Who is mightier, the one-armed bandits or the cellphone bandits?Prev TopicNext Topic

• eddessaknight

  

  LAS VEGAS
  United States
  Member #47,728
  November 22, 2006
  9,433 Posts
  Offline
  Apr 29, 2017, 4:50 pm

  ▲▼

  ~With Compliments

  Eddessa_Knight with Lucky Light 

  ~

  "If you see a guy wandering the aisles of South Florida’s casinos, pointing his cellphone at the slot machines, don’t bother offering to help him snap a selfie. Rather than a hopelessly inept tourist, he’s more likely a cheater, using his phone to exploit a security gap that, by some estimates, has cost American casinos millions of dollars in slot-machine losses.

   

  The scheme to rip off the slot machines was devised by everybody’s favorite villain of the moment, Russian hackers — including, allegedly, one from Hallandale — who obtained a used machine and reverse-engineered it to figure out the mathematics behind its computerized jackpots.

   

  Then they sent players into American casinos and used cellphones to alert them to the exact instant they should hit the “spin” button on the slot machine to win.

   

  The result: What security experts say is the most lucrative cheating scheme ever devised against the  $70 billion-plus slot machine industry, and one that may prove very difficult to stop.

  “This is a major concern,” said John Grochowski, author of seven books on gambling, including one on slot machines. “The tradition of cheating on slots goes way, way back. The manufacturers and casino owners do all they can to promote security, and the computer machines are not as vulnerable as the old mechanical machines.

   

  “But if people get hold of a slot machine’s internal workings, stuff happens.”

  Though the slot-machine hacking ring was uncovered in 2014, when the FBI arrested four Russians and charged them with cheating at casinos in Missouri, California and Illinois, details of their scheme only began leaking out this spring, at gambling industry security conferences around the country.

   

  Paradoxically, the cheating had its roots in Vladimir Putin’s 2009 decision to eradicate casinos in Russia. That left the owners with thousands of useless slot machines, which they began peddling dirt-cheap to anybody who asked. Inevitably, some of them fell into the hands of gangsters who pulled them open to see if there was a way to beat them.

   

  Computer chips and video monitors have replaced the mechanical gears and little glass windows of old, but slot machines still play much the way they always have: A gambler hits the spin button, then watches an array of numbers and symbols spin across the screen. Where they come to rest — just like the row of three cherries in the old days — determines a jackpot, and how much.

  The big difference is that the cherries and oranges are no longer printed on little wooden reels. They’re video images generated randomly by computer chips — or almost randomly, which is the catch.

   

   

  Instead, they use something called a pseudorandom number generator that starts with a small collection of digits — in the early days of computers, it was often something as simple as  the time and the date  — and manipulates them into seemingly endless sequences of numbers so long that they appear to be random, but aren’t."
• eddessaknight

  

  LAS VEGAS
  United States
  Member #47,728
  November 22, 2006
  9,433 Posts
  Offline
  Apr 29, 2017, 10:29 pm

  ▲▼
  In response to eddessaknight

  Quote: Originally posted by eddessaknight on Apr 29, 2017

  ~With Compliments

  Eddessa_Knight with Lucky Light 

  ~

  "If you see a guy wandering the aisles of South Florida’s casinos, pointing his cellphone at the slot machines, don’t bother offering to help him snap a selfie. Rather than a hopelessly inept tourist, he’s more likely a cheater, using his phone to exploit a security gap that, by some estimates, has cost American casinos millions of dollars in slot-machine losses.

   

  The scheme to rip off the slot machines was devised by everybody’s favorite villain of the moment, Russian hackers — including, allegedly, one from Hallandale — who obtained a used machine and reverse-engineered it to figure out the mathematics behind its computerized jackpots.

   

  Then they sent players into American casinos and used cellphones to alert them to the exact instant they should hit the “spin” button on the slot machine to win.

   

  The result: What security experts say is the most lucrative cheating scheme ever devised against the  $70 billion-plus slot machine industry, and one that may prove very difficult to stop.

  “This is a major concern,” said John Grochowski, author of seven books on gambling, including one on slot machines. “The tradition of cheating on slots goes way, way back. The manufacturers and casino owners do all they can to promote security, and the computer machines are not as vulnerable as the old mechanical machines.

   

  “But if people get hold of a slot machine’s internal workings, stuff happens.”

  Though the slot-machine hacking ring was uncovered in 2014, when the FBI arrested four Russians and charged them with cheating at casinos in Missouri, California and Illinois, details of their scheme only began leaking out this spring, at gambling industry security conferences around the country.

   

  Paradoxically, the cheating had its roots in Vladimir Putin’s 2009 decision to eradicate casinos in Russia. That left the owners with thousands of useless slot machines, which they began peddling dirt-cheap to anybody who asked. Inevitably, some of them fell into the hands of gangsters who pulled them open to see if there was a way to beat them.

   

  Computer chips and video monitors have replaced the mechanical gears and little glass windows of old, but slot machines still play much the way they always have: A gambler hits the spin button, then watches an array of numbers and symbols spin across the screen. Where they come to rest — just like the row of three cherries in the old days — determines a jackpot, and how much.

  The big difference is that the cherries and oranges are no longer printed on little wooden reels. They’re video images generated randomly by computer chips — or almost randomly, which is the catch.

   

   

  Instead, they use something called a pseudorandom number generator that starts with a small collection of digits — in the early days of computers, it was often something as simple as  the time and the date  — and manipulates them into seemingly endless sequences of numbers so long that they appear to be random, but aren’t."

  ~With Continuing Compliments

  EK

  ~

  "Still, the chink in the security armor of slot machines — that pseudorandom number generator — remains, vulnerable to attack to anybody with the patience and computing power to attack it."

   

  THE MANUFACTURERS ARE JUST GOING TO HAVE TO FIND A WAY TO BUILD NEW SECURITY INTO THE GAMES.

  John Grochowski, author of seven books on gambling, including one on slot machines

   

  The apparent participation of a South Florida man in a massive international gambling conspiracy raises an obvious question: Did the cheaters hit Florida’s casinos? The answer is, if so, they weren’t caught.

   

  “We have not seen slot machines being hacked or electronically manipulated in Florida, going back to when the first slots were up and running,” said Stephen Lawson, a spokesman for the state Department of Business and Professional Regulation, which regulates casinos. “We haven’t recorded a single case of that.”

   

  But it may also be true that nobody in Florida has been watching for the Russian hackers. Lawson said he hadn’t about the case until a Miami Herald reporter asked him about it. Neither had Alex Havenick, co-founder and vice president of Miami’s Magic City Casino. “That’s a little surprising, because we always have our ear to the ground for that sort of thing,” Havenick said. “And we have slot machines made by Aristocrat — all Florida casinos do.”

   

  Havenick nonetheless doubts the Russians did any of their dirty work against his 800 or so slots, which are the heavy financial hitters of a place that can’t offer table games like blackjack because of Florida law on racetrack casinos.

   

  “Everyone is out to protect their slots,” Havenick said. “If we saw a guy taking pictures of a slot machine with his phone, we’d probably have said, ‘That’s weird,’ and asked him to leave. It’s not actually not that hypothetical. We’ve had had competitors come and look around at what we’re doing — one had his phone out and was taking pictures, and we asked him to go.

   

  “When stuff happens that’s out of place, we usually go and investigate what’s going on.”

  Still, the chink in the security armor of slot machines — that pseudorandom number generator — remains, vulnerable to attack to anybody with the patience and computing power to attack it.

   

  “Aristocrat is a major slot manufacturer — the third largest in America — and there are thousands and thousands of its machines out in the field,” said Grochowski. “Almost every casino has them. What percentage are vulnerable I’m not sure, but even if its small, you’re potentially talking about a lot of money.”

   

  Attempts by the Miami Herald to reach Aristocrat and Novomatic, the two manufacturers whose slots have so far been affected by the Russian cheating, were greeted with silence. Perhaps that’s because there may not be much the manufacturers can do about it. “There’s no way to really fix it,” said Robison. “We can’t put randomness into computers

  .

  “The most effective way to combat the cheating may be for the casinos to increase their vigilance. The behavior you have to exhibit to use this method is very unusual. Sitting there for long periods of time, pointing your cellphone at the machine, waiting to hit the spin button, this is just not the way people play slot machines. It’s pretty easy to spot if you’re looking for it.”

   

  Others, however, note that slot-machine technology has successfully evolved many times over the years. Slots have been under siege by cheaters since about two minutes after they were invented, yet they’ve survived. Shadily inclined gamblers have attached coins to threads so they could be yanked back after triggering the machine’s play. They used a claw-like device known as the monkey’s paw to, well, monkey with the slots coin counters, making them overpay. They manipulated the reels with magnets.

   

  The most brazen of all may have been the early 1990s  gang-attack on so-called Big Bertha slots  — the huge machines usually placed near a casino entrance that play for $1 or more. A crowd would form around the machine while one of the cheaters played. Then a very small woman would pry open the little door at the Big Bertha’s base, climb into the cleaning and inspection space inside, and shut herself in for a couple of hours to physically grab the machine’s reels and stop them in winning combinations.

   

  “The manufacturers are just going to have to find a way to build new security into the games,” said Grochowski. “They had to figure out a way to make the machines not so vulnerable to coins on string, Monkey’s Paws and magnets. And they’ll have to do it for cellphones, too.”

  But what might seem like the easiest solution — banning cellphones from casinos — is about as likely as banning wallets.

  “These days, if a place — not just a casino, but anyplace — won’t let people have their phones, they’re just not going to go in,” said Havenick. “And that includes me.”

   

  ~
• eddessaknight

  

  LAS VEGAS
  United States
  Member #47,728
  November 22, 2006
  9,433 Posts
  Offline
  May 1, 2017, 8:46 pm

  ▲▼

  More on this fascinating Story ~EK   Russian hackers hit global jackpot with slots code Las Vegas conference hears horror story By TODD PRINCE   "An international syndicate of Russian hackers that cashed out millions from slots in U.S. casinos over the years is focusing its efforts on South America and Europe after busts in Missouri and Singapore. The Russian syndicate most recently struck in Peru, a security consultant to slot-makers told a group of U.S. regulators at a Las Vegas conference Thursday at the Luxor organized by Gaming Laboratories International. Wired magazine first reported the story about the syndicate last month. The existence of the Russian group, which might have been operating for as long as a decade, was first spotted in Missouri in May 2014. The FBI made its first arrests later that year. Singapore police caught syndicate members cheating in May 2016. Details about the group are still emerging. It might consist of between 40 and 70 individuals with a headquarters in St. Petersburg, Russia. “It took us 10 years to finally spot these guys,” consultant Rex Carlson said. “It is so insidious; it is really hard to see. We are finally arriving at a complete story now.” The syndicate figured out some of the inputs of the random number generator, or RNG, of certain machines and manufacturers. That enabled the hackers to better determine when to hit the button to win. The syndicate used an elaborate scheme with plenty of computer firepower, Carlson said. So-called scouts would initially troll the casino floor and send back video of slot machines the headquarters was familiar with. Hackers would then put the video on their computers and reverse engineer aspects of the machine’s RNG over the course of several weeks. Next, foot soldiers would be sent back to play the machines. They would be armed with two phones, one in their shirt pocket that took video of the slot screen and one in their pants pocket. The phones had four applications representing four in bitcoin to avoid detection." An Aristocrat company spokesperson said it is aware of only a handful of reports of suspicious activity on a legacy installed base of over 100,000 Mk VI machines around the world, most of which are outside the United States. Aristocrat has received no reports of suspicious activity from the USA since 2014, the spokesperson added. “Computing has moved along so fast that we now have bad, smart guys that can create algorithms to beat RNG if they aren’t complex enough,” Willy Allison, casino game protection consultant and owner of World Game Protection Inc., told the crowd. He and Carlson said so-called cryptographic-secured RNGs would help prevent such hacks. Allison said many U.S. casinos aren’t well-prepared to deal with the new generation of cheats, with some still using techniques “photocopied” from Atlantic City and Las Vegas 25 years ago. Casinos need to hire more technology- savvy security professionals, Allison told the crowd.manufacturers, including Aristocrat Leisure Ltd. The pants pocket phone would buzz when it was time to hit the slot button. “At first look, it would seem like an RNG that is really hard to beat. But these guys managed to do it. They have a lot of computer resources available to them,” Carlson told the group. The group focused on machines that were used in casinos around the world so it could continuously move from state to state and country to country. It also kept its winning average low so as not to attract attention. The group used secured communications, rented large servers around the world and paid footmen