisingly in light of the AbsolutePoker situation and pressure from
the “poker community”, neither Ultimatebet or the K.G.C. responded
quickly to the complaints.
• Finally in March 2008 U.B. revealed that 6 player accounts using 18
different virtual identities were involved in frauds that occurred from
March 7, 2006 to December 3, 2007.
• By July 2008 the K.G.C. [based on an audit from Gaming Associates]
admitted that a total of 19 super-user accounts involving 88 virtual
personas had committed fraud over 43 months of tournament action
from May 2004 to December 2007.
• In September 2009, the K.G.C. issued it final report (with the
assistance of Catania consulting and KPMG) and revealed:
– 23 super accounts using a total of 117 user names committed fraud
over 55 months of play from June 2003 to December 2007.
– The value of these frauds was believed to be at least $22 millions
U.S.
– To perpetrate the frauds, several individuals logged into U.B.
software using an “Audit Monster 2” account that allowed illicit
software to view hole cards in real time play.
– This stealth observer information, in turn, was transferred in real
time to a network of other accounts to cheat players in actual
money games.
– Screen personas of those involved in the fraud were repeatedly
changed over the years and illegal account manipulations were used
to conceal and disburse the monies and make detection difficulty.
– At least 31 individuals were involved in the organized frauds,
however, the vast majority of the computer devices, IP addresses
and screen accounts were connected to Russell Hamilton’s player
accounts who was an individual associated with U.B.’s affiliate
program and a former W.S.O.P. champion and those who
benefitted all had ties to the eWorld Holdings Group and/or
Russell Hamilton (KGC, 2008b, 2009).
• In sum, UB contravened several provisions of the Interactive Gaming
Regulations related to honest play, record keeping, disclosure of
wrongdoing, false and misleading statements to inspectors and
obstruction of the investigation
Sanctions
– Interim [September, 2008].
– Identify and compensate all players for losses.
– Pay a fine of 1.5 million dollars for not enforcing regulatory
measures.
– Disclose all daily gaming records, operation data and logs for
further inspection and audit.
– No license suspension pending further inquiry by KGC.
– Business as usual
– Final [September, 2009].
– Refund $22, 054, 351, 91 U.S. to fraud victims.
– Institute new security applications to detect anomalous winning
patterns in real time.
– Pay the costs of the commission’s investigation and
implementation of sanctions.
– Put in place additional independent testing of control systems.
– Establish improved systems for the formulation, preservation,
maintenance and storage of primary and secondary web and game
logs.
– Create new systems to protect the integrity of software platforms
and limit associations with “unsuitable situations” and “unsuitable
persons.”
– Extra oversight over daily operations.
– Stringent licensing of corporate personnel and affiliates.
– Increased ongoing audits.
– No suspension of CPA because UB was not aware of “deficiencies
in the control system” until after cheating had commenced and
because Tokwiro satisfied the obligation of showing why its license
should not be revoked.
– With the exception of Russ Hamilton, the names of the 31
offenders and their connections to EWorld Holdings have not
been released to the public.
– Civil action taken against Excapsa software company by Tokwiro,
but no criminal actions yet taken against offenders.
– Private justice model (KGC, 2009)
• Taken together, the fraud teams at AP and UB evinced the following
criminal organization characteristics:
– Organized activities as working trades.
– Establish set routines for fraud.
– Worked in “teams” as part of larger network of participants
including “insiders” to the industry and player accomplices.
– Anonymity, impersonation and use of multiple digital doubles.
– Small “takes” over long periods of time.
– Efficient Modus Operandi
• Expertise
• Opportunity
• Role specialization
• Leadership
• Endurance
– Managing risk with victims
– Modus Vivendi with law enforcement.
Cyber-Extortion and the Sportbook Sector
• What is cyber-extortion?
– Real or threatening actions
– Combines computer intrusion, modification of data, insertion of
viruses and social engineering
– Purposes of unlawful economic gain
• Why Cyber-extortion and Sport Betting?
– Opportune and suitable targets
• Volume
• Value
• Access
• Visibility
• Size
– Motivated offenders
• Hackers underground
• Anonymous, constant involvement at a distance
• Remote proximal presence
•
•
•
•
•
Queer ladder of social mobility
Technological challenges
Odd moral virtue
Industry insiders with grudges and desires for illegal gains
O.C. groups
– Capable guardianship
•
•
•
•
Online netizens
Private police
Technological security
Public police
• Criminal techniques
– Botnet loading on thousands of computers
– Zombie army staging – tactical and strategical calibration of virtual
weaponry [days, weeks, months]
– Botnet herding into swarm forces
– Ddos attacks
– Disable or disrupt igambling sites
– Consume all disk space or CPU time
– Violate traffic bandwidth capability or/and physical network
components
– SYN attacks, for example, create ‘bogus connection results’ and
swamping of sites by fake traffic
– SMURF attacks, for example, send ‘IP ping packets’ or ‘echo my
messages back to me requests” that literally flood sites against
themselves (Paulson and Weber, 2006; McMullan and Rege, 2007)
– Digital shakedowns
•
•
•
•
•
•
•
•
•
•
•
Threats often at peak earning times
Awful examples to show force of technology
Collection of ransoms or protection money
$40,000 U.S. usually the take
Over $70 million in overall damages to British ‘bookmakers’
in 2004 alone
Electronic transfer of ransom funds via Western Union
packets or banking networks such as the Hawallah network
controlled by bankers in Pakistan, the U.A.E. and Egypt
Laundered via a maze of shell transactions that are difficult to
follow and discover
Laundered through phishing sites
Back to business as usual
Return of the cyber-extortionist
Global victimization
• Criminal Networks.com
– Global Reach
– Division of Labour
• Organizers
• Extenders
• Executors
• Money movers
• Crossovers (McMullan and Rege, 2007)
• Motives and Associations
• Capital accumulation
• Moral virtuosity
• Economies of scale – moderate expenditures, project partners,
and crime advertising
• Age and Gender
• Remote Recruitment
• Virtual friendship and trust
• Transitory alliances
• Criminal Structure
• Horizontal “Patron – Client” network structure
• Business Model of ‘Loose Partnerships’, informal remote
controls of members
• Competition and Freelancing
• Nodal Sub-networks and Autonomy
• Vulnerability and Replenishment
• Limited Sub-network Hierarchy
• Absence of centrality of power
• Mafias of the Minute
• Criminal Organization as Rhizome (McMullan and Rege, 2007;
Brenner, 2002)
Order Maintenance Agencies
Type of Policing
Population affected
Remedies
Internet users/user groups
(community)
All gambling users and
providers
Shaming, moral censure,
ridicule, lobbying
Network infrastructure
(I.S.P.) (private)
Paying clients
Withdrawal of
connections/service
Corporate Security (private)
Private customers
Account lockdowns/
withdrawal of service,
Contact ISPs to ban
Non-government non police Gambling users/providers
hybrids bodies (Territorial
in specific territorial regions
Regulatory Commissions)
Suspensions, withdrawal of
participation, regime
changes, financial sanctions,
compensation
Government funded
regulatory agencies (State)
All gambling
users/providers
Suspensions + withdrawal
of licenses, financial
penalties/civil or criminal
actions
Government-funded public
police (State)
All gambling users and
providers
Criminal prosecution
Concurrent Cyber-conundrums & iGambling
Scenario 1 – Small impact multiple victimization, impact is small on
individuals , yet collective impact on organization or industry is considerable–
result is often under-reporting of cyber crimes and management of them by
user groups. “Netizen justice model”.
Scenario 2 – Serious crimes are being committed against individuals or
businesses at internet sites but many are financial crimes akin to white collar
crimes and are resolved within a “private justice model” – no reporting and
do not appear in crime stats.
Scenario 3 – Serious crimes are targeted by public police bodies in law and
order campaigns that are often motivated to set “awful examples” – distorts
the nature of gambling-related cyber crime to criminal enterprises rather than
“empowered loners” or “dot-con teams”, “Criminal Justice model”.
* In reality the Internet is characterized by “a complex assemblage of
governance” that tries to work together as a functional entity but does not
necessarily have any other unity.
Gaps of Governance
• Ubiquity of Laws within and between nation-states.
– Imprecision of national and international law
– Under-reporting and legal minimalism
– Safe-havens and jurisdiction gaps (Brenner, 2007; McMullan &
Rege, 2010)
• The consumer –user and Netizen justice in virtual order maintenance.
– Re-integrative shaming and the issues of anonymity, ephemeral
interaction and disinhibition in the online environment.
– Disintegrative shaming, public ridicule, derisory speech,
humiliation and emotional abuse (Wall & Williams, 2007).
• Private Corporate Security and virtual order-maintenance
– Technological securitization via commercial opportunity reduction
remedies such as anti-virus software, intrusion detection systems,
fire-wall technologies, patch and configuration mal-ware protection
and recovery systems, anomaly detectors and filter guards,
diversionary tech boxes, and encryption, etc.
– Technological securitization via proactive search and destroy
remedies such as master-slave traffic scanning, zombie detection,
bot dissection, herding the herders, and finger print alliances and
profile sharing.
Gaps of Governance (ctd)
–
–
–
–
–
–
–
Undercover sting operations
Costly self-regulation, survival of the fittest
Global patchwork
Absence of industry wide security
Persistence of vulnerability
Information entropy
Cyber Warfare, dialectic dance of security and subversion
(McMullan & Rege, 2007; Wall, 2007; 2010)
• Problems of multi-lateral policing in online environments
–
–
–
–
Legal definitional variation
Legal definitional imprecision
Absence of international legal norms for cyberspace
Uneven legal interest in cyber crime and gambling
(Graycar, Grabosky & Tailby, 2001; McMullan &
Perrier, 2007b; McMullan & Rege, 2007; Wall, 2007)
Gaps of Governance (ctd)
• Fissured structures of State Law enforcement in online contexts
–
–
–
–
–
–
–
–
Interest and capacity to act
Bureaucratic circumspection
Speed of crime versus speed of law
Complexity of search and seizure, evidentiary materials &
computer data
Resource constraints
Technological expertise limitations
Police occupational culture restraints
Trans border issues and jurisdictional
overlaps (Brenner, 2007; Jewkes &
Andrews, 2007; McMullan & Rege,
2007; Wall, 2010)
Legal Challenges
• Calibrating the Rule of Law
–
–
–
–
Revise standard laws
Update laws to meet new technology
Enact new legal definitions for virtual environments
Harmonize definitions within nation states
• Harmonize Legal Matters Across Jurisdictions
–
–
–
–
Commensurate Legal definitions
Shared Licensing agreements
Evidence Admissibility agreements
Calibrate On-site audits/inspections
Legal Challenges (ctd)
• Enhancing Extra-Territorial Policing
–
–
–
–
–
–
–
–
–
–
Empowering search and seizure of electronic evidence
Transaction data sharing
Powers of interception
Reframing the limits of warrants, evidence and protocols
Regulating ISPs
Trans-border agreements
Overcoming resource restraint
Privacy, control and digital dancing
Unified Legal Permissions
Harmonize policing standards re: search & seizure, intangible
data, warrants, notifications, and storage of evidence
– Calibrate judicial approvals for the management and
execution of intercepted data and decrypted data so as to
permit wide use in multilateral contexts
Legal Challenges (ctd)
• Improving ‘market solutions’ to cybercrime
– Rationalize private solutions to all
– Extend & develop relations between public and private security
– Create industry-wide benchmarks for cybersecurity that are costeffective and applicable to all
– Determine the security investment calculus
– Security at the speed of thought
– Establish new modified legal environments to galvanize better technical
preventative market-driven crime solutions
– Combine market victim solutions with legal action
Legal Challenges (ctd)
• Protecting Consumers
– The precautionary pendulum
– Product certification
– Risk aversive gambling
• Protecting the design, functionality and integrity of websites
• Protecting actuarial processes [proper payouts, odds of
winning, security of games]
• Enabling adjudication processes to resolve disputes
– Protecting the personal [data surveillance by industry or
government]
– Responsible gambling acts?
Thank you
Questions?
John McMullan, PhD
Saint Mary’s University
References
American Gaming Association (2006). Gambling and the Internet: The
A.G.A. Survey of Casino Entertainment. Washington, D.C., American
Gaming Association.
Arkin, B, Hill, F, Marks, S, Schmid, M, Walls, T.J, & McGraw, G. (2008).
How we learned to cheat in online poker: A study in software security.
Retrieved June 1, 2010 from
http://www.cigital.com/papers/download/developer_gambling.php.
Brenner, S. W. (2002). Organized Cybercrime? How Cyberspace May
Affect the Structure of Criminal Relationships. North Carolina Journal
of Law & Technology, 4(1), 1-41.
Brenner, S.W. (2007). Cybercrime: re-thinking crime control strategies in
Y. Jewkes (ed) Crime Online. Cullompton: Willan, (pp. 12-28).
CBS News. (2008) How Online Gamblers Unmasked Cheaters. Retrieved
June 21, 2009 from
www.cbsnews.com/stories/2008/11/25/60minutes/main.
(CERT-LEXSI) Computer Emergency Response Team - Laboratoire
d'Expertise en Sécurité Informatique (2006). Online Gaming
Cybercrime: CERT-LEXSI’S White Paper, July 2006.
Global Betting and Gaming Consultants (2008). CBGC Online Gambling
Data Report 2007.
Graycar, A., Grabosky, P. & Tailby, R. (2001). Global and Regional
Approaches to Fighting Transnational Crime. Australian Institute of
Criminology, 1-19. Canberra, Australia.
Griffiths, M. (2010). Crime and gambling: A brief overview of gambling
fraud on the internet. Internet Journal of Criminology, 1-7.
Jewkes, Y. & Andrews, C. (2007). Internet child pornography:
International responses. In Y. Jewkes (ed), Crime Online. Cullompton,
Willan Publishing, (pp. 60-80).
(KGC) Kahnawake Gaming Commission (2008a). In the Matter of
Absolute Poker: Investigation Regarding Complaints of Cheating (May
29) Kahnawake Mohawk Territory.
(KGC) Kahnawake Gaming Commission (2008b). Kahnawake Gaming
Commission Imposes Sanctions on UltimateBet with Regard to
Cheating Incidents (September 29) Kahnawake Mohawk Territory.
(KGC) Kahnawake Gaming Commission (2009). In the Matter of
Tokwiro enterprises EWRG, carring on Business as Ultimate Bet
investigation regarding complaints of cheating. (September 11)
Kahnawake Mohawk Territory
Leggett, P. (2008) Statement for 60 Minutes: Cheating Scandals at AP and
UB. Retrieved June 10, 2008 from
http://www.washingtonpost.com/wpsrv/investigations/poker/documents/tokwiro-statement-112508.pdf.
McMullan, J (2010). Virtual villainy: Poker fraud, order-maintenance and
the security of gambling habitats. In progress.
McMullan, J. & Rege, A. (2007). Cyberextortion at Online Gambling Sites:
Criminal Organization and Legal Challenges. Gaming Law Review,
11(6), 648-665.
McMullan, J.L. & Perrier, D. (2007a). The Security of Gambling and
Gambling with Security: Hacking, law enforcement and public policy.
International Gambling Studies. 7(1), 43-58.
McMullan, J.L. & Perrier, D. (2007b). Controlling Cyber-crime and
Gambling: Problems and Paradoxes in the Mediation of Law and
Criminal Organization. Police Practice and Research: An International
Journal, 8(5), 431-444.
McMullan J. & Rege, A. (2010). Online Crime and Internet Gambling.
Journal of Gambling Issues. Forthcoming.
Parke, J., Rigbye, J., Parke, A., Wood, R.T.A., Sjenitzer, J., & Vaughan
Williams, L. (2007). The global online gambling report: An exploratory
investigation into the attitudes and behaviours of internet casino and
poker players. e COGRA (e-Commerce and Online Gamming
Regulation and Assurance). Retrieved November 24, 2008 from
www.ecogra.com/Downloads/eCOGRA Global Online Gambler
Report.pdf
Paulson, R.A. & Weber, J.E. (2006). Cyberextortion: An Overview of
Distributed Denial of Service Attacks Against Online Gaming
Companies. Issues in Information Systems, 7(2), 52-56.
Wall, D. (revised May 2010). Polcing cybercrime: Situating the public
police in networks of security within cyberspace. Polcie practice and
research: An international Journal, 8(3), 183-205.
Wall, D.S. (2007). Cybercrime: the transformation of crime in the
information age. London: Polity Press.
Wall, D. & Williams, M. (2007). Policing diversity in the digital age:
maintaining order in virtual communities. Criminology and Criminal
Justice 7, 391-415.
Wood, R.T. & Williams, R.J. (2009). Internet Gambling: Prevalence,
Patterns, Problems and Policy Options. Final Report Prepared for the
Ontario Problem Gambling Research Centre. Guelph, Ontario,
Canada. January 5, 2009.
Wood, R.T.A. & Griffiths, M.D. (2008). Why Swedish People play online
poker and factors that can increase or decrease trust in poker web sites:
A qualitative investigation. Journal of Gambling Issues: 21; 80-97.