back to article Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer

The lottery sysadmin who fooled around with random numbers has a new variable to consider: how much up to 25 years he'll have to serve of his latest sentence. While working for the Iowa offices of the Multi-State Lottery Association, Eddie Tipton's scam was to rig the lotteries' random number generator so that on certain days …

  1. Brian Miller

    No code review??

    Let's see: somebody decided that a computer, instead of an observable physical device, should be used to issue random numbers governing the issuance of millions of dollars. And apparently there was no code review done.

    When lotteries became a thing in the late 1980's, they used ping pong balls blown around in a chamber. Completely random, completely observable, and quite simple.

    1. BongoJoe

      Re: No code review??

      Ah, good old ERNIE, who (or did) dish up the numbers for the UK's Premium Bond prizes uses a different method: counting moving atoms or something similar.

      1. Hans Neeson-Bumpsadese Silver badge

        Re: No code review??

        ERNIE is still in use, although there have been a few different versions of him through the years - all of which use a natural type of entropy, rather than some computer-generated randomness.

        There's an episode of the rather excellent "Computing Britain" dedicated to him/it, which I think should still be available to download from the BBC radio website (I can't check availability now because I'm at work and the Fun Police will stop me)

        1. CrazyOldCatMan Silver badge

          Re: No code review??

          and the Fun Police will stop me

          Well, of course. How do you think we get *our* fun?

    2. Dan 55 Silver badge

      Re: No code review??

      Well I pity the poor person who is given a tombola and has to come up with random numbers for x million scratchcards.

    3. ChrisPBacon

      Re: No code review??

      Years ago in the state of Pennsylvania, a fellow by the name of (I believe) Nick Perry weighted the ping-pong balls of the state lottery, rigging that system so a predetermined number would come up. His error that aroused suspicion and ultimately led to his discovery and prosecution was the number he played - 666. Yeah.

      1. steviebuk Silver badge

        Re: No code review??

        And as we see in Better Call Saul he weights the bingo balls with metal liquid which I assume goes hard and is magnetic. Switches the balls out and can force the ball he wants with the magnet he consealed.

        Obviously wouldn't work with a lottery machine as they are checked but still interesting :)

    4. Doctor Huh?

      Re: No code review??

      "When lotteries became a thing in the late 1980's, they used ping pong balls blown around in a chamber. Completely random, completely observable, and quite simple."

      And trivially hacked with old-school methods:

      https://en.wikipedia.org/wiki/1980_Pennsylvania_Lottery_scandal

      1. Anonymous Coward
        Anonymous Coward

        Re: No code review??

        "And trivially hacked with old-school methods"

        See Jimmy McGill/Saul Goodman and his magnetic primer injected into bingo balls for details.

    5. Red Ted

      Re: No code review??

      NS&I are now on ERNIE MK4.

      The introduction of Premium Bonds was overseen by the then Post Master General Ernest Marples, whose honours include: Conflicts of Interest as an MP (he was a partner in a civil engineering firm winning contracts from the Government), Commissioning of the Beeching Report and a snap decision to take a holiday in Monaco after he realised the Tax Man was on to him.

    6. Aodhhan

      Re: No code review??

      Read the article and/or become a lot more familiar with how computers work.

      He installed a ROOTKIT. It doesn't matter how good the application code review is, if you go after the RND generator on the OS.

      This is why script kiddies will never rule the world.

    7. FrankReynolds

      Re: No code review??

      Ping-pong ball hacking possible too. Not been setter call Saul?

  2. John Smith 19 Gold badge
    FAIL

    "and installed a rootkit that let him run his own code."

    Indeed.

    The British Premium Bond system does use an electronically generated random number generator with the digits coming from the noise generated by diode. It stores no state and depends on no initial state data to generate the next digit

    It's not programmable but it can pass all tests for statistical randomness and is not repeatable

    1. Anonymous Coward
      Anonymous Coward

      Re: "and installed a rootkit that let him run his own code."

      "...electronically generated random number generator with the digits coming from the noise generated by diode. It stores no state and depends on no initial state data to generate the next digit"

      That's not strictly true!!!

      The noise produced from a diode very well may be tainted, via a couple of mechanisms. For the case of a Zener or Avalanche Diode, it is possible for these devices to exhibit a negative resistance phenomenon, upon which they can form a relaxation oscillator (Do a search on "Microplasma Discharge Theory" for more information.). A relaxation oscillator produces a very predictable output, exactly not the kind of thing you want for an entropy/random-number source.

      Even if the Zener/Avalanche Diode doesn't succumb to the negative resistance effect, it can still have the characteristics of the junction shift over time, most likely due to energetic carriers producing Frenkel Pair Defects within the Silicon matrix, or, possibly, due to carriers becoming trapped in the passivation layer. It's hard to predict how the shift in junction characteristics may affect the quality of noise being produced from the diode, but, again, it's not necessarily something you want to base an entropy/random-number source on, at least without understanding the effect.

      That's about all I can say here. However, I've worked in the field of cryptography for almost two decades, and have quite a bit of experience with random number generators, including having just went through the NIST SP800-90 specifications in detail (Ugh!).

      Anon Y. Mous

  3. This post has been deleted by its author

  4. Anonymous Coward
    Facepalm

    HIS FIRST MISTAKE WAS...

    The first mistake was being involved in gambling in any form.

    1. phuzz Silver badge

      Re: HIS FIRST MISTAKE WAS...

      You're half wrong, but if you are 'the house', then you always win.

      At least, it would take a complete idiot to drive a casino into bankruptcy, and who could possibly be that stupid?

      1. JimboSmith Silver badge

        Re: HIS FIRST MISTAKE WAS...

        Except if you play the Scratchcards over the pond where some clever bloke workd out how to win (legally) on them. The cards were pulled.

        https://www.wired.com/2011/01/ff_lottery/

  5. Nolveys

    When Will People Learn?

    He should have started a pyramid scheme or gone into banking or something.

    1. Anonymous Coward
      Anonymous Coward

      Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

      "He should have started a pyramid scheme or gone into banking or something."

      How about charging 1p per day for each £7 "block" of borrowings, that way customers can't easily use a calculator to work out the equivalent APR (~52%) or the equivalent APY (Cumulative - 68.4%), and as there is no easy way to calculate the APR/APY, we don't have to state it on any of our documentation, when FCA regulators come calling.

      "Sounds like a winner all round".

      (Extract from a fictitious Lloyds/Halifax Senior Management Memo...obviously)

      https://www.halifax.co.uk/bankaccounts/overdrafts/

      1. rmason

        Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

        Re halifax:

        I've just had their letter too, I don't even have an overdraft on that account.

        The letter preaches about the fantastic and simple changes they have made to the fees. this is then followed by a further 2-3 pages of A4 on how to work out your charges!

        1. Anonymous Coward
          Anonymous Coward

          Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

          If you confront Halifax's complaints department, ask what the equivalent APR is, it's exactly what they have been scripted to say, "It can't be calculated, so we're not giving you an APR/APY figure". Go figure.

          (Just because you don't use doesn't mean you can't/shouldn't make a complaint about it).

          One day you might need it, for whatever reason.

          I so wished we'd (as taxpayers) pulled the plug when it was Lloyds/Halifax needing the "overdraft".

          1. The Jon

            Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

            Received that same letter the other day. I am not an accountant, but I have just modelled the charges, and I can only infer that the vast majority of bank overdraft charges must be levied on sub £50 overdraft values, as the equivalent percentage rates for these are much, much higher than on larger initial sums.

            The 30 day percentage rate is anywhere between 2900% (£0.01 overdraft after 30 days) and 4.64% (£50.00 overdraft after 30 days). The 30 day percentage rates converge to be about 4.23% for values above £500.

            If you were unlucky enough to leave your account overdrawn by £0.01 for a year, the AER would equate to 36400%. A £50 overdraft for a year would have an AER of 72.96%. The AER again converges to about 68.4% above a £500 initial overdraft.

            Imagine if Wonga advertised that their AER for a £0.01 loan was 36400%...

      2. emmanuel goldstein

        Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

        And then run a series of ads using kids' TV characters to promote the "Halifax Savers Prize Draw Superdraw". Remember when personal finance was something to be taken seriously?

        Then again, given the casino mentality of bankers these days (not to mention tax-payer funded bailouts when their bets fail) - it seems somehow appropriate that they should market themselves not with a sober review of their strengths but with a game of chance.

      3. This post has been deleted by its author

        1. HollyHopDrive

          Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

          Worth reminding them the ombudsman charges the bank a fee between (iirc) 250-1000 per complaint regardless who wins (fee depends on the complaint type) so when you mention that you are going to complain to the ombudsman they will usually pay you back if it's less than £150 without quibble unless you are truly being stupid. Faster for you, cheaper for them.

          And that also explains how the ombudsman is mostly funded for those that ever wondered.

          1. paulf
            Happy

            Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

            Another thing worth remembering is that complaint dept operatives tend to be able to solve things up to £50 without significant authorisation as the authorisation process tends to cost more than would be saved from just paying out the amount claimed. So if you have a complaint, and you can reasonably justify it to the 1st/2nd line complaints droid, stiff them for the full £50 (apply an extended remix of time, trouble and inconvenience if this helps).

            My experience of LBG is if the payout is relatively low they tend to nix complaints before they become complaints - I've had CS droids offering small payments of around £20 to avoid it entering their internal complaint system where the cost inevitably rises exponentially with a risk of further costs going to Ombudsman. Some may say this is bribing the customer to keep their complaint stats down but such is capitalism ¯\_(ツ)_/¯

            1. Mark 78

              Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

              You don't even have to bank with Lloyds for them to continually hassle you. I get regular text messages from them confirming they've set up a direct debit for me, when I haven't got an account. Someone has given them the wrong phone number to use for their account and despite several phone calls they seem unable to remove it from their system as they say they "have no way of finding the user from the phone number".

        2. Anonymous Coward
          Anonymous Coward

          Re: When Will People Learn? Halifax Banking...52% APR / 68.4% APY

          When I was a lad at Uni I went to the cash point expecting there to be nothing there as my wages were due in two days time. I'd withdrawn my last tenner the previous evening for the purposes of getting home from the pub. So imagine my surprise when there was still £10 in there an hour later that morning. I was even more surprised when it late me take this money out. I was able to eat that night and bung a quid on the lottery (I was an optimist in my student days). Then when I thought my salary was in I went to withdraw some cash to go to the pub only for my card to be eaten. Quickly phoned the Halifax who confirmed that yes they had instructed the cash point to retain my card as I was overdrawn. Pointing out that I wasn't allowed to go overdrawn on that account, it didn't allow it caused problems. They agreed that I shouldn't have been able to go overdrawn and would call me back with how I had been bale to take out more money that I had.

          They called back about 15mins later and said it's all to do with timing. When I was withdrawing the tenner H'fax were about to do maintenance on their systems. The hole in wall provider had confirmed that the cash was in the account to let me do this. However had then been unable to communicate with the Halifax to tell them that I'd got the cash. Visiting an actual H'fax cashpoint an hour later had allowed me to with draw the phantom tenner because the maintenance was over and the systems hadn't communicated my withdrawal yet between them. When they said there would be a fee for going overdrawn I said please point out in my T&Cs where the overdraft fee is listed. Ah shoot the supervisor couldn't and had to admit that they couldn't charge one on my account. I was sent a new card and I stayed well away of the supermarket cashpoint after that.

  6. Ben1892

    "It worked! I've got the winning ticket, oh wait a sec they'll know who I am when I collect it .... "

    1. JimboSmith Silver badge

      Collecting it

      There was a woman who I saw on telly in the US who explained how she and some friends had done over a casino. Her and an accomplice would go to a casino and play at the Blackjack table on a girls night out. They'd mark the back of the higher value and face cards with a dab of invisible marker (disguised as a cosmetic which they would apply) and they might lose a little but that didn't matter. They'd depart the table with their remaining cash and two men would take over but wearing glasses that could see the mark on the rear of the face cards. They could then gamble knowing what the expected value of the next card/dealer cards would be giving them an edge. They could collect their winnings with the certainty that they couldn't be accused of counting cards etc. You can't just turn up at a blackjack table and start winning by counting cards.

      She said if caught the girls didn't have anything on them that was illegal and the men were only wearing normal looking glasses. So the risk was minimal and when the interviewer asked why she'd now talked about it.....the statute of limitations had run out.

  7. Tromos

    Way too harsh

    25 years? Did the article miss out a few kidnappings/serious assaults/attempted murders/rapes/etc? Most of those don't get sentences that long. I hope he's paroled after about 5 to 7 years as that seems more than adequate punishment for the harm done.

    1. Anonymous Coward
      Anonymous Coward

      Re: Way too harsh

      Government and politician's money. Say no more.

    2. Anonymous Coward
      Anonymous Coward

      Re: Way too harsh

      Absolutely 100%. Jail the violent, and repeat offenders. Then worry about the rest.

    3. FSM

      Re: Way too harsh

      It's America.

      (Search: Marcus Hutchins)

  8. MrBlack

    He should have just created an altcoin ico.....a perfectly legal way to take suckers money.

  9. Adam 1

    Shirley, his lawyer, could have got him off with a little more creativity. Your honour, my client was asked to write a function that returns a random number. This was a simple misunderstanding, nothing more.

  10. Anonymous Coward
    Anonymous Coward

    randomize timer

    lucky%=int(rnd*49)+1

    1. Adam 1

      Using the time as a seed is a bad idea™ when you know the time it will be run (or at least can narrow it down to a relatively small window). It lets you rule out a whole swath of possibilities.

  11. Paul Cooper

    Random?

    Unless the system used a genuine source of randomness (e.g. the noise from a diode as in ERNIE in at least one of his incarnations), it was using a PSEUDO-random number generator. If he knew the algorithm and the seeding source, he might have been able to predict the "random" number sequence - at worst, by replicating the code and simply running it with appropriate inputs! The fact he was able to replace the random number generator suggests that it was indeed only pseudo-random.

    There's also the issue that some pseudo-random number generators are badly designed and in fact produce predictable sequences; certainly predictable enough to skew the statistics of a random draw well away from the expected probabilities, making it worth spending money on buying numbers that are more likely to appear than true random selection would suggest.

    1. Anonymous Coward
      Anonymous Coward

      Re: Random?

      There is a video/article around the net on a Royal Institute speech on someone who "cracked the lottery", by observing an actual loophole in their rules/setup. The rollover weeks used a poorly chosen "guaranteed payout" option.

      It meant, providing someone else also played the lottery on rollover weeks, that they would always have an above average chance of a positive return on all tickets purchased that week. It basically meant, if they purchased in bulk, over multiple weeks, they would approach around a 20% or so return on investment.

      In the end, they ended up with family, friends, everyone investing in buying thousands of tickets every rollover week.

      They even phoned the relevant Lottery Commission to check it was legal. It turns out buying tickets is not illegal, and the error was with the lottery company, not the players.

      http://newsfeed.time.com/2012/08/07/how-mit-students-scammed-the-massachusetts-lottery-for-8-million/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon