Gambling is No Game: DNS Links Between Chinese Organized Crime and Sports Sponsorships

Authors: Maël Le Touz, Jacques Portal, Renée Burton, and Elena Puga

This blog contains an excerpt of our new paper that… Read the full research paper here.

This groundbreaking report unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia. The technology suite is composed of software, Domain Name System (DNS) configurations, website hosting, payment mechanisms, mobile apps, and more-a full cybercrime supply chain. Tens of seemingly unrelated gambling brands that advertise by way of sponsorship deals with European sports teams use this technology. The owners of these brands prey on residents of Greater China and on victims across the globe to take advantage of the US$1.7 trillion illegal gambling economy.¹ We've named the actor who designed, developed, and operates this supply chain: Vigorish Viper.

Gambling is almost completely illegal in Greater China, and yet it's estimated that citizens in the region bet nearly US$850 billion annually.

We are highly confident that Vigorish Viper's technology suite was developed by the Yabo Group (also known as Yabo Sports or Yabo). Watchdogs believe the notorious Yabo controls 'possibly the biggest illegal gambling operation targeting Greater China' and have directly tied them to practices of modern slavery.² For example, human trafficking victims in forced labor camps linked to Yabo on the Cambodia-Laos border must "staff" gambling operations and run so-called pig butchering scams. The victims, most of whom are Chinese, provide customer support for Yabo's websites as well as those of several other betting brands.³ We found that the brands at the center of these labor camps are connected in multiple ways, including through their use of the Vigorish Viper's technology suite: While these brands appear distinct, they operate more like the branches of a franchise.

Although our research indicates that Vigorish Viper is likely synonymous with Yabo, the real identities behind Yabo remain unknown. As such, Yabo itself is merely one face for an unknown organized crime syndicate. This report focuses on the technology, network operations, and supply chain of Vigorish Viper rather than the financial and humanitarian crimes reportedly committed by their alter ego Yabo. The full scope of crimes by Vigorish Viper (and by implication, Yabo) is unknown to us.

The United Nations Office on Drugs and Crime (UNODC) concluded that "organized crime groups running many of these [online casino] operations have done so with growing sophistication, through the use of data mining and processing, blockchain technology and, increasingly, generative artificial intelligence."4 Vigorish Viper's software and infrastructure are representative of this sophistication.

Connections to European Sports Betting

Vigorish Viper is intimately connected to an ongoing controversy in Europe surrounding the use of football club sponsorships to illegally advertise gambling sites in Asia, particularly in Greater China. Criminal syndicates have drawn sports teams into their illicit activities and leveraged the teams' popularity as a force multiplier. Through a series of shell companies using fake identities and credentials, the Chinese organized crime groups establish brand presence, typically represented by a so-called white label intermediary who provides local representation and bona fides. Players wear the sponsor's logo on their shirt during games, or the logo is advertised on pitchside boards of the stadium, or both. The games are broadcast in China, often illegally, where viewers are enticed to visit the website and bet on their favorite club (see Figure 1). This sponsorship charade has been the subject of robust reporting by investigative journalists and watchdogs over the past several years. Vigorish Viper technology connects most of these stories together and places Yabo at the heart of the controversy.

Figure 1. An overview of Vigorish Viper's sports sponsorship scheme

The brazen scheme to victimize Chinese residents through European football sponsorships was, and remains, very successful. It was not until April 2023, after extensive reporting by major outlets, that the U.K. Gambling Commission sanctioned white label provider TGP Europe for "anti-money laundering and social responsibility failures."⁵ The commission suspended 14 brands and seized the U.K.-related domain names; 11 were brands associated with Vigorish Viper, including Yabo. When we say they remain very successful, it's because to a great degree their European operations continue, having negotiated new sponsorship deals with French, Spanish, and other European teams. And in spite of the sanctions and additional license conditions, TGP Europe still acts as a white label provider for five of Vigorish Viper's brands. Moreover, at least eight top English football clubs currently have sponsorship deals with Vigorish Viper's brands.⁶

Connections to Yabo

For the gambling brands, Vigorish Viper's technology underpins all aspects of the user experience, from the website to chat apps and payment systems. References to Yabo are littered throughout the software and the infrastructure, making it abundantly clear that Yabo developed the software and DNS network. The entire suite includes custom cryptography, branding services, website templates and hosting, mobile apps, secure communications, advertising, and more. It is even likely that Vigorish Viper created the anonymous cryptocurrency payment provider that is embedded into all of their applications. This broad scope of technology made Yabo / Vigorish Viper a sweeping monolithic entity by 2020.

Amid media scrutiny, Yabo was dissolved in 2022, but the remnants of the company were essentially laundered into a series of new entities, including Kaiyun Sports, KM Gaming, Ponymuah, and SKG. While at face value these new companies appear independent, evidence shows they are not. Together the newly established companies make up a supply chain for Vigorish Viper to continue operations unabated and under less scrutiny.

Vigorish Viper's software and infrastructure are sophisticated. The actor has implemented multiple, layered traffic distribution systems (TDSs) using DNS CNAME records and JavaScript, essentially creating a series of gates to protect their systems from unwanted scrutiny. They extensively fingerprint the users, including continuously monitoring mouse movements and evaluating IP addresses. There are multiple versions of the software, and the most advanced version is reserved for the Chinese brands. Vigorish Viper hosts over 170k domain names and tens of brands in an infrastructure that is directly tied to Hong Kong and China.

This report covers our discovery of Vigorish Viper, details of the technical platform, its ties to organized crime, and its role in the European football sponsorship scandals. The material is divided into several chapters.

• Chapter One introduces the sports sponsorship controversy in the context of illegal gambling in Greater China and the role of organized crime. It also furnishes background on the so-called baowang economy, which provides "full package" white label technical services for illegal gambling in the region.
• Chapter Two describes our discovery of Vigorish Viper and the impact to our customer networks.
• Chapter Three delves into the technical aspects of Vigorish Viper's software and reveals the breadth of brands found in the network.
• Chapter Four discusses the attributes of Yabo and the obfuscated transformation of Yabo into a set of new commercial entities.
• Chapter Five details the current state of the Vigorish Viper's baowang supply chain.
• The appendices include additional story lines we uncovered during this research and supporting materials.

Vigorish Viper: A Venomous Bet

Why Vigorish Viper?

Vigorish Viper is a name derived from the gambling world's exorbitant fees levied on unlucky bettors. The term vigorish, or vig for short, is used by organized crime syndicates to refer to these fees. Viper refers to the complex combination of TDSs and convoluted brand relationships that the actor employs to route users to content.

Public link

Please use the above public link if you want to share this noodl on another website.