The Deckmate 2 automatic card shufflers used in casinos, card houses, and high-end private poker games around the world are designed to shuffle a deck in seconds with perfect, computer-generated randomness, vastly speeding up play. They’re also, amazingly, sold with a camera inside that can observe every card in the deck before it’s dealt—a fact that’s become very convenient for poker-cheating hackers and, allegedly, members of the Cosa Nostra mafia.
On Thursday, the United States Justice Department unsealed an indictment against 31 people, including alleged members of several organized crime families along with two well-known figures in the NBA—Portland Trail Blazers coach Chauncey Billups and former player and assistant coach Damon Jones—for what prosecutors describe as their roles in a vast rigged-gambling conspiracy. Miami Heat guard Terry Rozier was charged in a separate alleged gambling scheme, along with Jones and four others.
The 31 defendants in the first indictment are charged with running a ring of high-stakes private poker games from New York to the Hamptons to Miami, allegedly luring victims with the prospect of playing with NBA stars and then fleecing them for tens or even hundreds of thousands of dollars with multiple high-tech cheating systems—among them, hacked card shufflers set up to secretly transmit exactly what cards each player would have in their hand.
According to prosecutors, the marks were taken for more than $7 million over several years of running the rigged gambling schemes. “These individuals used technology and deceit to scam innocent victims out of millions of dollars—eventually funneling money to La Casa Nostra and enriching one of the most notorious criminal networks in the world,” FBI director Kash Patel wrote in a statement.
A shot of the Deckmate 2’s internals, including the camera that can be accessed to learn the deck’s order.
Courtesy of HACKLAB; WIRED
At the center of that lucrative alleged poker conspiracy is the Deckmate 2, an automated card shuffler that’s nearly ubiquitous in high-end gambling establishments—and has, for at least two years, been the subject of cybersecurity controversy. At the Black Hat hacker conference in August of 2023, a team of researchers from security firm IOActive presented a proof-of-concept technique for hacking the shuffler with a small device that plugs into its exposed USB port. That tiny computer would alter the code of the shuffler to give a hacker access to its internal camera—built into the machine for the purpose of assuring that the deck is intact—and then transmit the entire deck order to a nearby phone via Bluetooth.
With a custom-built app on that phone, the researchers showed they could predict exactly what hands every player at the table would have in a game of Texas Hold’em. Even if the dealer cuts the deck, entering into the app the two cards in a cheating player’s hand or the three “flop” cards exposed on the table early in a round of Texas Hold’em would tell the cheater exactly where the dealer had cut to in the deck and thus offer full knowledge of who holds the best hand.
Joseph Tartaro, at the time a security researcher at IOActive, described the technique as “100 percent full-control cheating” in a 2023 interview with WIRED. “We can, for example, just read the constant data from the camera so we can know the deck order,” Tartaro said. “When that deck goes out into play, we know exactly the hand that everyone is going to have.”
While Tartaro suggested in a later interview that a cheating player could surreptitiously plug his hacking device into a shuffler in a casino, he also noted that someone who owned or maintained the shuffler could use it to cheat even more easily. “Once you have access to the internals, it’s kind of game over,” Tartaro said.
WIRED went so far as to test out this hacked-shuffler cheating technique, as shown in the video above published earlier this month. With the help of Tartaro, we used a hacked Deckmate 2 to cheat against two unsuspecting players in a live game of Texas Hold’em. By partnering with Tartaro in the game and using a system of covert hand signals that communicated his secret knowledge of the winning hand transmitted from the hacked shuffler, we ultimately cleaned out the two victims in our demo game.
The indictment claims 31 alleged members of the mob orchestrated rigged poker games with NBA players to steal millions.
Photograph: Michael M. Santiago/Getty Images
The actual alleged poker cheating ring, prosecutors have now revealed, had been using almost exactly the same hacking techniques for years. In their games, however, several alleged defendants are said to have used pre-rigged Deckmate 2 shufflers under their own control rather than hack machines owned by others via their USB port, as IOActive described. (In one case mentioned in the indictment, some defendants allegedly even stole a rigged shuffler from someone at gunpoint to use in their games.)
The hacked shufflers were programmed to transmit the knowledge of the players’ hands to a remote operator, who then sent that information back to the phone of a player in the game known as a “quarterback” or “driver,” according to prosecutors. The indictment claims that the lead cheater would then use covert signals to tell other cheating players in the game how to bet or fold.
When WIRED reached out to Light & Wonder, the company that sells the Deckmate 2, a company spokesperson responded by pointing to multiple ways the company had improved the shufflers’ security since IOActive first publicly exposed its vulnerabilities in 2023. The company says it updated the firmware in its shufflers to patch security flaws IOActive revealed, such as the ability to circumvent a cryptographic check of whether the shuffler’s code had been altered. It also disabled the USB port in all shufflers.
Even then, poker and cheating experts point out to WIRED that, while shufflers in licensed casinos may have gotten those updates, secondhand and black-market Deckmate 2s used in unlicensed card houses or private games may not have gotten the same attention—or could be deliberately rigged by someone who set up the game.
Tartaro’s app that tells a cheater which player will have the winning hand.
Courtesy of HACKLAB; WIRED
“If there’s a camera that knows the cards, there is always some kind of underlying threat. Customers are gonna be essentially at the mercy of the person setting up the machine,” poker player and card house owner Doug Polk previously told WIRED. “If you’re showing up in a private game and there’s a shuffler, I would say you should run for the hills.”
Hacking the Deckmate 2, according to prosecutors, was only one of several cheating techniques the mobsters allegedly used, albeit the one that’s described in the most detail in the indictment. The charging document also claims that they used invisibly marked cards, electronic poker chip trays, phones that could secretly read cards’ markings, and even specially designed glasses and contact lenses.
While the details of those schemes weren’t spelled out by prosecutors, they’re all well known in the casino security world, says Sal Piacente, a professional cheating consultant and the president of UniverSal Game Protection. Cards can, for instance, have hidden bar codes on their edges—printed invisibly, such as with infrared ink—that can be deciphered by a reader hidden in a chip tray or in a phone case laid on the table. In other cases, cards are similarly marked on their backs with ink that’s only visible with special glasses or contacts.
“This kind of equipment is being used more than you would think,” Piacente says. “When you go to a private game, there’s no regulation, no commission, no rules. Anything goes.”
