Welcome Guest
Log In | Register )
You last visited December 6, 2016, 7:06 am
All times shown are
Eastern Time (GMT-5:00)

ARe Hackers 1 step ahead in the lotto??I always had a hunch..

Topic closed. 21 replies. Last post 7 years ago by jwhou.

Page 2 of 2
51
PrintE-mailLink
Avatar

Honduras
Member #20982
August 29, 2005
4715 Posts
Offline
Posted: December 23, 2009, 9:46 pm - IP Logged

So that's where the two pennies I had my desk went.

How can the hackers hack 2 cents from my paycheck?

my brother knew a hacker in the army who did that to the USA Army...

The Forex trades: 1.6 Trillion dollars EVERY day, that´s more than the GDP of the Carribbean Central America, COMBINED. Enough to feed every crook out there for centuries...To all Geniuses & Powers Countries of the World the Planet needs breakthroughs in all Medicine, Veterinary, Biology related fields, Psychology, Population Psychology/Sociology..They need to genetically ingeneer new plants species/types to give more variety of plants and thus have more resources for combating diseases¨


 


 


 

 


    rdgrnr's avatar - walt
    Way back up in them dadgum hills, son!
    United States
    Member #73904
    April 28, 2009
    14903 Posts
    Offline
    Posted: December 24, 2009, 2:26 am - IP Logged

    my brother knew a hacker in the army who did that to the USA Army...

    Anybody who did that to the US Army should be in jail with Manuel Noriega.


                                                 
                         
                                             

     

     

     

     

                                                                                                       

    "The only thing necessary for evil to triumph is for good men to do nothing"

                                                                                                --Edmund Burke

     

     

      Avatar
      Kentucky
      United States
      Member #32652
      February 14, 2006
      7308 Posts
      Offline
      Posted: December 24, 2009, 9:24 am - IP Logged

      my brother knew a hacker in the army who did that to the USA Army...

      Your brother probably knew someone that said they hack into the US Army payroll, just like when someone told me they hacked into the Pentagon computer's top secret files. When I asked what they saw, they said "a whole bunch of stuff" without going into any details as if I was gullible enough to believe that proved they actually did it.

      Had you said a hacker could get a $1 from 100 people working for a small business where payroll is done by the owner's not so smart brother-in-law, it could be possible that none of the employees noticed $1 missing from their paycheck. However you decided to go for the big bucks and expect us to believe that hundreds of payrolls could be hacked into and not one person out of 20 million would notice non-specific payroll deductions from their paycheck for 2 years. Do you really believe out of those hundreds of companies, not one auditor would notice funds being distributed to an unknown account for an unknown reason?

      To get back to the original question, one would have to assume the lottery's RNG computer was online and programed to generate specific numbers. From what happened in Tennessee, we know the pick-3 can be programed for non-repeating digits and lowered the possible combos to 720, but that hardly enough for a player to make a substantial profit. It could be programed as two digit pick-3 like when they put extra weight in the other balls in PA but the RNG computer would have to be online for a hacker to do that.

      What you're suggesting in both scenarios is more like an "inside job" than hacking.

        Jack Pot's avatar - Lottery-028.jpg

        United States
        Member #55246
        September 20, 2007
        225 Posts
        Offline
        Posted: December 24, 2009, 11:00 am - IP Logged

        i apologize for deviating from the subject...But anyways, hackers dont need to hack grandiosily anything...For instance hackers if they were to collect: 2 pennies every paycheck from: 20 million people for 2 years they will have: 20 million dollars...in 5 years...50 million dollars...Again just 2 pennies...if they WANTED TO.. they could place those 50 million in the bank at: 6% or whatever percentage and in 20 years they will have: $60 million dollars extra..so that will be: 60 million + 50 million = 110 million dollars...Again dont need to hack the lottery or dont need to make a GRANDIOSE HACKING...

        Just to show that they dont need to hack the lottery...And most of you dont even notice if you lost: 2 pennies in your bank account...You are paying most attention to the dollars...

        Again i am just proving that hackers dont need to hack the lottery even if they could because they get MORE money a different way...

        Pumpi, please read your bank statement. Every deposit or withdrawal you make- is automatically added or subtracted from the current balance. The name of the business is going to be there.  How can anyone hack 2 cents without you knowing it?

          Avatar

          United States
          Member #83701
          December 13, 2009
          225 Posts
          Offline
          Posted: December 24, 2009, 2:59 pm - IP Logged

          Nice post.  The thing is, there is an alarming number of states that don't use real mechanical drawings -- they use computers.  (Click State Lottery Report Card in the Results menu to see which ones.)

          To say that no drawing has been hacked may be true among states with real drawings (save the single incident in Pennsylvania many years ago), but with computerized drawings the fact is we just don't know.

          The only thing we know for sure is that major incidents have occurred, some existing for several months, where large numbers of tickets simply could not win because of "errors".

          Were they really errors?  Who really knows.  It is a fact, however, that someone who knew about the existence of the "error" could in fact have much better odds of winning by not playing one of the bad ticket numbers that had no chance of winning.

          If there WAS a hacking success, I would not count on the lottery -- or the computerized drawing manufacturer -- being forthcoming about it.  Can you imagine the impact of such a thing?  The states totally rely on lottery revenues increasing from year-to-year, and suddenly the public, with its confidence shaken, stops buying tickets for fear of the computerized drawings.

          Heck, I don't buy tickets for computerized drawings now.  The so-called "errors" are enough for me.  Imagine what would happen after a successful hacking attempt or insider job.  (The latter is more likely.)

          As I've said before, the main danger anytime you involve computers is that someone could hack or rig a drawing, and then un-do the hack to make it appear as if nothing happened. 

          The scenario is that someone gets a Quick Pick ticket, then programs the computer to draw that number on their ticket, and then the program erases itself after the drawing.  It's really not that hard to do if you know what you're doing, and you pay off the right people to gain physical access.  Former employees for the computerized drawing manufacturers would have the best ability to do it, because they know the internals of the computers, as well as the operating system and drawing code (and any checksum/validation code that exists).

          I can't fathom why the lotteries continue to open up this can of worms.  The drawing is the single-most important thing they do.  They need to STOP CHEAPING OUT and do their jobs correctly.

          I do find the transition to computerized draws disturbing because of the lack of transparency.   There are ways to safeguard against tampering, the computer image could be securely kept and the MD5 checksum of it widely published.   Indeed the software should be available for download and auditing in source code form.   The machine used to run the software can also be securely kept and shouldn't be networked.   The checksum of the software and the condition of the machine can be verified by an independent audit before each draw.   These measures would prevent anyone from 'hacking" in, modifying the code and then removing the evidence.

          A clean hack always involves first researching the situation first, replicating the setup on your own equipment and testing the process before an actual hack attempt so getting on the inside or getting someone on the inside would be the first thing hackers would do and since that makes the individual a suspect, it's more likely that an organization would employ someone to get the lay of the land so that someone else can do the hacking.   You're more likely to see such a hack be from organized crime, government or by the coaching of a teen by such an organization through an internet forum.

          There is one vulnerability that's likely to exist in a computerized scenario and that is it's very rare to write all the code from scratch these days.   It's quite likely that the software runs on top of a commercial operating system and if nothing else, a widely available compiler, so all one would need to do is write a virus that targets an innocuous portion of the operating system or runtime library that really does nothing harmful but spreads if it finds itself networked to the Internet hence embedding itself in the OS over time.   When it detects that it isn't networked, it can check the date and on selected dates determined by pseudo-random sequence from a known seed and hence the sequence known to the writer of the virus, it would look for and substitute the RNG of the lottery program which may very well be just the OS or compiler's RNG and hence a well known target in order to produce a draw from a much more reduced set of possible sequences.    It would be difficult to detect as the virus needn't be in the lottery software itself just something that loads into memory on boot, it wouldn't interfere all the time so all draws not at the designated dates and times would still be normal draws hence passing any empirical test runs, it wouldn't run at all draws so suspicious patterns would not occur yet the writer could confirm if the virus infected the secured image if several draws on specific dates fall resulted in certain sequences and could then purchase several hundred tickets representing the reduced space of the draw but only for a draw that is interfered with according to the pseudo-random sequence.   There's probably a virus that does that to the system's RNG already and the sequences could probably be purchased off the internet since it's possible that the writer doesn't want to wait till the virus infiltrates the software or wish to be directly linked to fraud.   It's also possible that people will claim to have written such a virus and would sell the sequences without having actually distributed such a virus into the wild.   It's also possible that by simply posting this idea, I may have inadvertently inspired someone to do this (that happened with one of my posts about Windows security and the use of Samba back in the mid 90's, one guy actually tried it and replied to the forum that it worked, I remember he ended that post with the comment "That's scary").

            four4me's avatar - gate1
            MD
            United States
            Member #1701
            June 18, 2003
            8360 Posts
            Offline
            Posted: December 24, 2009, 3:32 pm - IP Logged
            Suppose some savvy programmer who wrote the RNG program. Already installed a program to spit out his numbers on certain calendar days he/she could have programmed a whole range of numbers. Kept a record of the days and on those days go out a buy a bunch of numbers for that draw. Nobody would be the wiser except him/her.
             
            When Tennessee lottery showed a video of the RNG system there were cables going to and from the computer. These cables looked like modem connections to me.
             
            What auditor would know whether or not there was a hidden wireless device installed in the PC so it could be hacked from outside the building.
             
            There are so many ways a computer code could be corrupted or compromised it's pathetic just like the excuses lottery directors use for using RNG instead of balls to conduct drawings.

            Big John says. You don't hit the number. The number hits you!!!!

                           I'm not Big John, I'm Four4me, Big John's a friend.
              Avatar

              United States
              Member #83701
              December 13, 2009
              225 Posts
              Offline
              Posted: December 24, 2009, 4:33 pm - IP Logged
              Suppose some savvy programmer who wrote the RNG program. Already installed a program to spit out his numbers on certain calendar days he/she could have programmed a whole range of numbers. Kept a record of the days and on those days go out a buy a bunch of numbers for that draw. Nobody would be the wiser except him/her.
               
              When Tennessee lottery showed a video of the RNG system there were cables going to and from the computer. These cables looked like modem connections to me.
               
              What auditor would know whether or not there was a hidden wireless device installed in the PC so it could be hacked from outside the building.
               
              There are so many ways a computer code could be corrupted or compromised it's pathetic just like the excuses lottery directors use for using RNG instead of balls to conduct drawings.

              Well, with any change, there are ways to circumvent the system.   That's true of the mechanical draws as well, it's just that over time, most of the mechanical means would've been discovered and mitigated.   Computers are new and there will be new ways of circumventing them and over time we will find ways of mitigating these problems.

              An audit of a computer would include opening up the box and ensuring that only the specified components exist.   An audit of the software would be an independent checksum scan to ensure that it's the software intended.

              I haven't a clue why they would bother with modem lines to a computer making the draw.    It would seem to me that ensuring the machine is off the network would be paramount.    Perhaps the cables are video splitters so that they can record or televise the display.

              Obviously since I was the one who put worth the RNG virus idea of only interfering on certain draws, clearly I'm demonstrating that there are ways to compromise a computerized system and do find the change to such systems disturbing but in the end, it is just a system and it could be secured from tampering eventually.   Fundamentally, there are more weaknesses because it hasn't been around as long and hasn't had all the vulnerabilities worked out of it, not because it's a computer but because it is a new process.

              I really don't see why they would want to computerize the draw, there doesn't seem to be any technical advantage and there's a serious problem in security with such a major change of technology.    They may be less expensive than the ball draw machines but those are capital costs not recurring costs, if anything a computer is more likely to be periodically replaced as they become obsolete then a lottery ball draw machine.    I would expect the lottery commissions to prefer going with the mechanical draws simply for publicity sake.