Kyle made hacking anonymous tables look very easy

Bodog’s new anonymous poker table feature may not be as anonymous as the company claims, according to poker blogger form poker software maker HH Smithy. The blogger, identified only as “Kyle from HH Smithy,” claims he was able to hack into the site in under three hours and access player information.  HH Smithy made news in the poker world last week by pulling a similar move with PartyPoker’s anonymous tables.

Anonymous Tables Explained

Anonymous tables are increasingly being used by big name poker sites to protect newer players from more experienced, predatory players. At an anonymous table, a player’s record and other information is obscured and, supposedly, protected from data mining tools and HUDs to gain an advantage. (HUDs are heads up displays that allow players to access real-time information about their opponents without disturbing their play or switching browsers.)

But in a video posted on his blog, and quickly re-posted across the iGaming world a blogger identified “Kyle from HH Smithy” shows how he used his company’s PartyCrasher tool to quickly “de-anonymize” player ID’s. With player ID’s in hand, Kyle was able to retrieve hand histories and other information that would help a player gain an edge at any table. HH Smithy is a maker of HUD software.

Never Trust a Client

The technology behind Kyle’s hack is complex but basically revolves around how servers and clients communicate. Many IT professionals stress a worldview that says, “Never trust a client.” This means that web sites need to sanitize information that’s relayed to users whether it’s readily visible or not.

Bodog Responds

A Bodog customer service representative responded to the video in a forum posting on the poker news site, In the post he dismissed Kyle as an anomaly stating:

As per the anonymity of our Poker tables, for the vast majority of our players, they will not know who they are playing against as they can’t see a screen name or account number while at the tables; however, if someone wants to and has the technical skills to develop the software you saw on the forum they are able to – we are confident this will only be pursued in very isolated cases between now and a future upgrade which will prevent it from working.

A Bigger Problem
Some players are not necessarily concerned that their ID numbers are accessible at anonymous tables, while others are extremely concerned. The latter worry that a small opening like this is all a really good hacker needs to grab more sensitive data. Kyle points out that this is the same sort of security hole that caused major problems for the PlayStation network earlier in the year.

While Bodog seems to dismiss the breach as unusual, they also hinted that they would likely make further changes to address the issue.

A Tough Year for Bodog

The security breach is just the latest bad news in what has been a very bad year for the gaming giant. Besides being ensnared in the legal mess surrounding Black Friday, they recently moved their servers to the Isle of Man and have stopped accepting U.S. Players. But unless this problem is properly addressed, 2012 could be pretty rough, too.

Are online gaming sites doing enough to protect their player’s personal information? Let us know on our Online Gambling Newswire Forum

Related posts: