Lottery Post alerted the industry to this possibility 11 years ago
The top threat to any lottery's integrity is its own information technology employees, a former lottery security chief told jurors in the trial for his coworker accused of rigging a Hot Lotto drawing to win a $14.3 million ticket.
Ed Stefan, a former chief security officer for the Multi-State Lottery organization, testified Wednesday that it's "sadly" possible his friend and former coworker, Eddie Tipton, installed a malicious self-deleting computer program onto a number-generating computer to rig a Dec. 29, 2010, drawing that produced the winning ticket. Tipton, 52, is on trial for two counts of fraud.
It's a historic case, believed to be the first trial for a person accused of manipulating a draw. Stefan's admission that it's possible to manipulate the lottery aligns with a theme underscoring the case since Tipton's January arrest: The greatest threat to any company's digital security comes from within.
The expertise IT employees have can make one with ill-intentions particularly dangerous, Stefan said.
"They have the knowledge, they have the background, they have the access, they have the understanding," he said. "They have the keys to the kingdom."
Stefan's testimony backed Assistant Iowa Attorney's General Rob Sand's case to jurors that Tipton attempted to pull off the ultimate "21st-century inside job" using a self-deleting rootkit. The prosecutor has said Tipton could have installed the program when he accessed the Hot Lotto drawing computers more than a month before the drawing to change the clocks.
After purchasing the ticket on Dec. 23, 2010, Tipton, legally barred from playing the lottery, allegedly filtered the ticket through a Texas friend to make a claim for the money. Tipton's defense contends there are no phone records or other evidence tying him to anybody who tried to redeem the ticket and no forensic evidence a rootkit was installed on the lottery association's comptuers.
Stefan told jurors he became physically ill last fall when he first saw publicly-released video footage from a Des Moines QuickTrip of a man purchasing the ticket at 3:24 p.m. Tipton and Stefan became friends in a college calculus class in Houston in the early 90s and have remained close, he said.
Tipton introduced Stefan to his now-wife, and Stefan helped Tipton get a job in 2003 at the Urbandale-based lottery association that provides games such as Hot Lotto to lotteries across the country, he testified. The two share a patent for a lottery technology idea. It felt like "finding out your mother is an ax murderer" when he saw the man in the video, he said.
"It looks just like Eddie, it sounds just like Eddie, it acts just like Eddie, the mannerisms are just like Eddie," he said. "As a disinterested third party, I would say, 'Oh, that's Eddie.' As someone who's known him half my life, it's incredibly difficult to believe that's Eddie Tipton."
Lottery Post warned about this
In August 2004, the Lottery Post website first alerted the industry to the issues surrounding computerized lottery drawings in the Petition for True Lottery Drawings.
In the petition, Lottery Post Founder Todd Northrop warned of the dangers of hacking, and specifically that a knowledgeable hacker could disguise even the fact that the drawing system was hacked. Northrop wrote:
Computer hacking is a term that has entered the daily lexicon because of its prevalence within every aspect of computers. Hackers can produce code that goes undetected for long periods of time, and causes unseen problems. Why do the state lotteries think that they are immune from hacking, when some of the most secure computers in the world have been hacked into? Worse, a state employee "on the take" could insert malicious computer code into the drawing process that could specify the exact numbers that are drawn. A crafty programmer could keep this secret for a long time.
Sadly enough, what Northrop wrote 11 years ago is is precisely what Tipton is accused of doing today.
Despite the fact that the petition was not promoted in social media or any common marketing method — it was only available as a small link — nearly 10,000 lottery players have found and signed it. Clearly, computerized drawings are a problem in theory, and now in actuality.
Been saying it along!!!!!!!!!!!!! YAY Todd!!!!!!!!!!!!!! You was right and so was a lot of us!!!!!!!
Respect my authoratai!!
well this covers compuker drawings for a few and many ......
but I doubt this will quell the few and many who still believe that thars a cheat to to regular ball drawings
It's frustrating to be shouting the alarm on forthcoming doom, only to have it fall upon deaf ears!
Alex Jones shares your frustration.
We should all submit these findings to the attorney general in your state.
Along with rigged drawings, computerized drawings can also accidentally screw people over, as was the case in Tennessee.
The severely flawed drawings have been happening every day since computerized drawings replaced the lottery's real mechanical ball drawings more than three weeks ago.
That's a total of 80 Pick 3 and Pick 4 drawings in which almost half the lottery ticket players bought were unwinnable.
The flaw in the drawings prevented two of the same numbers from appearing together, in what players refer to as "doubles" and "triples", and in Pick 4, "quads".
Tipton's thoughts of Stefan....
"The top threat to any lottery's integrity is its own information technology employees, a former lottery security chief told jurors"
He should have told them that the greatest threat is inadequate security protocols. Protocols that allow unauthorized software changes to go undetected for weeks on end. Protocols that don't allow them to know when security devices like surveillance systems are tampered with. Protocols that allow somebody to access the drawing computers without other people carefully observing them. Protocols that allow somebody to know weeks ahead of time which computer will be used to conduct a particular drawing.
There's a world of difference between problems that result from poor software or faulty implementation of decent software and deliberate tampering with the approved software.
Uh, Duh !?!
Gee, What're The Odds?
My haters owe me an apology.
ttech we have been doomed for years...thanks for the support.
Pick,pick,pick. You keep on with your little pity party.
Listen. Try real hard to let this sink in. Try!
We been down this road before.
You need to quit calling people "haters". Nobody here knows you well enough to either love you or hate you. You are a stranger, just as we are strangers to you.
Again, I will repeat myself. Read this real slow like. Realllllllllly slow. Let it soak in to your little brain.
Here it is.........."a difference of opinion does not constitute hate".
Here is an example. My co-workers and I sometimes have a difference of opinion on something. Even so, we don't hate each other.
I truly hope you have a great day!
Buckeye l thought you said you were not going to fall for his
posts. .. Lol.
No. That was jjprince. He's a troll.
Pick is simply misguided.