Man Arrested For Exploiting Error In Slot Machines

An anonymous reader writes "A man awaiting trial in Pennsylvania was arrested by Federal agents on Jan. 4, and accused of exploiting a software 'glitch' within slot machines in order to win payouts. The exploit may have allowed the man to obtain more than a million dollars from casinos in Pennsylvania and Nevada, and officials say they are investigating to see if he used the method elsewhere. The accused stated that 'I'm being arrested federally for winning on a slot machine. Let everybody see the surveillance tapes. I pressed buttons on the machine on the casino. That's all I did.' Apparently, slot machine software errors are fairly common. The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors, and if you find an error that you can exploit, you may find yourself facing Federal charges for doing so."

double standard

[v1]

I suppose the most glaring issue here is the double standard that software errors can be legally taken advantage of by the casinos, while they are illegal to take advantage of by the gambler. (or at least that looks like how the recent verdicts have been swinging)

Re:double standard

[joaommp]

Last year I joined (and left) a major manufacturer of slot machines. I was hired as R&D manager and I was absolutely terrified when I saw how things were done. No good software development practices, their concept of version management was dumping source on a network share, the previous manager was the only one using a VCS and was for his private use, and the code was absolutely disappointing to say the least. The bad practices were so deeply marked on them that things were taken to a new facility, with an entire new team that I personally interviewed and trained them from the start, people that still didn't have any of the bad habits the old team had. Eventually I left because whoever was above me was far worse and I soon realized the company was off to die, because top level management were the ones that messed up in the first place and were about to destroy the company by killing all R&D and training and having the new team do sustained engineering on the bad code produced by the old team. This is the state of the gambling industry.

Re:double standard

[joaommp]

I could, but:

1) what gaming commission? The company is spread around the world, with the first team of programmers being in a country one ocean away from the second, that was set up in my country. And in my country we couldn't even sell or explore the machines, just develop them.

2) don't forget that before machines can operate in a particular country they have to pass the analysis of that country's gambling commissions or certification companies and they must have access to the entire process, including source code. For some reason, this particular company didn't have a single machine in the USA for several years.

3) what the hell would I say? "hey, the company that hired me to save it from itself had bad practices before I joined it"?

Re:double standard

[AmiMoJo]

TFA says that this is apparently not uncommon for people who shovel a lot of money into slots. Changing things like the screen brightness or volume is common. In this case there was a bonus doubling feature that is usually turned off because gamblers don't like it. They don't want double-or-nothing risks, they like to play the shorter odds. It is simply an optional feature that happened to be exploitable. I don't see any difference between that and finding an exploit in one of the default features.

Bottom line is that the code was buggy and he found a way to turn it to his advantage. There is no suggestion that the technician did anything wrong by enabling this feature or that it is a particularly unusual thing to do.

Re:lots of news stories of winnings denied, too

[TheRaven64]

It can backfire, however. Gambling is heavily regulated and one of the requirements in some places is that the thing being gambled on must be random. These regulations exist to prevent casinos from having fixed decks for card games or rigged wheels for roulette, but they carry over to other forms of gambling. If you can show that their machine is deterministic, then they may be in trouble. A software glitch that lets you always win may well count, depending on your jurisdiction...

Insider information

[Dan+East]

To distill the article, those machines have some software options, such as volume, screen brightness, and some game options, such as whether or not a Double-Up feature was enabled.

Somehow the guy knew that if the Double-Up feature was enabled a software flaw would be exposed, whereby a certain sequence of button presses would trigger a jackpot (and the jackpot would not be recorded in the data log).

The machines did not have Double-Up enabled by default, so this guy would ask casino techs to mess with settings, like the volume and brightness. While they were changing those settings he also asked to have the Double-Up enabled, thus "enabling" the bug.

So the glaring question is how did this guy know about the "correct sequence of buttons" and the fact that it specifically had to be enabled via the Double-Up feature? To me this reeks of a developer slipping in a "glitch" to trigger a jackpot at will, and it was hidden with that Double-Up feature which they knew was disabled by default to keep the sequence from accidentally being discovered (or found via auditing).

The real criminal is the insider that passed this info along, and presumably maintained anonymity and safety while his patsy actually went around and harvested the winnings, which I'm sure the software developer would receive a share of.

Re:Idiotic Summary

[tlhIngan]

The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors

This idiotic assertion does not seem to be supported by the facts of the case.

It's not an idiotic assertion in that it's true in general (all casinos have a clause like "payouts only after verification"), but it is a bit of a non-sequitor.

Basically, anytime the slot machine gives the jackpot, that machine is usually immediately taken offline and wheeled back for verification of the win. Of course, you're not allowed to see this, you only hope they're doing things like comparing the software against the government-escrowed copy (yes, the government maintains a copy of the software) and verifying the settings. Networked jackpots often have to confirm with the network operators in making sure the server actually sent the "win" command to the slot (networked jackpots are determined by the central server when you pull). At any point the casino can simply turn around and say "sorry, it was a glitch" and deny your jackpot. It's happened before.

Games You Can't Win.

[goodmanj]

I like seeing stories like this. Maybe if we have enough of 'em, people will realize that gambling when the house has a stake is a sucker's game.

There's an anecdote in the book "Games You Can't Lose" by Harry Anderson (who played the judge in Night Court, and is a longtime stage magician and collector of cons and swindles). To paraphrase:

One day on a whim, this guy places a bet at a sidewalk Three Card Monte game and of course he loses. So he starts watching carefully how the game is played. And he notices how the dealer ignores bets that are placed on the right card when someone else bets on the wrong one, and how a Monte game always has a bunch of shills around who will helpfully make the wrong bet in case none of the marks do.

So the guy comes back the next day, and when the dealer calls for bets, the guy pulls out a staple gun and staples his dollar to the Queen. Bam! The first guy to ever win at Three Card Monte.

And he pocketed his winnings, after the nurse at the emergency room un-stapled them from his forehead.

Re:I think this probably ought to be illegal

[LrdDimwit]

"As designed?" We're clearly dicussing an exploit. Nobody designs slot machines and deliberately inserts autowin codes. He used the device "as is" in a way that clearly violated the anticipated design of the machine.

What makes it a forgery is this: The machine claimed he won. He did, in fact, not win. He forced the machine to incorrectly indicate that the casino owed him money. This is not exactly a "written" instrument, but it's close enough: The machine's "you have won!" display functions equivalently to a document purporting to entitle him to a large amount of cash. But it was not produced as a result of a legitimate game of chance, which is what the machine is supposed to do. Instead it was produced as a result of deliberately triggering a malfunction, which was then misrepresented as legitimate.

When he claimed the jackpot, he presented the printout, the winning screen on the slot machine, whatever as proof that he had won the game of chance. Playing the slots at the casino is effectively entering into a contract with the casino: Play this game of chance according to the rules, and if you win, we will pay you according to the reward schedule. He didn't play according to the rules, instead, he misused casino property to made it appear as if he had. As I see it, that definitely falls under 'the fraudulent making and alteration of a writing to the prejudice of another man's right.'