Man Arrested For Exploiting Error In Slot Machines 611
An anonymous reader writes "A man awaiting trial in Pennsylvania was arrested by Federal agents on Jan. 4, and accused of exploiting a software 'glitch' within slot machines in order to win payouts. The exploit may have allowed the man to obtain more than a million dollars from casinos in Pennsylvania and Nevada, and officials say they are investigating to see if he used the method elsewhere. The accused stated that 'I'm being arrested federally for winning on a slot machine. Let everybody see the surveillance tapes. I pressed buttons on the machine on the casino. That's all I did.' Apparently, slot machine software errors are fairly common. The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors, and if you find an error that you can exploit, you may find yourself facing Federal charges for doing so."
double standard (Score:5, Interesting)
I suppose the most glaring issue here is the double standard that software errors can be legally taken advantage of by the casinos, while they are illegal to take advantage of by the gambler. (or at least that looks like how the recent verdicts have been swinging)
Re:lots of news stories of winnings denied, too (Score:5, Interesting)
job vacancy for large Pokie company... (Score:4, Interesting)
i read a job app a few years ago for the dominant "pokie machine" developer in my state. reading the requirements was a bit of an insight into the sort of thing these people do:
- high level mathematical modelling ...the house always wins indeed. spread enough bell curves around enough machines and they'll all seem exactly within an arbitrary margin of error while overall they're heavily stacked.
- statistical analysis
- ability to develop for a statewide networked system
i hope this poor bastard wins his case.
Re:double standard (Score:5, Interesting)
Last year I joined (and left) a major manufacturer of slot machines. I was hired as R&D manager and I was absolutely terrified when I saw how things were done. No good software development practices, their concept of version management was dumping source on a network share, the previous manager was the only one using a VCS and was for his private use, and the code was absolutely disappointing to say the least. The bad practices were so deeply marked on them that things were taken to a new facility, with an entire new team that I personally interviewed and trained them from the start, people that still didn't have any of the bad habits the old team had. Eventually I left because whoever was above me was far worse and I soon realized the company was off to die, because top level management were the ones that messed up in the first place and were about to destroy the company by killing all R&D and training and having the new team do sustained engineering on the bad code produced by the old team. This is the state of the gambling industry.
Insider information (Score:5, Interesting)
To distill the article, those machines have some software options, such as volume, screen brightness, and some game options, such as whether or not a Double-Up feature was enabled.
Somehow the guy knew that if the Double-Up feature was enabled a software flaw would be exposed, whereby a certain sequence of button presses would trigger a jackpot (and the jackpot would not be recorded in the data log).
The machines did not have Double-Up enabled by default, so this guy would ask casino techs to mess with settings, like the volume and brightness. While they were changing those settings he also asked to have the Double-Up enabled, thus "enabling" the bug.
So the glaring question is how did this guy know about the "correct sequence of buttons" and the fact that it specifically had to be enabled via the Double-Up feature? To me this reeks of a developer slipping in a "glitch" to trigger a jackpot at will, and it was hidden with that Double-Up feature which they knew was disabled by default to keep the sequence from accidentally being discovered (or found via auditing).
The real criminal is the insider that passed this info along, and presumably maintained anonymity and safety while his patsy actually went around and harvested the winnings, which I'm sure the software developer would receive a share of.
Re:Idiotic Summary (Score:5, Interesting)
It's not an idiotic assertion in that it's true in general (all casinos have a clause like "payouts only after verification"), but it is a bit of a non-sequitor.
Basically, anytime the slot machine gives the jackpot, that machine is usually immediately taken offline and wheeled back for verification of the win. Of course, you're not allowed to see this, you only hope they're doing things like comparing the software against the government-escrowed copy (yes, the government maintains a copy of the software) and verifying the settings. Networked jackpots often have to confirm with the network operators in making sure the server actually sent the "win" command to the slot (networked jackpots are determined by the central server when you pull). At any point the casino can simply turn around and say "sorry, it was a glitch" and deny your jackpot. It's happened before.
Games You Can't Win. (Score:5, Interesting)
I like seeing stories like this. Maybe if we have enough of 'em, people will realize that gambling when the house has a stake is a sucker's game.
There's an anecdote in the book "Games You Can't Lose" by Harry Anderson (who played the judge in Night Court, and is a longtime stage magician and collector of cons and swindles). To paraphrase:
One day on a whim, this guy places a bet at a sidewalk Three Card Monte game and of course he loses. So he starts watching carefully how the game is played. And he notices how the dealer ignores bets that are placed on the right card when someone else bets on the wrong one, and how a Monte game always has a bunch of shills around who will helpfully make the wrong bet in case none of the marks do.
So the guy comes back the next day, and when the dealer calls for bets, the guy pulls out a staple gun and staples his dollar to the Queen. Bam! The first guy to ever win at Three Card Monte.
And he pocketed his winnings, after the nurse at the emergency room un-stapled them from his forehead.
Re:Don't they have to prove intent? (Score:4, Interesting)
I did casino security in the 80s. I could never find in actual evidence of that happening. In fact we had a notice from the gaming board that counting card is NOT illegal.
They can refuse business to anywhere.
Re:Insider information (Score:4, Interesting)
As a youth, I used to play an old game called Sundog [wikimedia.org] on my Atari ST. It was a space faring/trading game where part of your objective was to buy/steal/find the resources a new religious colony demanded.
One of the things I discovered were a series of glitches in the game that allowed me to skip the heavy trading of the game and make good money buying and selling 'inventory' items instead.
From memory, a bug in the shopkeeper interactions allowed me to buy the second item in the inventory for the price of the first item. In weapon stores, the first item was always a cheap healing dodad, while the second item was always a fairly hefty priced force shield.
So it started off with me getting cheap 'armor'. On top of this the shields had a set number of hits on them, and the 'glitched' copies, being uninitialized, effectively got an extra 'hit' out of them as the first hit set their 'remaining charges' to the max amount.
At first I used that and the fact that you could carry more than one shield to 'hunt' muggers in the streets, if you wandered around you could get 'lucky' and suddenly find yourself surrounded by a group of people demanding your cash. If you choose to fight and survived, you could loot them for their cash and weapons and then go sell those on the black market in the nearest burger joint. It was 'OK' money, but I then discovered a way to make it even faster.
You see, whenever I attempted to sell one of the 'uninitialized' shields I could never get more than the cost of those cheap health items. And while they sold at 'full' value when once they were initialized, each hit after that first one reduced their value. BUT what I discovered on accident was that you could SHOW the person you were selling to a fully charged 'legit' shield and once you and they were finished on haggling the price, you could give them any shield, regardless of it's remaining charges.
Weapon costs varied planet from planet, so what I'd do is fly to the cheapest planet I could find and fill my ship with 'knockoff' shields, then head for the most expensive planet and reap 100-200% profits.
My point is, I wasn't more than 12 when I found this out, on my own. There wasn't an internet back then, not for the public at least. This sort of glitch doesn't require insider knowledge, just someone with an idea of how these machines work and a willingness/ability to experiment on them.
Of course, that doesn't always pan out. I loved Sundog but the thing I remember most about it was that the novella/backstory for it indicated that the whole reason I was doing all this was to clear my dead uncles debts and even indicated specifically how much I owed. The final stage of the game involved an extremely well hidden city on a planet that was only reachable once you purchased top of the line parts for your ship. When I got stumped on that stage (because I didn't even know there WAS a city to find) I decided the final part of the game must be collecting that sum so I could officially pay off his debts. I'm sure you can imagine my frustration when a year later, after having collected what I think was over five times the amount, I finally bumped into the hidden city while exploring and finished the game in less than 10 min after that.
Re:double standard (Score:5, Interesting)
I could, but:
1) what gaming commission? The company is spread around the world, with the first team of programmers being in a country one ocean away from the second, that was set up in my country. And in my country we couldn't even sell or explore the machines, just develop them.
2) don't forget that before machines can operate in a particular country they have to pass the analysis of that country's gambling commissions or certification companies and they must have access to the entire process, including source code. For some reason, this particular company didn't have a single machine in the USA for several years.
3) what the hell would I say? "hey, the company that hired me to save it from itself had bad practices before I joined it"?
Re:double standard (Score:4, Interesting)
Re:double standard (Score:2, Interesting)
I worked one month for a major gaming / lottery company myself before quitting in disgust. (And this was after three months of having been unemployed a couple of years before the latest depression when I was desperate.) My experiences were much like yours except for the chance to make a better team. No documentation (in the code or otherwise). No software control standards. Poor version control. Crappy code. And absolutely no morale at the workplace and a terrible martinet gnome of a boss who jerked me around on hiring me in the first place. To this day, I do not place that company on my resume.
Part of me really hopes it was the same company so that there aren't two of them. (Hell, I'm posting AC. I'll name names. It was Scientific Gaming.)
Re:double standard (Score:2, Interesting)
Re:double standard (Score:4, Interesting)
Re:I think this probably ought to be illegal (Score:5, Interesting)
What makes it a forgery [lectlaw.com] is this: The machine claimed he won. He did, in fact, not win. He forced the machine to incorrectly indicate that the casino owed him money. This is not exactly a "written" instrument, but it's close enough: The machine's "you have won!" display functions equivalently to a document purporting to entitle him to a large amount of cash. But it was not produced as a result of a legitimate game of chance, which is what the machine is supposed to do. Instead it was produced as a result of deliberately triggering a malfunction, which was then misrepresented as legitimate.
When he claimed the jackpot, he presented the printout, the winning screen on the slot machine, whatever as proof that he had won the game of chance. Playing the slots at the casino is effectively entering into a contract with the casino: Play this game of chance according to the rules, and if you win, we will pay you according to the reward schedule. He didn't play according to the rules, instead, he misused casino property to made it appear as if he had. As I see it, that definitely falls under 'the fraudulent making and alteration of a writing to the prejudice of another man's right.'
Re:double standard (Score:4, Interesting)
I was once hired to write a VR casino game. Pretty cool actually, shame it was never commercially released.
Anyway, the point is that they wanted it guaranteed rigged so even things which appeared to have a certain percentage chance of happening (say 25%) would be indeed 25% until the last piece would cause a win, in which case it wouldn't win except on an exceedingly diminutive chance.
I found a bug in it that would essentially let you 'spin the slots' as fast as the frame rate of the world, and seriously debated not fixing it in case the game ever was released. Damn morals - I fixed it. =)
Re:double standard (Score:5, Interesting)
TFA says that this is apparently not uncommon for people who shovel a lot of money into slots. Changing things like the screen brightness or volume is common. In this case there was a bonus doubling feature that is usually turned off because gamblers don't like it. They don't want double-or-nothing risks, they like to play the shorter odds. It is simply an optional feature that happened to be exploitable. I don't see any difference between that and finding an exploit in one of the default features.
Bottom line is that the code was buggy and he found a way to turn it to his advantage. There is no suggestion that the technician did anything wrong by enabling this feature or that it is a particularly unusual thing to do.