Welcome Guest
Log In | Register )
You last visited July 8, 2020, 5:20 pm
All times shown are
Eastern Time (GMT-5:00)

D.C. Lottery thefts tied to lax security processes

Dec 21, 2007, 12:34 pm

Share this news story on Facebook
Tweet this news story on Twitter
Washington, D.C. LotteryWashington, D.C. Lottery: D.C. Lottery thefts tied to lax security processes

D.C. officials learned last year that lax enforcement of security procedures made it possible for a handful of contract employees to steal tens of thousands of dollars in lottery tickets and prize money, according to records released this week in response to a Freedom of Information Act request filed with the District of Columbia Lottery & Charitable Games Control Board.

An investigation conducted by Battelle Memorial Institute in August 2006 determined the ticket thefts were most likely committed by field service technicians employed by Lottery Technology Enterprises, a District-based joint venture between GTECH Corp., New Game Technologies and Opportunity Systems Incorporated.

Lottery officials were first made aware of questionable ticket sales in December 2005, when several retail locations around the District began complaining about unauthorized ticket sales charged to their accounts. In nearly every case, the sales were recorded as occurring after the retailer's business hours. Surveillance footage and audits of ticket stock showed that no one was at the retailers' lottery terminals when the tickets were recorded as being sold.

Battelle, a technology consultancy, concluded that LTE technicians likely created the unauthorized tickets by manipulating the radio communications technology used to transmit ticket purchases from retail terminals to the D.C. lottery's central system. Battelle determined encryption security measures were not activated on some retailers's lottery terminals. LTE technicians thus were able to intercept the retailers' logon credentials, allowing them to gain remote access to some of these unsecured machines. Using spare lottery terminals, the thieves were then able to print genuine lottery tickets without having to pay for them, Battelle found.

In roughly 5,600 separate transactions over a seven-month period, the perpetrators tricked the system into thinking the purchases had been made by one of more than three dozen lottery terminals at authorized lottery retail locations throughout the District.

All told, the LTE technicians created $86,000 in phantom D.C. Lucky Numbers, D.C. 4, Keno and Powerball tickets, earning prize money totaling more than $70,000.

LTE officials did not return repeated calls for comment. A spokesperson for GTECH, a lottery hardware and software vendor based in Providence, R.I., declined to comment.

Jay Young, chief operating officer for the D.C. Lottery, said the board worked with the FBI to identify at least three LTE employees suspected of committing the fraud. LTE later fired the employees, but investigators could not gather enough hard evidence of wrongdoing to bring criminal charges against them.

LTE has since repaid the DC government the purchase price of the stolen tickets, but not the prize money earned by those tickets. Ben Larigo, executive director of the District's Office of Integrity and Oversight, said the DC government is seeking to recoup the lost winnings as well as punitive damages from LTE, though he declined to saw how much.

"We're just looking to be made whole here," Larigo said.

The Battelle report found that the "radio communications being used by the [lottery] system had a previously-undiscovered vulnerability. This vulnerability permitted an unauthorized lottery terminal to enter 'rogue' transactions into the system, producing apparently legitimate tickets that could be cashed as winners."

According to Battelle, GTECH has since put in place a technological fix that should prevent unregistered lottery terminals from being used on the network. The rogue lottery terminals used to print the stolen tickets were never found.

The Battelle audit also faulted LTE's management processes, from a failure to conduct thorough background checks on employees to the lack of strict controls over who had access to lottery terminals (see "Highlights From the Battelle Audit" below).

News of the phantom tickets comes at a sensitive time for GTECH and LTE; the D.C. government is soliciting requests for proposals to rebuild the city's aging gaming system. Installed in 1985 — with minor upgrades a decade later — the technology that powers the District's lottery system remains the among the oldest in all of North America. The city is expected to award the new contract early next year.

The D.C. Lottery retailers affected by the scam were never told how the thefts were carried out. The D.C. government simply refunded to retailers the money it gained from the sale of the phantom tickets. The stores were allowed to keep the commissions they made on the bogus tickets.

Last year, the D.C. Lottery sold more than $266 million in tickets, generating nearly $74 million for the city government.

Highlights From the Battelle Audit

  • Lottery technicians' "terminal security control was weak. There was no sign-on/off procedure, and no existence of a lottery terminal paper inventory accounting routine before the incidents."
  • "Approximately 190 retailers' terminal encryption was turned off despite a system-wide default to turn on the encryption."
  • "Anomalies in a suspect LTE's employee's background check prior to employment were ignored. We are not aware that LTE performs annual financial and other background checks on LTE employees in sensitive positions."
  • "LTE's control over lottery terminals is weak. There were no strict controls over terminals — technicians could take the terminals out for a period of time without accounting for them."
  • "LTE's security over lottery ticket stock was weak. There was no lottery paper inventory accounting routine before the incidents."
  • Technicians' "terminal intrusion attempts are not monitored, logged or reported."

Washington Post

We'd love to see your comments here!  Register for a FREE membership — it takes just a few moments — and you'll be able to post comments here and on any of our forums. If you're already a member, you can Log In to post a comment.

2 comments. Last comment 13 years ago by jarasan.
Page 1 of 1
United States
Member #20228
August 14, 2005
61 Posts
Posted: December 23, 2007, 10:20 am - IP Logged

Another  "safe" lottery program proven to be otherwise.Puke

    jarasan's avatar - new patrick.gif
    United States
    Member #44102
    July 30, 2006
    6170 Posts
    Posted: December 23, 2007, 10:37 am - IP Logged

    Just the tip of the iceberg,  the D.C. govt. also has problems with the tax dept. insiders have been stealing for years. I just want to know where the roughly 180 Billion dollars given to D.C. over the past 25 years went.  Statehood, yeah right.