Hackers breaking random number generators demonstrates how lottery industry's reliance upon computerized drawings is bad idea
An international syndicate of Russian hackers that cashed out millions from slots in U.S. casinos over the years is focusing its efforts on South America and Europe after busts in Missouri and Singapore.
The Russian syndicate most recently struck in Peru, a security consultant to slot-makers told a group of U.S. regulators at a Las Vegas conference Thursday at the Luxor organized by Gaming Laboratories International. Wired magazine first reported the story about the syndicate last month.
The existence of the Russian group, which might have been operating for as long as a decade, was first spotted in Missouri in May 2014. The FBI made its first arrests later that year. Singapore police caught syndicate members cheating in May 2016.
Details about the group are still emerging. It might consist of between 40 and 70 individuals with a headquarters in St. Petersburg, Russia.
"It took us 10 years to finally spot these guys," consultant Rex Carlson said. "It is so insidious; it is really hard to see. We are finally arriving at a complete story now."
The syndicate figured out some of the inputs of the random number generator, or RNG, of certain machines and manufacturers. That enabled the hackers to better determine when to hit the button to win.
The syndicate used an elaborate scheme with plenty of computer firepower, Carlson said. So-called scouts would initially troll the casino floor and send back video of slot machines the headquarters was familiar with. Hackers would then put the video on their computers and reverse engineer aspects of the machine's RNG over the course of several weeks.
Next, foot soldiers would be sent back to play the machines. They would be armed with two phones, one in their shirt pocket that took video of the slot screen and one in their pants pocket. The phones had four applications representing four manufacturers, including Aristocrat Leisure Ltd. The pants pocket phone would buzz when it was time to hit the slot button.
"At first look, it would seem like an RNG that is really hard to beat. But these guys managed to do it. They have a lot of computer resources available to them," Carlson told the group.
The group focused on machines that were used in casinos around the world so it could continuously move from state to state and country to country. It also kept its winning average low so as not to attract attention. The group used secured communications, rented large servers around the world and paid footmen in bitcoin to avoid detection.
An Aristocrat company spokesperson said it is aware of only a handful of reports of suspicious activity on a legacy installed base of over 100,000 Mk VI machines around the world, most of which are outside the United States. Aristocrat has received no reports of suspicious activity from the USA since 2014, the spokesperson added.
"Computing has moved along so fast that we now have bad, smart guys that can create algorithms to beat RNG if they aren't complex enough," Willy Allison, casino game protection consultant and owner of World Game Protection Inc., told the crowd. He and Carlson said so-called cryptographic-secured RNGs would help prevent such hacks.
Allison said many U.S. casinos aren't well-prepared to deal with the new generation of cheats, with some still using techniques "photocopied" from Atlantic City and Las Vegas 25 years ago.
Casinos need to hire more technology-savvy security professionals, Allison told the crowd.
Thanks to eddessaknight for the tip.
If man can Make It man can Break Into It!
It makes me wonder about the RNG lottery games. Are they at risk?
Stay with the physical ball games.
Sure they at risk Music. Our very own chief bottle washer has been saying it for years.'Tis part of his signature.
It used to be that you couldn't film or photograph in casinos, mainly for security reasons such as casing the building and filming cctv locations.
I wonder if this is the real reason.
It seems every where I read lately, from politics to gambling, the Russians are behind some sort of prank to cause problems. I think it's time to step up a defense with these clowns.
Mechanical ball drawings is the long and short of it. Preferrably without those 'hacking pre/post-tests' also. These Russians are running rampant with their cyber technology...which they actually warned us about not very long ago. Will post the information in the blogs later. This is serious.
It's what people call " white privilege."
Now if Nigerians were casing a casino looking up cctv locations etc? Game Over Max.
Many many years ago, my path crossed with Gus, the Umbrella Man. Gus was a thief who wd enter stores, stuff the unpaid merchandise down an umbrella he carried, and unsuccessfully walked out. Gus made the big time when there was an outage at a casino and then he won $1.7 million bucks from a slot machine. It was headline news in the SF Bay area. They were looking for Gus but when they went to his room, all they found was his pacemaker. So, then the headlines were speculation about Gus being a victim of "foul play." He wasn't. He was deeply involved in the heist. It all seemed like a forgotten dream until some years later, I ran across an obituary for Gus. When I would later try to find info on him, I could never remember his long Greek name. This article made me do a serious search on him and I found this article. It seems to omit some facts as I recall them, and I think that is deliberate. Anyway, he was a funny guy:
http://www.nytimes.com/1983/09/24/us/computer-wizardry-led-to-1.7-million-slot-machine-jackpot.html?pagewanted=all
It doesn't say from article or it was proven that they changed/altered the machines Rng's, so i don't get it why are they called hackers ??
Looks like they figured out the algoritms used by the machines using their own intelligence/skills plus computers,which is what a lot of us on LP are trying to do anyway. So are LP members hackers ??, b/c we are organized in a large group with many members connecting daily, some using precision build software to figure out the lotteries Rng's ?
Here's an idea. Let's not let hackers into the rooms with either the RNG machines or the ball machines.
Anything running on computers can always be hacked. It's men that create this stuff, someone is always going to be smarter . Stop the RNG in lottery
MaximumMillions,
Those weren't the only reasons. People who were supposedly on 'business trips' didn't want to be photographed anywhere in Vegas.
The California Hotel/Casino was the exception to the rule, people could take all the photos they wanted.
You are right of course. I guess in some circles any gambling is frowned upon and some people told their spouses one thing while doing another (with someone else).
They'd just have to show their Nigerian prince papers and they'd be on their way.