A group of Russian computer experts who hit slot machines at U.S. casinos for millions by hacking the pseudo random number generators (PRNG) in certain machines is now turning its attention to casinos in South America and Europe, according to security consultants.
Security consultants Rex Carlson and Willy Allison told the North American Regulators Roundtable, held by Gaming Laboratories International March 16-17 at Luxor in Las Vegas, that the team of hackers from the Russian syndicate—after arrests in Missouri and Singapore—has most recently hit casinos in Peru.
The group of hackers, estimated at between 40 and 70 members of the Russian syndicate headquartered in St. Petersburg, has developed a way to estimate the number cycles in the PRNGs of slot machines. The group reportedly purchased surplus slot machines after Moscow and St. Petersburg casinos were shuttered in 2009, and were able to reverse-engineer the programs.
Hackers were able to use the seed number generated by the PRNG—which is aligned with the internal clock of the computer—to estimate when jackpots were likely to occur. The hacker studies video footage of a couple of dozen spins on a slot game and uses the seed information to come up with time markers showing when the game is most likely to hit a good jackpot. A buzz sounds on the cheater’s cell phone through a custom app, a quarter of a second before the potential win. (That’s how long it takes a human to react and hit the spin button.) It doesn’t work every time, but it works often enough to cheat the machines out of tens of thousands of dollars.
Surveillance officials in Missouri and Singapore were able to identify the specific machines that were over-paying, and arrests were made after video revealed players with their smartphones hovering over the spin buttons of the games.
“It took us 10 years to finally spot these guys,” Carlson told the Roundtable group. “It’s so insidious; it is really hard to see. We are finally arriving at a complete story now… At first look, it would seem like an RNG is really hard to beat, but these guys managed to do it. They have a lot of computer resources available to them.”
“Computing has moved along so fast that we now have bad, smart guys that can create algorithms to beat RNGs if they aren’t complex enough,” added Allison, owner of World Game Protection Inc. He said the industry has developed cryptographic-secured RNGs that can prevent such hacking.