At a meeting recently, an associate asked me about a slot scam that had taken place in 2014. The case was reported by Wired Magazine in February in intriguing detail. The described incident took place in St. Louis where a man played slots for two or three days always winning, but never winning enough to require an employee to verify the jackpot. Further investigation led to a team of Russians working casinos around the United States and in other countries. They worked the same type of slot machines each time – Aristocrat Mark IV and certain models of Novomatic machines.
According to the Wired article, the scam began when Russia outlawed most forms of gambling. The ban forced many owners of slot machines to sell them to whomever was willing to buy them. Characteristically of the post-communist Russian economy, opportunists saw the used slot machines as a chance to attempt to reverse engineer the games. In the process, those talented, but under-employed computer engineers discovered a little known fact; random number generators are not truly random. If you can “see” a large enough segment of data from a slot machine’s random number generator you can find a pattern. The engineers found those patterns in the Aristocrat and Novomatic games. An individual could not recognize the pattern as it developed because that required a computer. However, an individual could carry a cellular phone and send the results displayed on the screen of a slot machine to a computer in Russia.
The computers in Russia could analyze the data and send the correct response to players in far off St. Louis or an Indian casino in Southern California. So, back to my associate’s question. The Russians appear to be laying low in this country – or maybe they have been too busy with elections, credit cards or bank databases to play slot machines – but they have not retired. In April, the Straits Times reported on an incident that took place over a three day period at both the Marina Bay Sands and Resorts World Sentosa. The facts were like those in St. Louis with some of the detail flushed out more completely. The team may have as many as 25 members and is broken into smaller units. Each unit has a “master” and that person gets 15 to 25 percent of the winnings; the individual players get 10 percent, the remainder is sent back to Russia. Players are recruited and trained in Russia before being sent out to play.
Thus far only two manufacturers and two models have been hit. However, that doesn’t mean there are not others that are vulnerable and it doesn’t mean that there is only one team operating in the world. The issue is a bit unnerving; it indicates that slot machines are not as secure as was once thought. It turns out that random number generating is not completely random; in fact, the Wired article used the term “pseudorandom” to clarify the difference between truly random number generating and the process used by slot machine manufacturers in modern slot machines. Exploiting a discernable, non-random pattern is not necessarily a new way to cheat a slot machine. Years ago, a former IGT engineer used a similar system to play keno slot machines in the Midwest. He could, like the computer in Russia, recognize a pattern that indicated an upcoming jackpot. The industry is lucky that it has happened, to our knowledge, so seldom. But casino slot machines are not the only place a non-random, random number generating system can be found.
Eddie Raymond Tipton, former information security director of the Multi-State Lottery Association, which runs Powerball and Mega Millions, was convicted of rigging jackpots in Colorado, Wisconsin, Iowa, Kansas and Oklahoma. Tipton, with his brother and friends, traveled to different states to hit a jackpot; he knew the dates on which some number patterns would be “drawn.” This week, Tipton is promising to explain to regulators how he was able to predict the lottery outcomes. That will be a big help, but it will not solve the problem. The underlying problem is one without a simple solution. Our entire economy, not just gaming, is dependent on computer technology. That makes us vulnerable to other computer technology that can “hack” into our system and either manipulate the data or decode it. It happens daily. This week hackers released data they had stolen from a casino in Canada; it contains the personal information of the casino’s best players. As serious as that is, it is not as serious as the hackers who recently stopped the English National Health System in its tracks and disrupted dozens of other government and private business around the world.
Everything we own and depend upon is in one way or another tied into the internet and thus vulnerable to others using the same system. Pacemakers, furnaces, refrigerators, televisions, cars, banks, hospitals, slot machines and lotteries are all hooked up in one big happy bundle. In a simplistic and nostalgic way, I think I preferred slot machines that could be breached with a screw driver. A slot cheat could go home with a couple hundred dollars, but no one could make the whole world come to a complete stop or empty slot machines and bank accounts with a cell phone and a computer. With all of our technology we are much less secure than we were before we had it. We might be richer, happier and healthier, but we are not more secure.
