Just this week, U.S. Rep. Peter King (NY) introduced to Congress a bill that would legalize online gambling in the United States. This would harm children and families, said Chad Hills, CitizenLink gambling analyst.
Hills interviewed a computer software engineer who recently appeared before the FBI Cyber Crimes unit to show them how online gambling can be accessed by minors and easily used for laundering money. We are not releasing his name, because the FBI has asked that this person keep a low profile; with his money-laundering schemes and software, cyber-criminals could gain access to his strategy.
This engineer is greatly concerned about the vulnerability of the online gambling systems to corruption, underage gambling and criminal activity, and may be testifying before other state legislators considering online gambling.
Chad Hills: Several states are considering gambling expansion to include Internet or online gambling for additional tax revenues. But this type of gambling is much more dangerous than casino gambling. Can you explain some of the dangers this form of gambling creates?
My work over the past eight years has focused on internet poker where a player engages in gambling activity with other players. By a wide margin, poker is the most popular internet gambling game, so in my opinion, it represents the greatest threat both in terms of addictive gambling and exploitation by criminals.
Unlike in real-world, brick-and-mortar casinos, internet poker websites require players to download gambling software onto computer equipment, substantially owned and controlled by the player. In a real-world casino, poker players must be physically present in a facility under the complete control of the casino and its regulators. With Internet poker, players can be located anywhere in the world and can assume the identity of another person if they so choose.
Chad Hills: Nevada had to be first out of the gate with online gambling. They have a “safe and secure” system, they tell the public. But, is this true? If you were a criminal, could you bypass the Nevada system and launder money? Or could a computer-savvy teen access most — if not all — online gambling systems? Please explain.
The first Nevada website, ultimatepoker.com, is a simplified version of the European poker websites, which have been in operation for years, so it has the same weaknesses. The site’s operators claim to have foolproof identity and age verification procedures that are better than European systems. They require registrants to own a cell phone and work with telecommunication service providers such as AT&T and Sprint to geo-locate the cell phone. The site also employs widely-used IP address geo-location. (An ‘IP address’ is the way computer networks identify a specific computer connected to the network. One might liken it to a Social Security number for computers.)
It is just as easy for a criminal or terrorist organization to exploit this new Nevada website as it is for those in Europe. Why? Because determining the location and account holder of a cell phone is not the same as determining the true identity and age of the person actually playing poker.
Poker websites cannot stop a criminal or terrorist organization from hiring ‘mules’ (other people collaborating in the scheme) to open legitimate accounts. Imagine someone approaching a Las Vegas resident, giving them modified computer hardware and software, saying “We’ll pay you X dollars to keep these machines turned on. We’ll even pay your internet bill but don’t ask any questions.”
The mule then opens an ultimatepoker.com account and gives his or her user ID and password to the criminals. The ultimatepoker.com system will detect a computer IP address that indeed maps to Las Vegas and a cell phone that is, in fact, inside the Nevada state lines and is owned by the same person who opened the poker account. The criminals, safely stationed in a foreign country or another state, can play poker remotely through the mule’s computer and internet account. System bypassed. Money laundered. Done.
As for the tech-savvy teenager, it’s even easier. They simply ask a 21-year-old friend down the street to open an account. The teenager gives money to the friend and uses the friend’s user ID and password to play poker. The cell phone geo-location system will place the teenager in a legal jurisdiction by way of his friend, a lawful cell phone owner living nearby.
Chad Hills: Do you find it hypocritical that Nevada claims to control their online gambling environment, keeping it free of crime, while Internet gamblers are using their own computers? As a software engineer, explain to the average citizen why this is such a huge concern.
Consider the typical account of computer hacking described in the press. The hackers are faced with the problem of compromising computer equipment and networks that are substantially under the control of the hacker’s victims. Yet they still succeed — often.
Now consider how easy it would be for hackers to modify their own software and hardware and compromise their own networks to coordinate criminal activity using internet poker.
It turns out that this kind of manipulation is frighteningly easy to carry out.
Another way to look at the problem is to consider how a brick-and-mortar casino would react to a patron entering the casino, opening the cabinet of a slot machine, and loading custom software into the machine’s computer. How would the casino bosses react if a patron entered the casino and attached a computer to the casino’s internal network?
Such a thing is unthinkable to the operators of a brick-and-mortar casino yet this is exactly what Station Casinos, provider of ultimatepoker.com, and their regulators, the Nevada Gaming Control Board, are allowing. It defies common sense.
Chad Hills: Can FBI agents or gambling security software really track down where a particular gambler is located? Can they easily detect when and whether criminal activity is occurring through online gambling sites? Can cyber-criminals ‘cover their tracks’ easily through online gambling, making cyber-investigations costly and long, and does this concern the FBI?
The short answer is, No. While one can never assume it is impossible for federal law enforcement agents to crack any case if the criminals have a deep pool of cyber talent, determined money launderers can effectively make their electronic footprints disappear.
As part of my research, I built and tested a system whereby money launderers could use specially modified hardware and software to accomplish undetectable transfers of money. Specifically, the computer hardware, software and, Internet connections used by criminals can be made completely invisible to the poker website operators and their regulators.
I posted my research results, including a description of the modified hardware and software, on a publically accessible website. Over the past year I transferred information about my findings to the FBI. After reviewing the website, they asked me to remove it from public view.
In my meetings with the FBI, I explained the mechanics of how a money laundering investigation would likely begin, the characteristics of the money laundering system specifically designed to foil law enforcement, and the cost of an investigation in terms of time, personnel, and money. Based on the FBI’s reaction to my research, it is clear that Nevada, Delaware, and New Jersey have all acted with huge gaps in their knowledge of criminal consequences of legalization.
My interaction with federal law enforcement continues and it is very clear that this is of concern.
Chad Hills: Is there any way Internet gambling will ever be completely secure against children gambling and criminal activity? Should we, as American citizens and U.S. policymakers, trust the online gambling operators to ‘play fair’ and be honest?
No. It is impossible for an internet poker website, its regulators, or law enforcement to ever have as much control over a player’s computer hardware, non-gambling related software, and the environment in which they operate than the player himself or herself.
This is an immutable fact — just like Newton’s laws of motion.
Given the fact that I built a working hardware and software system demonstrating how a sophisticated criminal or terror organization could exploit internet poker and that the results of my effort were deemed inappropriate for public view by the FBI, both state and federal policy makers should be very concerned.
If an engineer tries to build around Newton, people can die.
If policy makers turn a blind eye to the realities of internet poker, terrorists and criminals can finance their operations, and people can die.
Pictured above: CitizenLink Gambling Analyst Chad Hills
FOR MORE INFORMATION
Read “Internet Gambling is Irresponsible Policy.”
View CitizenLink’s Gambling Addiction Cycle diagram.
Learn more about the dangers of gambling.