Before you get all excited and start writing your own pseudo-random number generator, make sure to take a stroll through some CodeSOD over at the Daily WTF. There are plenty of examples of people trying to out-smart the built-in generators and failing miserably. This stuff ain't easy.

Keep in mind that this happened in the late 1990s. The major players in online poker (PokerStars and Full Tilt Poker) have millions of dollars to lose if someone discovered a flaw in their random number system. Accordingly, they have invested a lot of money and time into ensuring that their systems are secure to avoid something like this happening agin.

That being said, there are still problems.

Several months ago the 2+2 poker community discovered people using "superuser" accounts on Absolute Poker, which could see everyone else's holecards. Fortunately, the perpetrator wildly abused his powers and was discovered in time.

And who knows, you could discover some zero day exploit that gets you the same thing. All you have to do is spend thousands of hours attempting something that you probably won't succeed at and even if you did, you'd probably be discovered quickly because of inconsistencies in your play.

http://pokermining.wordpress.com/2007/12/20/cheating-graph/ is a graph from the 2+2 post showing how much of an outlier the cheating play was. It is the little red dot in the far upper right.

Variance obviously.

It's called 1 in a trillion for a reason ;)

If you were smart, you would never get caught. That person got caught because he played every single hand in a tournament.

Instead, what you'd do is you would play preflop without the knowledge. Then you'd probably want to set it up such that you were only getting the info some relatively small % of the time postflop too. It would be enough to turn anyone who was a marginal winner into a large consistent one, but not so big of one as to be caught, especially with routine account switches.

And oldie but a goodie. I remember when this first happened. A lot of people thought the industry would never recover. My opinion was always that half of the people thought it was rigged anyway (even when it wasn't) and still played, so what was the difference?

I think I've since been proven right by the fact that Ultimate Bet and Absolute Poker still exist.

I remember a casino where the communication between player and server was done using SSL. I compiled a custom OpenSSL DLL and was able to intercept the roulette commands!

Unfortunately whether it was a winning bet was done on the server, and the communication was just sending the bet to the server, and the other way, the result to the player.

Good to know that they obeyed rule #1 for game design: "Never trust the client!"