Software Programmer’s Indictment Fails the Prosecutorial Smell Test

The publication two weeks ago by Wired Magazine of the tale of an Arizona programmer facing prison time over software used in connection with online gambling has reraised serious questions about prosecutorial misconduct in pursuing gambling-related cases.

Titled “Write Gambling Software, Go to Prison,” the piece by Kim Zetter explored the story of Bob Stuart, whose family-operated Extension Software generated about $2.3m in sales, largely to offshore companies who in turn sub-licensed the software to firms running online gambling sites, including sportsbetting.

The charges brought by Southern District of New York prosecutor Cyrus R. Vance Jr. were for aiding and abetting illegal gambling, even though the prosecutors didn’t declare exactly which companies Stuart and Extension Software aided and abetted, nor how Stuart could be responsible for the use of his product in jurisdictions where it was and is fully legal.

And there was worse. Wired published an excerpted page of a plea agreement proposed by the SDNY to Stuart, in which Stuart would be “allowed” to plead guilty to two felonies connected to money laundering and abetting gambling, as long as he agreed to secretly install backdoor code into his program that would allow the DOJ to spy on anyone using Extension Software’s product, Action Sportsbook International (ASI).

As the published document shows, Stuart was expected to dance to the District Attorney’s every whim. Here’s the actual text:

Robert Stuart shall actively participate in ongoing investigations by the District Attorney. Active participation shall be as the District Attorney directs and only as the District Attorney directs. Active participation may include, but is not limited to, engaging in transactions, attending meetings, aiding in the design of software used to obtain records, usernames, passwords, and other information stored on websites using ASI, making telephone calls, and recording, or consenting to the recording thereof, transactions, meetings and telephone calls.

In other words, the SDNY asked Stuart to agree to install extra code in his program to essentially steal all customer information and transactions. Given that most of Extension’s customers are offshore themselves, and were open to sportsbetting from worldwide customers (not just the US), the above represented an attempt to violate the privacy codes of just about every other country in the world.

When Stuart refused to sign and agree to enable spying by the US, Vance and the SDNY went ahead with the indictment.

The story is a huge “wow,” even if half the outlets that re-reported it didn’t catch the fact that the indictment itself was old news. But it’s not a “wow” because of the US government attempting to go after a programmer, as the Wired story and title would have one believe.

Indeed, this isn’t even the first time programmers have been targeted. David Parchomchuk of ThrillX Systems was targeted in a similar way by Maryland prosecutors in conjunction with that state’s Blue Monday crackdown against other offshore sites in 2011, an indictment which was made to go away in a minimum way not long after.

Back to Stuart. The SDNY, of course, is the same prosecutor’s office behind most of the large-scale legal crackdowns that have changed the US-facing online landscape, from the seizure of NETELLER all the way through 2011’s gigantic “Black Friday” indictment that targeted PokerStars, Full Tilt and Absolute Poker.

The extent to which the responsibility for the software’s final use was being stretched here should be evident from the bluster in SDNY attorney Vance’s PR quote:

These defendants abetted large-scale illegal gambling in the U.S. and abroad. In doing so, they gave bettors an easy way to place illegal wagers, and created an appetite for further unlawful activity.

But as Wired discovered, there was a lot more to the story. And there may even be more to this than Wired knows.

UltimateBet Parallels

As one of the leading researchers and writers on the Absolute Poker and UltimateBet insider cheating scandals, I’ve learned a great deal about the operations and history of those two sites, in both the people involved and the other sorts of business they ran.

UltimateBet, in particular, is a comparison worth bringing up in conjunction with these recent Stuart/Extension indictments. UltimateBet’s parent company, Excapsa, was a thinly veiled operation that pretended to be out of Toronto but was in reality run out of Portland, Oregon.

UltimateBet was born from a concern called ieLogic, which produced a product called ieSnare that was used throughout the online gambling industry. The product was developed primarily to stop credit-card fraud by identifying and cross-linking customers’ computers and internet connections.

Eventually, after ieLogic moved to the tallest building in Portland, occupying an entire floor of the monolith known as “Big Pink,” the company was split into two. ieLogic itself was transformed into a holding company (Excapsa), while much of the actual software development behind ieSnare was transitioned into a new company, called iovation.

Iovation with its new non-gambling face, was targeted toward major, mainstream US concerns, including Intel and Hewlett-Packard. The company still offers ieSnare and related spying (“anti fraud”) products. And, all the iovation business went on right across the hall from where UB decision-making still occurred.

The problem with the Stuart story? This writer/researcher is aware of the plethora of evidence that federal prosecutors already possess—and have had in their possession for years—regarding the real nature of UB and the roles of its primary executives. Those included poker players such as Russ Hamilton and Mansour Matloubi in addition to ieLogic/iovation business and software execs Greg Pierson, Jon Karl and others.

Then there are the rumors. Among the things I’ve been told (but cannot confirm) is that iovation has been involved in some sort of government contract in connection with its ieSnare suite for several years. Can I prove it? Of course not, nor is iovation likely to pick up the phone and offer relevant info.

Yet the known facts regarding Pierson and other iovation execs, just as with Hamilton, dwarf by orders of magnitude the allegations against Stuart, the Arizona programer. Those facts and documents, which the DOJ surely possesses, also include every bit the same alleged aiding and abetting, in this case by allowing a similar cast of offshore sites to process payments with less fraud.

It’s just a small portion of what iovation/ieLogic/Excaspa/UltimateBet was involved in. And yet Pierson and Co. have never been charged… with anything.

It doesn’t make any sense, unless the unsubstantiable rumors have merit. At the risk of being labeled a conspiracy theorist, which I’m generally not, there’s sometimes value in remembering Occam’s Razor, which reminds us that the simplest, most obvious explanation is also often the likeliest one.

In this case, old Occam’s idiom suggests that maybe iovation’s execs cut a deal long ago, and that in exchange for non-prosecution, their software is now riddled with the same type of backdoor spying capabilities that Vance and the SDNY wanted to put into Stuart’s ASI software.

The counter-argument isn’t great for the DOJ, either, in which that agency is often accused of flea-stomping and looking for cases that are easy to win, and, yes, this could be another example. There have even been allegations of prosecution for profit regarding some of the SDNY’s recent cases.

Would iovation’s software suite withstand a true, independent third-party audit and reverse engineering? Such a deconstruction is probably the only way the real answers in this will come out.

One thing’s for sure: The DOJ behavior exposed by Wired is a shoddy excuse for what the United States is supposed to represent. Now it’s up to others to determine just how isolated an occurrence that behavior happens to be.

Article source:

Tags: , , , , , , , , , , ,

Leave a Reply

CommentLuv badge