New Jersey

New Jersey DGE Announces Second Geolocation-Failure Operator Fine

The New Jersey Division of Gaming Enforcement has, for the second time, announced a fine levied against an online-gambling operator or a third-party service provider related to failures in the geolocation protocols intended to prevent out-of-state gamblers from wagering on New Jersey’s licensed sites. This time, the DGE has announced a $25,000 fine levied against Malta’s Gaming Innovation Group (GiG) for a flaw in its geolocation protocols that allowed a Nevada-based gambler to spoof his location and appear to be located within New Jersey.

Though only a small wagering sum was involved, Gaming Innovation Group received a reasonably severe wristslap. The unnamed Nevada gambler lost the princely amount of $29 on www.hardrockcasino.com, the online home of Hard Rock Atlantic City, at casino games. The incident occurred sometime before July 4, 2018, when a geolocation audit of GiG’s services uncovered a browser-based vulnerability that allowed users with sufficient technical skill to change the data being transmitted to GiG’s servers and thus falsely report the gambler’s computer as being within New Jersey.

Discovery of the vulnerability led to a short-term (and previously unreported) shutdown of the hardrockcasino.com site last July, for a handful of hours, while a fix was put into place. Then came the work of seeing if anyone had exploited the vulnerability and spoofed his location, and it turned out that a single Nevada-based gambler had done so. (Nevada has legalized online poker but, to date, has not legalized any other form of online gambling, thus explaining in part the Nevada gambler’s interest in the NJ-based site.)

The DGE did not file its mandatory complaint about the vulnerability until December 12, 2018, and the two sides then negotiated the appropriate penalty for what was an isolated instance but could have been a significant issue. DGE director David L. Rebuck signed the director’s action confirming the $25,000 fine against GiG on April 30, 2019.

According to Associated Press writer Wayne Parry, who covers the New Jersey gambling beat, the DGE “did not take adequate steps ensure that the computer server made the final call on whether a patron was within New Jersey. Instead, the patron was able to trick the system.” More on this in a bit.

“This one-off single incidence of out-of-state gambling was due to a technical vulnerability which was quickly discovered and reported to the regulator in New Jersey in the first week the company went live in New Jersey,” Gaming Innovation said to Parry. “An end user from outside the state of New Jersey with technical knowledge managed to access the front end debugger to change the location and pretend to be from New Jersey.”

There’s just a little bit of an unanswered question regarding this situation, which is the second time an out-of-state gambler has successfully evaded New Jersey’s largely-robust geolocation defenses. That question is: How did the site manage to go live in the first place that allowed user-changeable browser data to be employed as the sole indicator of a customer’s supposed location? The hardrockcasino.com site was live for real money for less than a week before the vulnerability was detected and fixed. However, it should never have made it to the live-money stage in the first place.

Given that this was a fuck-up engineered by GiG, it still should have been caught by the New Jersey DGE’s pre-launch testing of the products and protocols being submitted for approval. The DGE itself bears some secondary responsibility for this violation to have occurred, not the first time the agency has screwed the pooch on someone else’s dime. Ah, well, we’re all imperfect creatures, right?

COMMENTS

Leave a Comment

*

LATEST NEWS

filter by

by Haley Hintze

Haley Hintze
17th November 2019 // Industry, News

Shareholders Approve Eldorado-Caesars Tie-up

The acquisition by Eldorado Resorts, inc. and Caesars Entertainment Corporation (CEC), the parent company of the World Series of Poker, has cleared another hurdle with the near-unanimous approval of the ...

Dan Katz

16th November 2019 // News, Online Poker Action

PokerStars Pennsylvania Announces First PACOOP Tournament Series

PokerStars is wasting no time letting players in Pennsylvania that they are, in fact, playing on PokerStars. Just a...

Haley Hintze

15th November 2019 // Legal News, Misc, News

Florida Man Charged With Murder in Revenge for Poker Losses

A Pasco County, Florida man, Michael Joseph Psilakis Jr., has been charged with murder after the discovery of a...

Haley Hintze

14th November 2019 // News, Poker Tournaments

WSOP Expands 2019 International Circuit Schedule

The World Series of Poker (WSOP) has expanded the schedule for its ongoing 2019 International Circuit season by...

Haley Hintze

10th November 2019 // Legal News, Misc, News

Michael Borovetz Pleads Guilty in Poker-Funding Michigan Airport Scam Case

Pennsylvania poker player Michael Borovetz has pled guilty in a Michigan courtroom to a single count of theft by false...

Haley Hintze

10th November 2019 // Industry, Misc, News

Betclic Completes Withdrawal of Everest Poker Brand From UK Market

Betclic has completed its withdrawal of its venerable Everest Poker brand from the United Kingdom’s online-poker...

Dan Katz

10th November 2019 // Gossip, Misc, News, Poker Tournaments

Daniel Negreanu Wants to Make Changes to the WSOP POY Calculations

The World Series of Poker Player of the Year race has been in the news a lot in the past week and for good reason....