Slashdot Mirror
Video Poker Firmware Bug Yields Big Money, Federal Charges
JoeyRox writes "Over the course of playing $12 million worth of video poker, Las Vegas resident John Kane stumbled onto a firmware bug in IGT's 'Game King' machines that allowed him to cash out for 10x the amount of his winnings. John and his friends took advantage of the vulnerability to the tune of $429,945. John's friend was arrested by U.S. marshals and charged with violation of the Computer Fraud and Abuse Act, but a federal magistrate ruled that the law doesn't apply and recommended dismissal. The case is currently being argued in a U.S. District Court."
This looks to me like a civil matter. That is, if there had never been the DMCA. There is a recent trend by big corporations to abuse the criminal court systems to resolve their disputes with the heavy hand of govnernment. I don't think it will stop until we stand up and demand government that is FOR the people.
We should learn what we need to know about issues, before we decide what we need to feel about them.
They have a machine...he didn't sigh any EULA or agreements about how to use it.
The main use of this machine is you put money into it, you hit buttons, it sometimes pays out.
He found a combination of buttons that causes it to pay out a LOT.
I see no problem with what he did. He simply put money in and pushed buttons on machine set out in public for the purpose of people pushing buttons and sometimes getting money out of it.
Show where he violated the signed terms of use or NDA or other type contract on exactly HOW he was to use the machine, and maybe you have a case.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
There was a case like this in the UK a few years ago. A family discovered that a particular cash machine was systematically giving out double the amount you had withdrawn. They repeatedly withdrew money using this machine. They were reported, and convicted of fraud. I doubt it would have happened with one-off visitors. If you ONCE visit a cash machine that gives you £200 and deducts from your account the £100 you intended to withdraw, then you've got lucky: you can't have known it would do that. But repeatedly visiting a machine that is misprogrammed to act in your favour, when you know that that is not how it is intended to function, is something quite different. That clearly amounts to fraud.
Exactly. For example if I am playing poker and have a lousy hand, but bid high to trick the other players into folding, then that's fraud too. If I use that trick to make money then I'm stealing from the house.
Right?
The point of the machines (from the player perspective) is to stick in money, push buttons, and make it dispense more money (vouchers) than you put in.
The house edge comes from the fact that pushing the buttons correctly in all situations is difficult.
This guy did it right. If the house wants to fix the "bug" that allowed him to take out more money than they thought he should, that's their right.
Prosecution on this one... very grey area.
But I'll forward the how-to on to my video poker friends, just in case they find a machine with those firmware revisions, so that they'll be sure not to expose themselves to prosecution in this manner.
Then he’d immediately switch to a different game variation, like straight “Draw Poker.” He’d play Draw Poker until he scored a win of any amount at all. The point of this play was to get the machine to offer a “double-up”, which lets the player put his winnings up to simple high-card-wins draw. Through whatever twist of code caused the bug, the appearance of the double-up invitation was critical. Machines that didn’t have the option enabled were immune.
At that point Kane would put more cash, or a voucher, into the machine, then exit the Draw Poker game and switch the denomination to the game maximum — $10 in the Silverton game.
Now when Kane returned to Triple Double Bonus Poker, he’d find his previous $820 win was still showing. He could press the cash-out button from this screen, and the machine would re-award the jackpot. Better yet, it would re-calculate the win at the new denomination level, giving him a hand-payout of $8,200.
The best thing about UDP jokes is I don't care if you get them or not
Yeah, which happens to be a real problem in the baking industry. I asked for a dozen rolls and got 13. I sensed the baker was trying to make me inadvertently steal, so I threw the last one back at him and called him names. Learn to count.
This happens all of the time with ATM's in the US. It never makes it to court.
When the bank loads an ATM cassette, they know exactly how much money is in it and what denomination of bills it contains. The serial number of the cassette is recorded by the person loading the ATM as well as by the ATM itself, by way of an RFID chip in the cassette. This links back to a database of ATM cassettes and their current load status and contents. The bank knows exactly, down to the serial numbers on the bills, what is in that cassette. Modern ATM's even automate the configuration from that database. The problem is that older ATM's don't.
When you go to an ATM and ask it for $40 (common "fast cash" amount these days), and the ATM has been configured for $20 bills, it dispenses two bills. If it's configured for $10 bills, it dispenses 4 bills. In older ATM's, the configuration is done manually. If a $20 cassette is loaded but the ATM is configured for a $10 cassette, it dispenses the wrong number of bills. That $40 you ask for is 4 bills, but the bills are $20 now, and you get $80.
When this happens, the bank will discover it as soon as they change the ATM cassette. Then they will find EVERY transaction that ATM performed on the previous cassette and contact the account-holders, notifying them that due to an incorrect ATM configuration, they were given more than they requested, and that the account has been rectified to reflect the correct ATM payout. For this transaction, any overdraft fees are waived (by law), and the transaction is applied to the day that the correct is made, not to the day the ATM paid out incorrectly (again, by law).
That's when most people drag their sorry butts back to the bank to make an emergency deposit of some no-longer ill-gotten gains to shore up their account balance.
"Casino error in your favor. Go directly to jail"
This is why the Gaming Commission is required to test/inspect the machines (to include deposits and payouts) on a regular basis. Until you have evidence that this is happening you're just trying to justify theft. If the machine were found to be faulty, the individual would have their provable losses returned to them, probably up to a few hundred dollars.
That sounds just peachy - Except that the machines in question had the exact same tests done to them, and still contained a bug that no one had caught for who knows how long.
It counts as pure hubris to claim that bugs in the opposite direction (opposed to the player) don't exist and remain uncaught.
That said, the definition of "fraud" here has a lot of flexibility. I recall a case from my youth (when I worked for a competitor of IGT, for whatever credibility that gives me) where someone cracked our RNG algorithm on a "pick 3" type game. After they had won a few hundred grand, the jurisdiction asked us to look into it, and we changed the RNG, the player stopped winning game after game after game. No charges ever followed, because it shouldn't count as fraud if you figure out how to win the fucking game, even though an entire state government lost a noticeable amount of money.