Man Arrested For Exploiting Error In Slot Machines

An anonymous reader writes "A man awaiting trial in Pennsylvania was arrested by Federal agents on Jan. 4, and accused of exploiting a software 'glitch' within slot machines in order to win payouts. The exploit may have allowed the man to obtain more than a million dollars from casinos in Pennsylvania and Nevada, and officials say they are investigating to see if he used the method elsewhere. The accused stated that 'I'm being arrested federally for winning on a slot machine. Let everybody see the surveillance tapes. I pressed buttons on the machine on the casino. That's all I did.' Apparently, slot machine software errors are fairly common. The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors, and if you find an error that you can exploit, you may find yourself facing Federal charges for doing so."

double standard

[v1]

I suppose the most glaring issue here is the double standard that software errors can be legally taken advantage of by the casinos, while they are illegal to take advantage of by the gambler. (or at least that looks like how the recent verdicts have been swinging)

Re:double standard

[joaommp]

Last year I joined (and left) a major manufacturer of slot machines. I was hired as R&D manager and I was absolutely terrified when I saw how things were done. No good software development practices, their concept of version management was dumping source on a network share, the previous manager was the only one using a VCS and was for his private use, and the code was absolutely disappointing to say the least. The bad practices were so deeply marked on them that things were taken to a new facility, with an entire new team that I personally interviewed and trained them from the start, people that still didn't have any of the bad habits the old team had. Eventually I left because whoever was above me was far worse and I soon realized the company was off to die, because top level management were the ones that messed up in the first place and were about to destroy the company by killing all R&D and training and having the new team do sustained engineering on the bad code produced by the old team. This is the state of the gambling industry.

Re:double standard

[joaommp]

I could, but:

1) what gaming commission? The company is spread around the world, with the first team of programmers being in a country one ocean away from the second, that was set up in my country. And in my country we couldn't even sell or explore the machines, just develop them.

2) don't forget that before machines can operate in a particular country they have to pass the analysis of that country's gambling commissions or certification companies and they must have access to the entire process, including source code. For some reason, this particular company didn't have a single machine in the USA for several years.

3) what the hell would I say? "hey, the company that hired me to save it from itself had bad practices before I joined it"?

Re:lots of news stories of winnings denied, too

[TheRaven64]

It can backfire, however. Gambling is heavily regulated and one of the requirements in some places is that the thing being gambled on must be random. These regulations exist to prevent casinos from having fixed decks for card games or rigged wheels for roulette, but they carry over to other forms of gambling. If you can show that their machine is deterministic, then they may be in trouble. A software glitch that lets you always win may well count, depending on your jurisdiction...

Insider information

[Dan+East]

To distill the article, those machines have some software options, such as volume, screen brightness, and some game options, such as whether or not a Double-Up feature was enabled.

Somehow the guy knew that if the Double-Up feature was enabled a software flaw would be exposed, whereby a certain sequence of button presses would trigger a jackpot (and the jackpot would not be recorded in the data log).

The machines did not have Double-Up enabled by default, so this guy would ask casino techs to mess with settings, like the volume and brightness. While they were changing those settings he also asked to have the Double-Up enabled, thus "enabling" the bug.

So the glaring question is how did this guy know about the "correct sequence of buttons" and the fact that it specifically had to be enabled via the Double-Up feature? To me this reeks of a developer slipping in a "glitch" to trigger a jackpot at will, and it was hidden with that Double-Up feature which they knew was disabled by default to keep the sequence from accidentally being discovered (or found via auditing).

The real criminal is the insider that passed this info along, and presumably maintained anonymity and safety while his patsy actually went around and harvested the winnings, which I'm sure the software developer would receive a share of.

Re:Idiotic Summary

[tlhIngan]

The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors

This idiotic assertion does not seem to be supported by the facts of the case.

It's not an idiotic assertion in that it's true in general (all casinos have a clause like "payouts only after verification"), but it is a bit of a non-sequitor.

Basically, anytime the slot machine gives the jackpot, that machine is usually immediately taken offline and wheeled back for verification of the win. Of course, you're not allowed to see this, you only hope they're doing things like comparing the software against the government-escrowed copy (yes, the government maintains a copy of the software) and verifying the settings. Networked jackpots often have to confirm with the network operators in making sure the server actually sent the "win" command to the slot (networked jackpots are determined by the central server when you pull). At any point the casino can simply turn around and say "sorry, it was a glitch" and deny your jackpot. It's happened before.