Slashdot Mirror
Allegation: Lottery Official Hacked RNG To Score Winning Ticket
SternisheFan writes with this excerpt from Ars Technica about what may be the most movie-worthy real-life crime story of the year so far: Eddie Raymond Tipton, 51, may have inserted a thumbdrive into a highly locked-down computer that's supposed to generate the random numbers used to determine lottery winners, The Des Moines Register reported, citing court documents filed by prosecutors. At the time, Tipton was the information security director of the Multi-State Lottery Association, and he was later videotaped purchasing a Hot Lotto ticket that went on to fetch the winning $14.3 million payout.
In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and
infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren't connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.
"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions," prosecutors wrote. "The fifth person is defendant. It is a reasonable deduction to infer that defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection."
In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and
infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren't connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.
"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions," prosecutors wrote. "The fifth person is defendant. It is a reasonable deduction to infer that defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection."
I'm actually surprised there haven't been more cases of insiders rigging lotteries.
I should think knowing all of those zillions of dollars are just sitting there would cause more people to decide to see if they could get away with it.
Lost at C:>. Found at C.
...but instead of hacking a random number generator, they injected paint into the ping-pong balls used for the live drawing.
http://en.wikipedia.org/wiki/1...
I have no idea whether or not the defendant is guilty, but surely what prosecutors meant to say is "None of the 6 employees testified that they changed the camera settings. One of those 6 is the defendant"
Are there not laws in the US that prohibit employees of the lottery industries from playing in the lottery?
Did this guy not realize that winning the lottery while being the security director of the lottery association would be extremely suspicious to begin with? There would be an investigation, even if there was no evidence of wrongdoing. This guy's plan was flawed from the start.
What the heck does "could only be entered by two people at a time" mean? The room is only big enough to hold two people, or that no single person can enter the room? (Requires two different keys, perhaps?) The second interpretation would mean that there's an accomplice somewhere.... Also, is it really an "excerpt" when it's just under half of the original article?
I'm surprised to see a complete lack of audit trails on critical systems like this. They need to require individual accounts of which every action is logged in an immutable audit trail. On both the camera system and the random number box. There is no way to prevent malfeasance committed using privileged accounts, but you should at least be able to determine who did what after the fact.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
What is the point of using an expensive and highly locked down computer in place of a dead simple machine filled with pingpong balls?
RNG sucks. I'd rather play a BLM or a THF.
Get free satoshi (Bitcoin) and Dogecoins
poor bastard
Why do people who have access to the computer also have the ability to control the cameras?
Splitting responsiblity this way is such a basic and obvious security measure.
The real "Libtards" are the Libertarians!
The intercept believes that dice are cryptographically secure, and I wouldn't doubt it if they were well polished. Honestly, it's probably much easier is it to secure the integrity of the results of rolling dice, if everyone in a crowd watches the roll. (Of course, you'd need reasonable physical security to protect against enraged losers)
Seriously, why don't you RTFA where they point out that a corporation registered in Belize tried to claim this prize through an attorney in New York.
It's not like the someone who was barred from playing walked in and tried to claim the prize.
Yes, your what you say is obvious. So obvious, in fact, that it isn't what happened.
Lost at C:>. Found at C.
Apparently he used a shell company.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
What happens if he testifies that he didn't tamper with the cameras? They will need more than all 4 other people testifying the same to prove perjury.
> glass room
Damn. This attack required simultaneously balls and a lack of balls, ping pong.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Or you know a clear cylinder filled with numbered ping pong balls and an air compressor, like what they use in the largest lotteries.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Well, had it been connected to a network, an IDS could have raised an alarm that a usb device has been added. Or to rephrase uit for the /.-Crowd. "On localhost, noone hears you scream".
And somehow I still don't completly believe the "not connected to a network" thing. How would they transmit the drawn numbers to their frontend sytems? manually? How would this be secured against someone "mistyping" a few digits?
bickerdyke
He's got the winning lottery ticket, there was a malfunction with the camera's. So far I haven't seen any 'evidence' that that person actually did it. He might have been in cahoots with his co-workers. Splitting the ticket 2-5-ways is still pretty lucrative.
If he did it, he was pretty dumb to think he could get away with it. He should've
1. Remained anonymous (if possible, some lotteries allow it, some don't), let his lawyer pick up the money
2. Gone for a lot lower number (winning low enough so you can get a cash payout at the shop (~$600/week is still a nice bonus))
3. Allowed enough time for the evidence to be destroyed (video camera's probably overwrite old stuff every n months) then played and collected. If you implement your own RNG, you could easily predict numbers in advance.
Custom electronics and digital signage for your business: www.evcircuits.com
Someone hasn't read TFA.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Another someone who hasn't read TFA.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Darn young baby boomer whippersnappers are so lazy. He wouldn't have been caught if he'd just typed in the code live instead of slothfully brandishing a newfangled flash drive!
cat > rootkit.exe
In my day, I would've had to key it in the front panel! A command shell is pure luxury!
Gamingmuseum.com: Give your 3D accelerator a rest.
In the USB slot would have prevented this, or add the policy to ignore USB's or disable USB's in bios. Those are just off the top of my head for preventing something like this.
I am Bennett Haselton! I am Bennett Haselton!
If the lottery is made by computer, why would anyone trust that?
It's not rocket science. You don't need a jilliflops of processing to make a few random numbers each WEEK. How about those nice machines with the balls that zip around? Or honestly, even dice thrown down a staircase. There's so many better ways to make random numbers. Computers are TERRIBLE at random numbers, requiring special hardware to not just be pseudorandom, and a bunch of people to certify that it is, in fact, random. The only reason ANYONE should generate random numbers from a computer EVER is if:
1- You need it for software and they don't need to be that random (so you by definition already have a computer, and a pseudorandom thing will work)
2- You need a WHOLE LOT of random numbers, more than could be created physically for similar cost
Terrible design. A computer is the worst possible way to solve this problem.
This is News for Nerds... but it shouldn't be. Lotteries should NEVER use computers to generate numbers. They are discrete procedural machines, and can't make randomness without special hardware, then every step along the way from hardware generation to presentation has to not be corrupted.
I remember this episode...
We suspect the cookie jar was robbed. I think Joe put his hand in the cookie jar. Five total people including Joe had access to the cookie jar. The other four will testify, pass a polygraph, psychic mumbo jumbo, whatever, that they did not put their hand into the cookie jar. Thus, it MUST have been Joe!
I'll see your senator, and I'll raise you two judges.
Like I dunno a physical mechanism that relies on nuclear decay to decide what number to hit. They aren't that complicated, they aren't any more dangerous than a smoke detector and unless you can hack physics (at which point you probably no longer care about money) you can't really mess with them.
In any case this just goes to show the old adage holds true, your system is only secure as its weakest component. Also something about all security measures pretty much flying out the window the second someone has physical access to your hardware etc etc.
I would not have to hack the physics, I would hack the detector.
...put the cameras on a 30 minute loop and hired an acrobat to lower into the room from the roof after hours and change the system. Then do the Lotto Commissioner's wife to keep him distracted.
Just be sure to check for a new logo on the floor.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
How about a bunch of dice in a box with a shaker, a camera, and purpose built OCR software to identify the numbers on the dice.
:-)
Instead of a dice, one could use a coin. Now generate me a 4096 bit random number.
Oh, you did say computers needed special hardware in order to not be psuedorandom.
I'll see your senator, and I'll raise you two judges.
Oh, you did say computers needed special hardware in order to not be psuedorandom.
Not terribly difficult, though. A $10 web cam with a lens cap on works well enough.
And actually, pseudo random works too, as long as you encrypt it with a secret key. The difficulty is ensuring that nobody knows the secret key.
"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions -The fifth person is defendant."
Sounds convincing, until you realize that this would also be true if they were prosecuting any one of the other four.
B as in betrayal.
Get out FA reader. We don't like your kind.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
On December 23, a little more than a month after Tipton allegedly tampered with the computers, a man at a convenience store was video taped buying a Hot Lotto ticket that later won the $14.3 million payout. Authorities identified the man as Tipton, but as an employee of the association that administered the lottery, he was barred by law from buying lotto tickets or claiming lottery prizes. The winning ticket went unclaimed for almost a year. Hours before it was scheduled to expire, a company incorporated in Belize tried to claim the prize through a New York attorney
Slashdot, fix the reply notifications... You won't get away with it...
Never use an electronic random number generator for any game of chance. Use physical means, like picking bouncing ping pong balls, painted with numbers, one at a time. That's pretty hard to crack without superpowers.
So according to these prosecutors, taking your fifth ammendment right to remain silent == automatically guilty despite lack of evidence.
> "Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions," prosecutors wrote. "The fifth person is defendant."
In other words, five out of five individuals will testify that they did not change the cameras' recording instructions.
I thought that the lottery used bouncing ping pong balls live on TV.
I am very small, utmostly microscopic.
Go look at the Powerball PRIOR to the new group bring awarded managing it.
You will see that over and over, the winners were on the east coast. Keep in mind that CA was one of the largest states to be part of Powerball, and had one of the most buyers of tickets, and yet, states on the east coast overwhelmingly won more than CA, esp. on the big ones.
Technically, it is possible. Statistically, it was theft that was going on.
I prefer the "u" in honour as it seems to be missing these days.
You under estimate the cleverness of those who seek to tamper. Tamper resistance somewhat weaker than the content protection on DVDs isn't too difficult. As you probably know, many people break that protection without even knowing that they are doing so. What you describe isn't tamper-proof, merely child-resistant.
You mention chips packaged with the intent that if the plastic is removed from the top of the chip, it stops working (sometimes). That's when you use thin needles to probe the chip right through the thin plastic. In some cases, you can simply remove the covering from the BOTTOM of the chip rather than the top.
Showing my age but...
Some forty years ago, Sweet Chapparrel (sp?) cigarettes ran a promotion. Selected cig packs paid out. Turns out the scratch pattern on the pack was tied to the fly fishing lure displayed on the other side of the pack. Figure all this out, and you know how to scratch each ticket for best results. Next thing you know, people are travelling from town to town, buying up all the cigarettes.
People ended up buying freezers to store the cartons of cigarettes they purchased...
I come here for the love
The article states that the room could "only be entered by two people at a time". What does that mean exactly? Was it a very small room with only enough room for two people (or three if they're European :-) ). Or does it mean that none-one was allowed in on their own? In this latter rather more usefully secure case what process was used to enforce this rule? Just the CCTV?
Surely, systems like this need to be in rooms with locks which require multiple keys to open so that a lone individual can't get in no matter who they are? Perhaps a timed lock which can only be opened during normal working hours when there are plenty of people around would also be a good idea.
"Eddie Raymond Tipton, 51, may have inserted a thumbdrive into a highly locked-down computer that's supposed to generate the random numbers used to determine lottery winners"
A computer you can insert a thumbdrive into and infect with software isn't by definition LOCKED-DOWN.
What was the name of the Operating System that the RNG ran on?
I mean, even that it has ports for thumb-drives and accesses them readily without at the very least two people having to unlock them physically first is already grossly insecure. That you can set the cameras to partial recording and that the people that can do this are the same ones that are allowed to enter the room is beyond stupid and can only be called a criminal violation of separation-of-duties.
In short, they were setting themselves up for it, and the one that finally hacked the system is only to a small part the one responsible.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The tragic thing here is that this abysmally bad level of security is by far not the worst you will regularly find in installation that really need working security.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If the lottery is made by computer, why would anyone trust that?
Simple: People that play the lottery are already stupid. Just remember that a randomly selected person is typically deeply stupid. Capability is power-law distributed, not Gaussian. The 10-15% not stupid ones pull the average score up by a lot.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
http://en.wikipedia.org/wiki/1... The 1980 Pennsylvania Lottery scandal, colloquially known as the Triple Six Fix, was a plot to rig the Daily Number, a three-digit game the Pennsylvania Lottery offers. All of the balls except four and six were weighted, meaning that the drawing was almost sure to be a combination of only fours and sixes. The scheme was successful in that 666, an expected result, was drawn on April 24, 1980.
Thanks you, have a nice day :)
http://www.educa.net/curso/cur...
Because knowledge is dangerous and steers you away from the righteous path?
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
While encrypted psuedo random is a more complex function, it is still PSUEDO random not real random. Future output is a function (now a more complex function) of past output.
Not only the secret key must be kept secret, but the seed (either current or original) must be kept secret.
If the attacker knows the algorithm, which they might, then they may be able to analyze the output. If they know the seed, then the problem becomes one of a known-plaintext attack upon the encryption algorithm. If they know the encryption key, it becomes a matter of finding a seed that generates some known pre-encryption output of the psuedo random algorithm.
We could go back and forth about the practicality and difficulty of such attacks. But switching from psuedo to true random eliminates that entire discussion.
Your $10 webcam + lens cap is a good idea BTW. Or other similar ideas of using various sensors to capture random noise. Just hope the noise really is random. Also, a $10 webcam without a lens cap, pointed at something, like a busy street, might also be a source of randomness in the pixel data.
I'll see your senator, and I'll raise you two judges.
Most places running lotteries forbid employees from playing (of at least from accepting the payout).
In fact, the public service ethics laws in most states would automatically forbid accepting the payout as a conflict of interest... Massachusetts' laws do and so do the Federal ethics laws. Many states base their own laws on the Federal laws; so, given the number of states in that multiple state lottery, there have to be a number of ethics laws that could be used to prosecute just on the basis of accepting the payout.
An engineer who ran for Congress. http://herbrobinson.us