Slashdot Mirror
Six Charged For Hacking Lottery Terminals To Spew Only Winning Tickets (theregister.co.uk)
An anonymous reader cites an article on The Register: Six people have been charged with exploiting a bug in lottery terminals to print off winning tickets on demand. Connecticut prosecutors say the group conspired to manipulate automated ticket dispensers to run off '5 Card Cash' tickets that granted on-the-spot payouts in the US state. According to the Hartford Courant, a group of shop owners and employees set up the machines to process a flood of tickets at once, which caused a temporary display freeze. This allowed operators to see which of the tickets about to be dispensed would be winning ones, cancel the duff ones, and print the good ones, it's alleged. The winning tickets would be cashed and billed to the state lottery.
I'm sure they thought of it and discussed how they would be careful and not overdo it and spread the transactions etc. Then, greed.
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
Thing is, I bet that the lottery companies know the average win rate of the tickets per machine. So almost any deviation from that percentage would have been a yellow flag. I suppose the perpetrators could have kept it below the level at which the lottery bothers to investigate, but it seems to me that the way this bug works would have made the times that the tickets were dispensed within also very suspicious.
Together, a cross reference of daily reports on winning percentages and winnings dispensed within say 60 minutes of one another could have found this really quickly.
So, the amount of winnings that they could have walked away could have been a lot less than even a non-greedy person would have taken. Messing with equipment that is computerized and which sends back data to a home office for analysis is always a really bad idea unless you know exactly what the tolerances are for investigation. It's way too easy to develop alarms on specific behaviors which can place a report in someone's inbox for investigation when they come into the office the morning after the incident happened.
WTF...the client, which is in the hands of thousands of potentially-hostile vendors, has control over the transaction and is allowed to decide whether it is committed or not AFTER receiving the winning/losing info?
But that implementation failure aside, I sure hope they fired whoever had the brilliant idea to have printable instant tickets. That's just insane. Having a printable ticket that is instantly identifiable as a winner/loser is just asking for fraud. Aside from the absolutely terrible design of the system in this story, even in a properly designed system, it would be easy to cheat. You setup a system that, when a ticket is printed, a computer scans it and decides if it's a winner. If it is, you keep it for yourself and instantly print up another ticket to hand over to the customer. This is exactly why almost all instant ticket have scratch off covering to conceal the answer and instantly identify tampering to the customer buying it.
have you seen what they do with claw machines?
https://www.youtube.com/watch?...
Imho its even worse.
Minimum threshold fixed. Thanks!
Thing is, I bet that the lottery companies know the average win rate of the tickets per machine.
Yes they do. From the article:
The Courant says that the lottery commission wised up to the scheme back in November when it heard that people were winning the 5 Card Cash game at a higher-than-expected rate.
So almost any deviation from that percentage would have been a yellow flag.
Which it did:
The game was temporarily halted.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
It is right to scheme to cheat the lottery players. But if you come up with any way to actually avoid being cheated and win, that is illegal.
I'm an American. I love this country and the freedoms that we used to have.