- Willy Allison
Running the RNG Risk: How computers are taking the luck out of gambling
In the late ’80s, a real game-changer took place in casinos that would forever change the landscape and opportunities in the gambling industry. Slot machines went from being mechanical devices to being electronic devices.
In order to provide randomness and bigger payouts, a new computerized process was introduced that utilized a random number generator (RNG). The RNG is an algorithm programmed into the machine that is designed to generate a large sequence of numbers or symbols that cannot be reasonably predicted.
The use of computers and RNGs is now common in the gambling industry as a means of providing randomness for various games. In casinos, RNGs are used to determine results on slot machines, keno ball drawings and card dispersion from automatic shuffle machines. RNGs are also used in online gaming and state lottery operations.
Arguably, RNGs are a big reason for the continued success and growth of the gambling industry worldwide, and the reliance on them does not appear to be waning with the increased demand for computerized and hybrid electronic table games.
So What’s The Problem?
Random number generators are not random. They’re “pseudo random number generators,” or PRNGs. The outcomes generated by a PRNG are deterministic. The PRNG constantly generates a sequence of simulated random numbers at high speeds. As soon as the “Play” button is pressed, the most recent random number is used to determine the result. This means that the result varies depending on exactly when the game is played.
All PRNGs must eventually repeat their number sequence, so in theory, if players had access to the PRNG code and seed value, they could possibly predict future results. And that’s exactly what has happened.
Incidents of players using RNG prediction techniques started to surface not long after computerized slot machines entered the casino market. In 1993, computer engineer Leo Weeks was caught in the Horizon Casino in Lake Tahoe using a wearable computer he designed to predict royal flushes on IGT Fortune I video poker machines. Weeks obtained a Fortune I machine and reverse-engineered how the random number generator worked to create his device. It is not known how Weeks obtained the Fortune I, but it is possible he just purchased one, because the Fortune I was an extremely common type of machine at the time.
The Fortune I used a system which many modern video poker and slot machines still use. The internal random number generator in the machine cycles constantly, so the player’s results depend on exactly when the player presses the button on the machine. To use his device, Weeks would play a Fortune I machine and enter the values of the cards dealt to him into the device. This enabled the device to synchronize with the cycles of the random number generator in the Fortune I machine. Weeks’ device would then beep through a hidden earphone to tell him exactly when to push the button on the machine to get a royal flush.
When Weeks was caught, an electronics engineer/computer programmer working for the Nevada Gaming Control Board, Ron Harris, was able to reverse-engineer Weeks’ device and show how it worked. Based partially on Harris’ demonstration, Weeks pleaded guilty. Weeks received no jail time, and only had to serve 200 hours of community service in addition to paying back the money he won.
Harris was responsible for finding flaws and gaffes in software that runs computerized casino games. It turns out that he took advantage of his own expertise, reputation and access to source codes to illegally modify certain slot machines to pay out large sums of money when a specific sequence and number of coins were inserted. From 1993 to 1995, Harris and an accomplice stole thousands of dollars from Las Vegas casinos, accomplishing one of the most successful and undetected scams in casino history.
Toward the end of his stint, Harris shifted his focus to keno, for which he developed a program that would determine which numbers the game’s pseudo random number generator would select. In January 1995, Harris used a program to enable an accomplice to win $100,000 on an Imagineering Systems electronic keno game in Atlantic City.
This was a traditional keno game with paper slips, but used a computer to select the numbers. His accomplice went into the casino to play the game while Harris stayed upstairs in a hotel room where he could read the keno numbers on the TV and enter them into his computer. Once Harris had entered around 10 numbers, he ran his program to predict the next likely set of numbers the keno computer would pick.
However, Harris could only predict the outcome with 3 percent accuracy. Harris relayed these numbers to his accomplice, who used an algorithm they had worked out to put possible permutations of the numbers on 10 different keno slips, raising chances of selecting the correct number to 30 percent. Unfortunately for Harris and his accomplice, they hit the top jackpot the very first time he played, which had never been done before. The resulting attention caused the authorities to become suspicious, and eventually they arrested Harris and his accomplice.
Pie in the Sky
Another team of unnamed players used similar devices and purportedly won around $1 million from various Las Vegas casinos in the early 1990s. The team, inspired by a book published in 1985 about a roulette prediction computer team called the Eudaemonic Pie, started their reverse-engineering efforts by copying object code (compiled computer code) from patents for various slot machines. However, the team eventually found it was easier to just buy a used machine to reverse-engineer instead.
The team created devices using essentially the same principles Weeks used for his device. Their first device was a computer program that ran on a PC. To use it in the field, one player would phone in the initial data and synchronize a precise Casio timer which would later alert him when to press the button on the machine. This method of communicating information by telephone was a little clumsy, but it provided the team with a degree of protection they were probably not even aware of.
Though the first system worked, the team found it cumbersome and decided to improve it. Once again, inspired by the Eudaemonic Pie, they decided to create a wearable version of their computer. Their new computer communicated with them using vibrators they pulled out of old pagers, but otherwise functioned very much like Weeks’ device. To avoid detection, the team adjusted the device to avoid the biggest jackpots and instead win “a series of smaller, less suspicious amounts.” The new devices worked well and the team reported that they used them successfully for three years before they decided they had won enough money and it was time to stop pushing their luck. As a result, this team was never arrested.
In the 2005 book The Art of Intrusion by Kevin Mitnick and William Simon, the story of this team is chronicled in Chapter 1: “Hacking the Casinos for a Million Bucks.” This chapter is a must-read for all game protection professionals, and gives great insight into RNG timing. For me, the key takeaway from the book that sums up the scam is: buy a secondhand machine with outdated technology, reverse-engineer it and crack the RNG cycle. The book also offers interesting insight into how the team was able to achieve success:
“Two of us had spent some time as musicians. If you’re a musician and you have a reasonable sense of rhythm, you can hit a button within plus or minus five milliseconds.”
It’s Going On Right Now
In May 2016, six people were arrested in Singapore for cheating slot machines in the country’s two casinos. The group was part of a highly organized global syndicate that used sophisticated technology to play and cheat slot machines. One of the culprits was sentenced to 22 months in jail. He joined the syndicate in 2012 and was trained in Russia to cheat specific slot machines from certain manufacturers before he was then sent to perform jobs in casinos in Europe and Macau.
The Singapore sting revealed how he and other syndicate members used devices to record the play patterns of specific slot machines. They would then upload the information to a computer for analysis and decoding. The decoded data was distributed to players who would return to the slot machine with devices that would alert the player of the next large payout.
For industry insiders, the stories of teams popping up around the world using devices and winning jackpots have been out there for a few years now. In July 2014, a great reference guide was circulated to members of a casino surveillance network that brought the activity of the syndicates to light.
In December 2014, the FBI arrested four Russians for cheating slot machines in the U.S. Their investigation revealed they had used sophisticated technology to beat 10 casinos in Missouri, California and Illinois. In February 2015, I wrote an article for Global Gaming Business magazine called “Slot Machines Under Attack,” and followed it up the next month by making it a focal point of the 2015 World Game Protection Conference.
Despite the attention placed on these scoundrels by surveillance intelligence networks, industry publications and conferences, casino operators around the world are still falling victim to the these high-tech cheats. Even after the Singapore arrests, intelligence shared among casino insiders confirms the cheats continue to be active around the world. The most recent attack took place in South America in December 2016.
Fixing The Problem
In theory, the fix is simple. It starts with improving the security and quality of the RNG. The good news is that in September 2016, Gaming Laboratories International (GLI), one of the major gaming machine testing labs, upgraded its RNG standards. Among other things, the new standards suggest using a “cryptographic RNG.” A cryptographic RNG is one that cannot be feasibly compromised by a skilled attacker with knowledge of the source code. The bad news is that the standard is an optional requirement at the discretion of regulatory bodies. My hope is that moving forward, all regulatory bodies will adopt the standard. However, questions remain on what to do with existing and older machines.
The reality is that the Russians have exposed flaws in slot machine technology that have been known for a while. The difference is that unlike Leo, Ron and a small group of computer geeks from the ’90s, the Russians run a highly organized global syndicate that has been cheating casinos for millions. Casino insiders estimate the syndicate has over 40 team members worldwide. This may be the largest casino scam of all time.
This is a problem that won’t go away unless there is decisive action taken by all interested stakeholders: manufacturers, regulators and casino operators. The attack on random number generators highlights the need for managers of gambling operations to develop a better understanding of computer-based gaming equipment.
This important subject will be featured in an exclusive three-hour symposium at the World Game Protection Conference in Las Vegas February 21-23. The focus will be on raising awareness of the problem and understanding how to detect RNG attacks.