LuckyPhow
LuckyPhow
Joined: May 19, 2016
  • Threads: 33
  • Posts: 397
August 7th, 2017 at 11:38:28 AM permalink
Quote: Skeptic

https://www.wired.com/story/meet-alex-the-russian-casino-hacker-who-makes-millions-targeting-slot-machines/



What an interesting read.

Alex, the hacker in the story, claims he has reverse-engineered programmable random-number generators (PRNGs), allowing him to identify when a slot machine will generate a big win. And, according to the story, Aristocrat admits he was perhaps successful on some of its older slot machines (many of which are still in use at many American and international casinos). Alex claims to have worked as a cryptologist for FSB (the Russian equivalent of the CIA/NSA). If Alex is correct, then all of us should probably be worried about a lot more than just jiggered slot machines.

As computer technology increasingly imbeds itself into every aspect of our lives, we become more at risk of people like Alex (and government agencies with whom they may work) attacking more than slot machines. Every level of government finds it next to impossible to protect their critical computer systems amidst today's rapid technological advances. These vulnerabilities put at risk systems such as electric distribution networks, for example. Might system weaknesses allow an "Alex" (individual or government entity) the ability to infect the computer controlling a city's traffic lights, shutting them down (or, worse, turning all lights green)? I think we've already seen where FAA computers have experienced problems (whether or not actually "hacked").

And, our government apparently requires technology companies to provide "back doors" it can use to access otherwise "secure" data. This puts everyone at risk if others identify how to compromise security critical to American infrastructure, all implemented so often now with out-of-date technology designed with "back-door" security flaws.
Skeptic
Skeptic
Joined: Dec 9, 2015
  • Threads: 5
  • Posts: 133
August 7th, 2017 at 12:06:20 PM permalink
The ramifications are far-reaching. All encryption depends on the PRNG of the device doing the encrypting. If the RNG is predictable, or a purposefully flawed RNG is introduced in the system (think Android, iOS, Windows, Linux, etc) by state-sponsored intel agency then whatever encryption is based on that RNG is useless.
rxwine
rxwine
Joined: Feb 28, 2010
  • Threads: 151
  • Posts: 6424
August 7th, 2017 at 12:42:48 PM permalink
I got the impression he might have been bluffing about already exploiting the vulnerability of newer machines as he tried to extort the executive. Not to say, he didn't exploit earlier versions.
prisoner of gravity
Wizard
Administrator
Wizard
Joined: Oct 14, 2009
  • Threads: 972
  • Posts: 16346
August 7th, 2017 at 12:57:53 PM permalink
I'm skeptical Alex has anything on Aristrocrat. A junky slot maker like Novomatic, plausible, but Aristocrat I just don't believe. Modern machines like Aristrocrat change the outcome of a game thousands, many millions, of times per second. A human being is not going to be a able to press a button with such pinpoint accuracy. Even if they could, I would still be skeptical. The big boys like Aristrocrat, I think, seed their RNG's with white noise, which is not a repeating cycle.
It's not whether you win or lose; it's whether or not you had a good bet.
Skeptic
Skeptic
Joined: Dec 9, 2015
  • Threads: 5
  • Posts: 133
August 7th, 2017 at 2:33:29 PM permalink
Do you know if they code their own RNG or do they use whatever is built into the kernel of whatever flavor Linux they've modified to run their machines?

There are plenty of vulnerable RNG's out there.
DJTeddyBear
DJTeddyBear 
Joined: Nov 2, 2009
  • Threads: 162
  • Posts: 9620
August 7th, 2017 at 4:18:26 PM permalink
Wiz -

He targets older machines. New machines, presumably, have better RNGs.



Note:

That article is getting a lot of traction. It was featured in today's CDC Gaming Reports email news brief. And I saw it on the 360 Vegas twitter.
Superstitions are silly, childish, irrational rituals, born out of fear of the unknown. But how much does it cost to knock on wood? Note that the same could be said for Religion. I.E. Religion is nothing more than organized superstition.
Wizard
Administrator
Wizard
Joined: Oct 14, 2009
  • Threads: 972
  • Posts: 16346
August 7th, 2017 at 5:54:08 PM permalink
Quote: DJTeddyBear

Wiz -

He targets older machines. New machines, presumably, have better RNGs.



The article mentioned 50 Dragons, which I believe is a fairly modern game.



Quote:

That article is getting a lot of traction. It was featured in today's CDC Gaming Reports email news brief. And I saw it on the 360 Vegas twitter.



Yes, it was an entertaining read but I'm still skeptical of the claims. Furthermore, I think Aristocrat would pay up if it believed the claims to be valid.
It's not whether you win or lose; it's whether or not you had a good bet.
onenickelmiracle
onenickelmiracle
Joined: Jan 26, 2012
  • Threads: 131
  • Posts: 4963
August 8th, 2017 at 4:40:32 AM permalink
The Aristocrats ten years back or more, many people would be uncomfortable playing too fast because they had thought they went straight into nothing mode. It was a very popular belief amongst slot players that really isn't believed on newer machines. It makes sense if these guys waited patiently to gamble.
Looks like sh!t just got imaginary!
TumblingBones
TumblingBones
Joined: Dec 25, 2016
  • Threads: 8
  • Posts: 91
August 8th, 2017 at 8:58:42 AM permalink
The article says it looks like the targeted slots are using a PRNG algorithm lifted from Knuth Vol 2. Using a 50 year old algorithm used to teach Comp Science majors isn't a good idea IMHO.
Last edited by: TumblingBones on Aug 8, 2017

  • Jump to: