Slashdot Mirror
Computerized Betting System Proves Vulnerable
count3r writes "A front page article in today's New York Times reports that an employee of Autotote has been fired for (allegedly) hacking the system responsible for 65% of all horseracing bets in North America. The caper, if it is indeed a caper, resulted in a series of six bets that paid a total of $3,000,000 in last Saturday's Breeders' Cup."
I will never understand how people come up with good, well thought out crime plans, and then totally screw up the execution by rushing things or bring too much attention to the project. Just dumb.
Buttloads of $ vs. determined individual: vulnerability.
Someone will always find a way to steal and no matter how good your security, when you have the human element on the inside, you are vulnerable. That's why auditing to detect theft is as important as securing against it.
"When it rains, it pours." --Morton's Salt
Hey...I have an idea (not that it will be accepted). Why don't we stop allowing registration-required links on the front page? Including free-registration. We can now find many sources for the same story with Google News, so there's no reason to keep linking to NYT.
I can't say that I don't give a fuck. I've just run out of fuck to give.
You obviously know nothing about the horse racing industry. While there may be some shady characters out there, most people in the scene are just your average blokes who are hoping to win a couple bets while at the racetrack. Those are the guys who eventually end up losing because of people who cheat the system.
See that, someone wins a tough bet with a huge payout and they immediately call foul play so they dont have to pay.
Gee i *bet* online casinos work the same way...
Sounds debatable to me. On the one hand a huge payout will garner a lot of attention, but on the other hand committing a fraud over and over every week sounds quite high on the risk scale too.
As a bit of background regarding this, these guys didn't transfer from one bank account to another, or some other thing that's caught "in the books": One purportedly made an electronic bet, and the other altered the electronic bet after the fact to match the winners. It really isn't that ridiculous of a scam as people do win every now and then. It isn't entirely inconceivable that someone one.
Having said that, it is the duty of responsibility of the operators to exercise due diligence, and truly not trust anyone: i.e. all databases have multiple layers including audit logs, in this case catching his transaction as it occurs for future analysis. In this case I presume that exactly that happened, as they obviously caught him.
They want us to vote online?
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
I have another idea. Why don't you presume to never pay for anything, ever? To live in a fantasy world where all you have to do is consume.
(Or perhaps you don't mean that, in which case I apologise. But I'm getting sick of seeing people here with the attitude, "We're all for 'Free'. And look, we can just take shit! Stick it to the man! Yeah!")
resulted in a series of six bets
Was was reading this yesterday, it's actually interesting. It wasn't six bets, it was one bet on six consecutive races (called a Pick 6, apparently). The ticket cost over a grand just to purchase.
Apparently, the winning ticket including the first 4 race winners, followed by picking every horse in the field for the 5th and 6th races. This was suspicious because the betting management company allows the bets to be submitted during simulcasting through the end of the 4th race to prevent system congestion, according to the article.
The theory is that the employee submitted a fixed bet at the end of the 4th race. The ticketholder himself, apparently unrelated to the employee who is under investigation for fraud, claims that he is innocent, and is telling the company to put up some evidence or give him his 3 mils.
I dunno about you, but I do detect a strong odor of fish. On the other hand, if the lottery hit for this guy and he is legit, more power to him.
Fortunately, such a thing could never happen with electronic voting machines.
Right?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
The fact is that implementing a gaming system is a nightmare, be it on the ground or in the air. IMHO, quite a bit more difficult than point of sale or banking systems. In addition to being secure, it's gotta be completely fail safe (so if a passenger's terminal goes down seconds after a jackpot he won't loose his winnings and take it out on the cabin crew). Also, it's going to be transaction heavy - hundreds of smaller, individual bets over a gambling session as opposed to, say, a higher end credit card transaction every minute at a department store cash register. If you add in the fact that gambling is a potentially addictive activity that piques the interest of organized crime, you have a recipe for any disaffected insider to slip in hacks and back doors.
On the whole, I'm not surprised that someone corrupted a gambling system. I'm just surprised that this doesn't make the newspaper more often.
"Prepare for the worst - hope for the best."
I'm trying to figure out why people think computerized betting is any more vulnerable to fraud than the non-computerized variety.
The Breeder's Cup incident was an inside job! There have been numerous Casino incidents where employees have tried to scam their employers. A security system is only as good as the people with whom the system is entrusted. This is true for physical security as well as computer security.
Lastly, criminals are not, inherently, stupid. It only seems like that as the stupid ones are the ones that usually get caught. Borrowing from Kaiser Sousay (Kevin Spacey) in Usual Suspects : the greatest trick a master criminal has ever pulled is convincing the world that a crime has not been committed.
he reason why this was a dumb scheme, and the reason why they got caught is pure math. The track paid out more money then they took in, and immediately knew something was amiss. If the systems worked properly, that can't happen. Long shots hit all the time, even 100:1 long shots, but if your computer system adjusted the odds according to the bets made before post, you won't lose money.
Obviously you understand horse racing. Having said that, I question your claim that it's entirely pool driven. Most tracks offer multiple win wins that are many multiples the win for a single race. i.e. If this guy changed a single $1 bet for #7 in the 3rd to be a $10000000 bet, then that seems obvious. If, on the other hand, he changed a $1 bet (so $6) for #7 in the 1st, #2 in the 2nd, #4 in the 3rd, etc, for $6 races, and the track offers a mega win for six successive wins, the difference that his bets make in the win is miniscule.