LuckyPhow
LuckyPhow
  • Threads: 55
  • Posts: 698
Joined: May 19, 2016
August 7th, 2017 at 11:38:28 AM permalink
Quote: Skeptic

https://www.wired.com/story/meet-alex-the-russian-casino-hacker-who-makes-millions-targeting-slot-machines/



What an interesting read.

Alex, the hacker in the story, claims he has reverse-engineered programmable random-number generators (PRNGs), allowing him to identify when a slot machine will generate a big win. And, according to the story, Aristocrat admits he was perhaps successful on some of its older slot machines (many of which are still in use at many American and international casinos). Alex claims to have worked as a cryptologist for FSB (the Russian equivalent of the CIA/NSA). If Alex is correct, then all of us should probably be worried about a lot more than just jiggered slot machines.

As computer technology increasingly imbeds itself into every aspect of our lives, we become more at risk of people like Alex (and government agencies with whom they may work) attacking more than slot machines. Every level of government finds it next to impossible to protect their critical computer systems amidst today's rapid technological advances. These vulnerabilities put at risk systems such as electric distribution networks, for example. Might system weaknesses allow an "Alex" (individual or government entity) the ability to infect the computer controlling a city's traffic lights, shutting them down (or, worse, turning all lights green)? I think we've already seen where FAA computers have experienced problems (whether or not actually "hacked").

And, our government apparently requires technology companies to provide "back doors" it can use to access otherwise "secure" data. This puts everyone at risk if others identify how to compromise security critical to American infrastructure, all implemented so often now with out-of-date technology designed with "back-door" security flaws.
Skeptic
Skeptic
  • Threads: 5
  • Posts: 169
Joined: Dec 9, 2015
August 7th, 2017 at 12:06:20 PM permalink
The ramifications are far-reaching. All encryption depends on the PRNG of the device doing the encrypting. If the RNG is predictable, or a purposefully flawed RNG is introduced in the system (think Android, iOS, Windows, Linux, etc) by state-sponsored intel agency then whatever encryption is based on that RNG is useless.
rxwine
rxwine
  • Threads: 218
  • Posts: 12699
Joined: Feb 28, 2010
August 7th, 2017 at 12:42:48 PM permalink
I got the impression he might have been bluffing about already exploiting the vulnerability of newer machines as he tried to extort the executive. Not to say, he didn't exploit earlier versions.
Sanitized for Your Protection
Wizard
Administrator
Wizard
  • Threads: 1520
  • Posts: 27119
Joined: Oct 14, 2009
August 7th, 2017 at 12:57:53 PM permalink
I'm skeptical Alex has anything on Aristrocrat. A junky slot maker like Novomatic, plausible, but Aristocrat I just don't believe. Modern machines like Aristrocrat change the outcome of a game thousands, many millions, of times per second. A human being is not going to be a able to press a button with such pinpoint accuracy. Even if they could, I would still be skeptical. The big boys like Aristrocrat, I think, seed their RNG's with white noise, which is not a repeating cycle.
"For with much wisdom comes much sorrow." -- Ecclesiastes 1:18 (NIV)
Skeptic
Skeptic
  • Threads: 5
  • Posts: 169
Joined: Dec 9, 2015
August 7th, 2017 at 2:33:29 PM permalink
Do you know if they code their own RNG or do they use whatever is built into the kernel of whatever flavor Linux they've modified to run their machines?

There are plenty of vulnerable RNG's out there.
DJTeddyBear
DJTeddyBear
  • Threads: 210
  • Posts: 11062
Joined: Nov 2, 2009
August 7th, 2017 at 4:18:26 PM permalink
Wiz -

He targets older machines. New machines, presumably, have better RNGs.



Note:

That article is getting a lot of traction. It was featured in today's CDC Gaming Reports email news brief. And I saw it on the 360 Vegas twitter.
I invented a few casino games. Info: http://www.DaveMillerGaming.com/ ————————————————————————————————————— Superstitions are silly, childish, irrational rituals, born out of fear of the unknown. But how much does it cost to knock on wood? 😁
Wizard
Administrator
Wizard
  • Threads: 1520
  • Posts: 27119
Joined: Oct 14, 2009
August 7th, 2017 at 5:54:08 PM permalink
Quote: DJTeddyBear

Wiz -

He targets older machines. New machines, presumably, have better RNGs.



The article mentioned 50 Dragons, which I believe is a fairly modern game.



Quote:

That article is getting a lot of traction. It was featured in today's CDC Gaming Reports email news brief. And I saw it on the 360 Vegas twitter.



Yes, it was an entertaining read but I'm still skeptical of the claims. Furthermore, I think Aristocrat would pay up if it believed the claims to be valid.
"For with much wisdom comes much sorrow." -- Ecclesiastes 1:18 (NIV)
onenickelmiracle
onenickelmiracle
  • Threads: 212
  • Posts: 8277
Joined: Jan 26, 2012
August 8th, 2017 at 4:40:32 AM permalink
The Aristocrats ten years back or more, many people would be uncomfortable playing too fast because they had thought they went straight into nothing mode. It was a very popular belief amongst slot players that really isn't believed on newer machines. It makes sense if these guys waited patiently to gamble.
I am a robot.
TumblingBones
TumblingBones
  • Threads: 29
  • Posts: 529
Joined: Dec 25, 2016
August 8th, 2017 at 8:58:42 AM permalink
The article says it looks like the targeted slots are using a PRNG algorithm lifted from Knuth Vol 2. Using a 50 year old algorithm used to teach Comp Science majors isn't a good idea IMHO.
Last edited by: TumblingBones on Aug 8, 2017
My goal of being well informed conflicts with my goal of remaining sane.
lightningbolts
lightningbolts
  • Threads: 5
  • Posts: 45
Joined: Jan 16, 2017
August 8th, 2017 at 7:58:49 PM permalink
Quote: Wizard

I'm skeptical Alex has anything on Aristrocrat. A junky slot maker like Novomatic, plausible, but Aristocrat I just don't believe. Modern machines like Aristrocrat change the outcome of a game thousands, many millions, of times per second. A human being is not going to be a able to press a button with such pinpoint accuracy. Even if they could, I would still be skeptical. The big boys like Aristrocrat, I think, seed their RNG's with white noise, which is not a repeating cycle.



I can tell you for a fact this is true for several old Aristocrat cabinets. It's been going on for years before people figured out what they were doing.

Fun fact: I independently theorized the Russian teams knew the RNG algorithm a year ago before any of these stories broke.
Wizard
Administrator
Wizard
  • Threads: 1520
  • Posts: 27119
Joined: Oct 14, 2009
August 8th, 2017 at 8:23:07 PM permalink
Quote: lightningbolts

I can tell you for a fact this is true for several old Aristocrat cabinets. It's been going on for years before people figured out what they were doing.

Fun fact: I independently theorized the Russian teams knew the RNG algorithm a year ago before any of these stories broke.



Sounds like you know a thing or two about this. I don't deny that some old Aristrocrat games may have been vulnerable. Maybe some of these games are still floating around eastern Europe and South America. I am basing my opinions on the fact that today Aristocrat is huge and can afford to hire somebody who knows the latest technology on random numbers. Are they too cheap to do so? I doubt it, but I've been wrong before.
"For with much wisdom comes much sorrow." -- Ecclesiastes 1:18 (NIV)
lightningbolts
lightningbolts
  • Threads: 5
  • Posts: 45
Joined: Jan 16, 2017
August 8th, 2017 at 9:35:24 PM permalink
The problem is not the game, but the cabinet the game runs on. These cabinets are still in the US, but it's not entirely clear what machines still have this vulnerability. So blame Aristocrat for either not knowing or not disclosing and casinos for not knowing or not wanting to spend money to buy new cabinets (which I can't really fault them if they don't know which ones to replace).
  • Jump to: