Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man Arrested For Exploiting Error In Slot Machines

Posted by timothy on from the where's-nicky-santoro-when-you-need-him? dept.

An anonymous reader writes "A man awaiting trial in Pennsylvania was arrested by Federal agents on Jan. 4, and accused of exploiting a software 'glitch' within slot machines in order to win payouts. The exploit may have allowed the man to obtain more than a million dollars from casinos in Pennsylvania and Nevada, and officials say they are investigating to see if he used the method elsewhere. The accused stated that 'I'm being arrested federally for winning on a slot machine. Let everybody see the surveillance tapes. I pressed buttons on the machine on the casino. That's all I did.' Apparently, slot machine software errors are fairly common. The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors, and if you find an error that you can exploit, you may find yourself facing Federal charges for doing so."

22 of 611 comments (clear)

  1. double standard by v1 · · Score: 5, Interesting

    I suppose the most glaring issue here is the double standard that software errors can be legally taken advantage of by the casinos, while they are illegal to take advantage of by the gambler. (or at least that looks like how the recent verdicts have been swinging)

    --
    I work for the Department of Redundancy Department.
    1. Re:double standard by Daengbo · · Score: 5, Insightful

      The house always wins. Duh!

      --
      Put identity in the browser.
    2. Re:double standard by joaommp · · Score: 5, Interesting

      Last year I joined (and left) a major manufacturer of slot machines. I was hired as R&D manager and I was absolutely terrified when I saw how things were done. No good software development practices, their concept of version management was dumping source on a network share, the previous manager was the only one using a VCS and was for his private use, and the code was absolutely disappointing to say the least. The bad practices were so deeply marked on them that things were taken to a new facility, with an entire new team that I personally interviewed and trained them from the start, people that still didn't have any of the bad habits the old team had. Eventually I left because whoever was above me was far worse and I soon realized the company was off to die, because top level management were the ones that messed up in the first place and were about to destroy the company by killing all R&D and training and having the new team do sustained engineering on the bad code produced by the old team. This is the state of the gambling industry.

      --
      Onda Technology Institute
    3. Re:double standard by NevarMore · · Score: 5, Insightful

      Why aren't you telling the gaming commission about this?

    4. Re:double standard by CitizenCain · · Score: 5, Insightful

      And what would he say? It's not like the abysmal state of security on electronic gambling machines is new news, and evidently, no one cares enough to do anything about it. (And why would they when you can just have the feds arrest anyone who profits from flawed code and sieze their assets anyway?) Being stupid isn't a crime, and horrible practices for writing code aren't against gaming commission rules. No, being smart is against the rules and profiting off of crappy code (as a "gambler"/player) is a crime. Three cheers for the land of the free and our awesome justice system. :/

    5. Re:double standard by joaommp · · Score: 5, Interesting

      I could, but:

      1) what gaming commission? The company is spread around the world, with the first team of programmers being in a country one ocean away from the second, that was set up in my country. And in my country we couldn't even sell or explore the machines, just develop them.

      2) don't forget that before machines can operate in a particular country they have to pass the analysis of that country's gambling commissions or certification companies and they must have access to the entire process, including source code. For some reason, this particular company didn't have a single machine in the USA for several years.

      3) what the hell would I say? "hey, the company that hired me to save it from itself had bad practices before I joined it"?

      --
      Onda Technology Institute
    6. Re:double standard by chaboud · · Score: 5, Insightful

      He used the interface of the machine as intentionally designed, configured willingly by casino staff. No trick coins, no bump keys, no insertion of a backdoor (that's still up in the air) into the code.

      These machines are intentionally set up to pay out anywhere from 85-93% of what they take in, just raking in cash by being there. Live by the sword, die by the sword.

      Sorry, but it's just not the same thing as a locked door. The intent of a locked door is clear, to signal ownership and provide moderate (not really) protection. The intent of a slot machine is also clear, to engage in a pseudo-random game of chance, biased typically toward the owner of the machine. He engaged in that game and won. If you knew that a roulette table hit a particular number commonly enough to make the odds worth it, you'd play that table. It's up to the casinos and manufacturers to make sure that the games that they've rigged in their favor actually remain so.

    7. Re:double standard by PhxBlue · · Score: 5, Funny

      Flynn, is that you? :)

      --
      !#@%*)anks for hanging up the phone, dear.
    8. Re:double standard by Moryath · · Score: 5, Informative

      Not far off the mark, really.

      There was a case of someone winning a jackpot a while back and the casino claiming the jackpot was a "software error" after the fact. Denver Post Article. As the article shows, such "errors" are relatively common.

      And of course, the casinos always reserve the right to claim someone is "cheating" or simply "winning too much", or "card counting", and pull all sorts of nasty tricks.

      Also remember: in a gambling town, the cops and judges aren't paid by the local government. They're paid by the casinos. Period.

    9. Re:double standard by DavidTC · · Score: 5, Insightful

      Going to Vegas is a great vacation. Everything there is rigged to be fun and distracting, you'll never be bored, there are great shows.

      As long as you don't gamble. If you don't gamble, half the stuff you do is be subsided by idiots who are gambling.

      That $50 dollar hotel rooms? Cheaper than roadside motels in the middle of nowhere? They're expecting you to spend $50 bucks a day in the casino.

      That $50 show you want to see? Really costs $80 dollars, but on average people spend $30 dollars waiting for the show to start in the casino.

      Hell, that's why so many conferences are there...the space is cheap, because they expect to make a huge amount of money fleecing the idiotic convention-goers.

      Seriously, Vegas is a great place to go and vacation on the backs of gamblers.

      --
      If corporations are people, aren't stockholders guilty of slavery?
    10. Re:double standard by SecurityGuy · · Score: 5, Informative

      There was a case of someone winning a jackpot a while back and the casino claiming the jackpot was a "software error" after the fact.

      Like everyone else, I read about such things with outrage until I actually RTFA. The jackpot she hit was about 100x higher than the maximum the machine was ever supposed to give, so it WAS an error, and obviously so.

  2. So, to be clear... by amRadioHed · · Score: 5, Insightful

    casinos exploiting human failings to make millions and millions of dollars is legal. People exploiting casino failings to make millions and millions of dollars is illegal.

    --
    We hope your rules and wisdom choke you / Now we are one in everlasting peace
    1. Re:So, to be clear... by BondGamer · · Score: 5, Insightful

      If you brought in billions in revenue to the state, you too could have special laws enacted for your benefit.

  3. Re:What's next? by Daengbo · · Score: 5, Informative

    The only way to win is to not play.

    --
    Put identity in the browser.
  4. Re:lots of news stories of winnings denied, too by TheRaven64 · · Score: 5, Interesting

    It can backfire, however. Gambling is heavily regulated and one of the requirements in some places is that the thing being gambled on must be random. These regulations exist to prevent casinos from having fixed decks for card games or rigged wheels for roulette, but they carry over to other forms of gambling. If you can show that their machine is deterministic, then they may be in trouble. A software glitch that lets you always win may well count, depending on your jurisdiction...

    --
    I am TheRaven on Soylent News
  5. Insider information by Dan+East · · Score: 5, Interesting

    To distill the article, those machines have some software options, such as volume, screen brightness, and some game options, such as whether or not a Double-Up feature was enabled.

    Somehow the guy knew that if the Double-Up feature was enabled a software flaw would be exposed, whereby a certain sequence of button presses would trigger a jackpot (and the jackpot would not be recorded in the data log).

    The machines did not have Double-Up enabled by default, so this guy would ask casino techs to mess with settings, like the volume and brightness. While they were changing those settings he also asked to have the Double-Up enabled, thus "enabling" the bug.

    So the glaring question is how did this guy know about the "correct sequence of buttons" and the fact that it specifically had to be enabled via the Double-Up feature? To me this reeks of a developer slipping in a "glitch" to trigger a jackpot at will, and it was hidden with that Double-Up feature which they knew was disabled by default to keep the sequence from accidentally being discovered (or found via auditing).

    The real criminal is the insider that passed this info along, and presumably maintained anonymity and safety while his patsy actually went around and harvested the winnings, which I'm sure the software developer would receive a share of.

    --
    Better known as 318230.
  6. Audit the Casinos by tsnorquist · · Score: 5, Insightful

    So can gamblers audit the casinos to ensure all the times they lost were not due to a "glitch"?

  7. Re:Idiotic Summary by tlhIngan · · Score: 5, Interesting

    The lesson here seems to be that casinos can deny you a slot machine win any time they wish by claiming software errors

    This idiotic assertion does not seem to be supported by the facts of the case.

    It's not an idiotic assertion in that it's true in general (all casinos have a clause like "payouts only after verification"), but it is a bit of a non-sequitor.

    Basically, anytime the slot machine gives the jackpot, that machine is usually immediately taken offline and wheeled back for verification of the win. Of course, you're not allowed to see this, you only hope they're doing things like comparing the software against the government-escrowed copy (yes, the government maintains a copy of the software) and verifying the settings. Networked jackpots often have to confirm with the network operators in making sure the server actually sent the "win" command to the slot (networked jackpots are determined by the central server when you pull). At any point the casino can simply turn around and say "sorry, it was a glitch" and deny your jackpot. It's happened before.

  8. Re:What's next? by Monkeedude1212 · · Score: 5, Insightful

    Oh yeah - I don't have any sympathy for the Casinos they've always been stealing for as long as they've been around.

    But two wrongs don't make a right, stealing from a Casino does not make you a good guy (Despite how much you may like Ocean's 11).

    And making these guys sound like victims is more whats bothering me. They clearly played it like Con-men what with getting Casino technicians to alter the machines.

  9. Card Counters cannot be denied their winnings by gurnec · · Score: 5, Informative

    This is a common misconception which the likes of Vegas and Atlantic City would love everyone to continue to believe. There are no jurisdictions in the United States in which card counting (without the use of any devices) is illegal. Additionally, a casino has no right to take back any winnings which were legally obtained. In Nevada, casinos *are* permitted to deny you entrance or ask you to leave if they suspect you may be a card counter. AFAIK, they are also free to share ban lists with other casinos as they see fit. In New Jersey, casinos are not even allowed to go this far. Players may not be denied entrance simply because they are too skilled (see Uston v. Resorts International Hotel, Inc.).

  10. Re:Not just a s/w error by Pollardito · · Score: 5, Informative
    He should have quoted more of the story, because it wasn't brightness or volume that was the issue:

    The pair, according to police, had knowledge of a software glitch in one of the high-bet slot machines. In order to expose the glitch, a special "double-up" feature had to be internally activated. The men persuaded casino technicians to alter "soft" options on the machines, such as volume and screen brightness controls. Such perks aren't unusual for high-rollers, who can wager anywhere from a few hundred to thousands of dollars in one day.

    One Meadows employee, who was not criminally charged or accused of wrongdoing, agreed to enable the double-up feature on the machine with the glitch.

    Normally, such a feature would allow a player to risk doubling his winnings or potentially losing them all. The double-up feature isn't usually enabled on the machines in part because it's unpopular with most gamblers, who are unwilling to risk large amounts of money.

    Read the story and you'll see that there's a lot more to it then just his preferences. For instance he was using a third-party to cash in winnings that he knew would raise eyebrows.

  11. Re:Not just a s/w error by kaiser423 · · Score: 5, Insightful

    This does add another layer, but I'm still not too sure.

    I mean, so he got some technicians to enable a feature that is disabled because most gamblers do not like it.

    Then he won enough and had someone else cash it out because he knew that it would raise eyebrows. That just seems like an intelligent move.

    The casino's got to audit the code, so did the gaming commission. Maybe they should have better audits rather than rubber stamps? Because it sounds like some guy did a better audit than them and used it to gain an edge usually reserved for the house.

    Now if he planted the bug, or paid someone to or whatever, then there's crime here. But otherwise, I'm not seeing it.....

    Groups track roulette tables religiously in order to find ones that have an players edge if certain numbers are played, and that is legal. Casino's swap the tables overnight retire popular ones, conceal, etc. In this case, the casino's jsut need to audit the code a bit better.