Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday April 16 2015, @05:18AM   Printer-friendly
from the you-feeling-lucky? dept.

Prosecutors say they have evidence indicating the former head of computer security for a state lottery association tampered with lottery computers prior to him buying a ticket that won a $14.3 million jackpot, according to a media report.

Eddie Raymond Tipton, 51, may have inserted a thumbdrive into a highly locked-down computer that's supposed to generate the random numbers used to determine lottery winners, The Des Moines Register reported, citing court documents filed by prosecutors. At the time, Tipton was the information security director of the Multi-State Lottery Association ), and he was later videotaped purchasing a Hot Lotto ticket that went on to fetch the winning $14.3 million payout.

Related Stories

Man Hacked Random-Number Generator to Rig Lotteries, Investigators Say 27 comments

A lottery security director who was convicted of fixing a $16.5m lottery jackpot also allegedly rigged several other lottery random-number generators to be able to predict the winning numbers, according to Iowa investigators.

For several years, Eddie Tipton, the former security director of the US Multi-State Lottery Association, installed software code that allowed him to predict winning numbers on specific days of the year, investigators allege. The random-number generators had been erased, but new forensic evidence has revealed how the hack was apparently done.

Tipton was convicted last year of rigging the $16.5m jackpot in Iowa, and is now awaiting trial on charges linking him to prizes in Colorado, Wisconsin, Oklahoma and Kansas.


Previous coverage: Prosecutors Suspect Man Hacked Lottery Computers to Score Winning Ticket

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by mendax on Thursday April 16 2015, @05:36AM

    by mendax (2840) on Thursday April 16 2015, @05:36AM (#171398)

    This is why you're supposed to use ping pong balls for lotteries. Computers don't generate truly random numbers, and how easy it is to replace the random number function with something else more predictable.

    --
    It's really quite a simple choice: Life, Death, or Los Angeles.
    • (Score: 2) by c0lo on Thursday April 16 2015, @05:43AM

      by c0lo (156) Subscriber Badge on Thursday April 16 2015, @05:43AM (#171401) Journal

      This is why you're supposed to use ping pong balls for lotteries.

      But... but... ping-pong balls come with a price tag, won't somebody think of the cost?!

      (grin)

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @06:02AM

      by Anonymous Coward on Thursday April 16 2015, @06:02AM (#171408)

      Because you can't rig a ping pong ball machine? What about dice? I heard loaded dice are totally impossible, because reasons.

      • (Score: 5, Insightful) by Anonymous Coward on Thursday April 16 2015, @07:26AM

        by Anonymous Coward on Thursday April 16 2015, @07:26AM (#171436)

        Of course you can rig it. But you can easily test whether a machine is rigged before the actual drawing. First, you can weight the balls, verifying that they are indeed all of the same weight. You can do so with a simple pair of balances which you can separately test for bias in a very simple way. Then you can do a few test draws to check whether the draws are biased in an obvious way. Since the ball-drawing machine has no memory, you can be sure that a bias would not suddenly materialize on the actual drawing for the lottery.

        Note that any more complex tampering of either the balances or the ball drawing machine would be very visible, since the mechanism is so simple. Moreover, to manipulate the machine, you would have physical unobserved access for a prolonged time. There's nothing analogous to putting manipulation software on an USB stick and put that stick into a port of the computer at an unattended moment, and remove it at a later unattended moment.

        Yes, there's no way to make absolutely certain that the lottery was not manipulated. But already with minimal security effort, manipulating the ball-based machine without being detected before the drawing is orders of magnitude harder than tampering with a computer program without being detected.

        • (Score: 4, Interesting) by Anonymous Coward on Thursday April 16 2015, @08:27AM

          by Anonymous Coward on Thursday April 16 2015, @08:27AM (#171468)

          Yes, there's no way to make absolutely certain that the lottery was not manipulated. But already with minimal security effort, manipulating the ball-based machine without being detected before the drawing is orders of magnitude harder than tampering with a computer program without being detected.

          Which, BTW, is why electronic voting is such a bad idea. A strategic law can mean a billion dollar windfall for a company, it would totally be worth it to invest 50 million to hack an important election. The candidate himself wouldn't even need to be aware of it, just as long as you know he'll do your bidding on the one law you care about.

        • (Score: 2) by Bot on Thursday April 16 2015, @10:39PM

          by Bot (3902) on Thursday April 16 2015, @10:39PM (#171764) Journal

          There can be different ways of rigging.
          I recall one Italian lotto scandal where some numbers to were warmed up before the extraction, and the blindfolded child was instructed to look for those (like it was a game) . It needed insiders of course, and it gave a new meaning to the "hot" number.
          But it would not have worked in a lottery because all numbers should have been picked, and in the correct order.

          Don't forget the problem, which is generating a random number. It can be done BOTH electronically and physically, just combine the two or more sources. So the idea is still good.

          --
          Account abandoned.
          • (Score: 0) by Anonymous Coward on Friday April 17 2015, @12:44PM

            by Anonymous Coward on Friday April 17 2015, @12:44PM (#171992)

            With a ball-drawing machine, there's no child (or other human being) involved in the actual drawing. Any manipulation therefore would have to be on the machine or balls, before the drawing begins.

      • (Score: 4, Informative) by TheRaven on Thursday April 16 2015, @10:45AM

        by TheRaven (270) on Thursday April 16 2015, @10:45AM (#171506) Journal
        In the UK, the national lottery has a number of different sets of balls and machines. Before each lottery, they ask a celebrity or a random member of the public to choose the one to use. That person (or someone in collusion with that person) could potentially (given physical access) tamper with either the balls or the machine, but the balls are also checked for size and weight (both before and after the draw), which means that you probably have to tamper with the machine. The machines are checked periodically and if they produce consistent results then tampering is obvious.
        --
        sudo mod me up
      • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @01:50PM

        by Anonymous Coward on Thursday April 16 2015, @01:50PM (#171585)

        Nick Perry of 666 fame would have disagreed that you can't manipulate ping pong balls. His problem was he and his friends had loose lips.

        • (Score: 0) by Anonymous Coward on Friday April 17 2015, @12:47PM

          by Anonymous Coward on Friday April 17 2015, @12:47PM (#171994)

          Note that I explicitly included checking the weight of the balls. Had this been done back then, the rig would have been detected before the drawing occurred.

      • (Score: 2) by hubie on Friday April 17 2015, @02:25AM

        by hubie (1068) Subscriber Badge on Friday April 17 2015, @02:25AM (#171850) Journal

        Because you can't rig a ping pong ball machine?

        Of course you can [wikipedia.org].

  • (Score: 4, Insightful) by Anonymous Coward on Thursday April 16 2015, @05:46AM

    by Anonymous Coward on Thursday April 16 2015, @05:46AM (#171403)

    Lottery officials are supposed to be ineligible to win, to prevent exactly this sort of cheating.

    • (Score: 3, Informative) by Anonymous Coward on Thursday April 16 2015, @05:38PM

      by Anonymous Coward on Thursday April 16 2015, @05:38PM (#171667)

      He wasn't eligible. That is why he constructed a super complicated ticket laundering scheme. In fact, the investigators spent over a year trying to trace the ticket backwards. It wasn't until they figured out that he was the guy who bought the ticket that all the pieces fell in place.

  • (Score: 2) by bradley13 on Thursday April 16 2015, @06:23AM

    by bradley13 (3053) on Thursday April 16 2015, @06:23AM (#171417) Homepage Journal

    I thought employees and their immediate families were banned from participation? Seems an obvious precaution...

    --
    Everyone is somebody else's weirdo.
    • (Score: 5, Informative) by wonkey_monkey on Thursday April 16 2015, @07:23AM

      by wonkey_monkey (279) on Thursday April 16 2015, @07:23AM (#171435) Homepage

      That's why he tried (it is alleged) to claim the winnings through an offshore holding company.

      Of course, being videotaped buying the ticket in the first place was not the smartest move...

      --
      systemd is Roko's Basilisk
      • (Score: 2) by hemocyanin on Thursday April 16 2015, @04:11PM

        by hemocyanin (186) on Thursday April 16 2015, @04:11PM (#171633) Journal

        I'm a little surprised the store still had the video of him buying a ticket. It was turned in almost a year later just hours before it expired. That seems like a long time to store the video and makes me think a little about the longevity of all the public and private surveillance we are subjected to.

        • (Score: 2, Informative) by Anonymous Coward on Thursday April 16 2015, @05:56PM

          by Anonymous Coward on Thursday April 16 2015, @05:56PM (#171675)

          No, the lottery had that the whole time. As part of the agreement with the lottery, they have to provide the video of the person purchasing it.

    • (Score: 2) by vux984 on Thursday April 16 2015, @07:30AM

      by vux984 (5045) on Thursday April 16 2015, @07:30AM (#171438)

      I thought employees and their immediate families were banned from participation? Seems an obvious precaution...

      It does say 'former'... not sure if that means former to winning, or former to buying the ticket. But if he rigged the system, and then quit... or simply applied his knowledge from having been in the system and then rigged it from the outside, maybe a remote hack, maybe some social engineering on coworkers he left behind... etc.

      • (Score: 1, Insightful) by Anonymous Coward on Thursday April 16 2015, @09:57AM

        by Anonymous Coward on Thursday April 16 2015, @09:57AM (#171496)

        What I want to know is how you can insert a USB thumbdrive into a "highly locked down computer". 2 plus 2 only reaching 2 here.

        • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @02:14PM

          by Anonymous Coward on Thursday April 16 2015, @02:14PM (#171592)

          Usually the cable lock is on the back of the computer, so he probably used the front USB port.

          ;-)

  • (Score: 2) by jimshatt on Thursday April 16 2015, @07:18AM

    by jimshatt (978) on Thursday April 16 2015, @07:18AM (#171432) Journal
    He shouldn't have bought the ticket himself, that was stupid. Otherwise, nice plan. If you're gonna play lotto then you'd better do it right.
    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @08:18AM

      by Anonymous Coward on Thursday April 16 2015, @08:18AM (#171462)

      He should have hired a bum to do it. Get a guy, buy him enough liquor so that his memory is fuzzy, then given him some fortune cookies with lottery numbers in them, send him into the store and tell him to get a ticket for each fortune cookie.

      • (Score: 2) by pkrasimirov on Thursday April 16 2015, @08:54AM

        by pkrasimirov (3358) Subscriber Badge on Thursday April 16 2015, @08:54AM (#171483)

        Downside is when the bum decides he can go without you.

        • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @09:54AM

          by Anonymous Coward on Thursday April 16 2015, @09:54AM (#171494)

          huh?

          • (Score: 1, Funny) by Anonymous Coward on Thursday April 16 2015, @10:27AM

            by Anonymous Coward on Thursday April 16 2015, @10:27AM (#171502)

            The lonely nights of anguish....

          • (Score: 1) by khallow on Thursday April 16 2015, @01:15PM

            by khallow (3766) Subscriber Badge on Thursday April 16 2015, @01:15PM (#171565) Journal
            The money spends even better, if the bum keeps it to himself rather than giving you a piece of the action.
            • (Score: 2) by hemocyanin on Thursday April 16 2015, @04:00PM

              by hemocyanin (186) on Thursday April 16 2015, @04:00PM (#171630) Journal

              Bum walks out of the store, give him two 1.75l bottles of cheap vodka in exchange for the tickets.

              The bum idea isn't awesome though because there is the risk he'll be found, interviewed, and pissed that a lifetime supply of booze was missed.

              I don't know if it would work out better, but a confederate with whom you will split the money might be a plan. Prior to buying tickets, you'd make mutually incriminating videos. The friend would win and then fork over half. If he renegged, you'd self-destruct taking him with you by releasing the videos.

              The risk here is that one side could threaten MAD in a gambit to get more of the proceeds.

              • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @04:35PM

                by Anonymous Coward on Thursday April 16 2015, @04:35PM (#171639)

                The other danger is that you might be wrong on the level of incrimination by the video. For example, say they both are married, and they film each other having sex with a prostitute, with the proviso that the video is distributed to the other's wife should he not fulfil his part of the deal. After having collected the money, that other person tells you "by the way, I told my wife about the thing with the prostitute; she is absolutely OK with that, so feel free to send her the video. You should also know that I've decided to keep all the money; and in case you should plan to do something about it, remember that I've still got the video of you …"

                • (Score: 2) by hemocyanin on Thursday April 16 2015, @06:15PM

                  by hemocyanin (186) on Thursday April 16 2015, @06:15PM (#171679) Journal

                  By incriminating I meant"

                  LottoGuy: OK, here is the plan, I'll rig the machine to spit out a certain number, I'll tell you that number, and then you buy the ticket using that number. When that ticket wins, you will collect the winnings. You'll select the lump sum option, put half the post-tax winnings in an offshore account, and then transfer that account and my half of the winnings to me.
                  Friend: Yes -- that is our plan and I agree to it.
                  LottoGuy: I agree to it to.

                  Now they are both co-conspirators in the fraud.

                  • (Score: 0, Insightful) by Anonymous Coward on Thursday April 16 2015, @07:49PM

                    by Anonymous Coward on Thursday April 16 2015, @07:49PM (#171706)

                    lol

                    there are some dumb ACs on here
                    the first AC not smart enough to realize you would collect the ticket from the bum as soon as he walks out of the store
                    and now this AC who thinks you were talking about making a sex tape

                    I bet its the same dummy

              • (Score: 1) by khallow on Friday April 17 2015, @01:29PM

                by khallow (3766) Subscriber Badge on Friday April 17 2015, @01:29PM (#172010) Journal

                Bum walks out of the store, give him two 1.75l bottles of cheap vodka in exchange for the tickets.

                You still need someone to cash the tickets. What probably gave the scheme away in the first place was the shell corporation which held the winning ticket.

        • (Score: 3, Insightful) by jcross on Thursday April 16 2015, @01:39PM

          by jcross (4009) on Thursday April 16 2015, @01:39PM (#171581)

          Presumably the smart thing would be to get the lottery tickets back from the bum *before* the results were announced, when their expected value is outweighed by the value of the liquor.

  • (Score: 5, Interesting) by Justin Case on Thursday April 16 2015, @10:35AM

    by Justin Case (4239) on Thursday April 16 2015, @10:35AM (#171505) Journal

    Frankly, I'm not the least bit surprised by this story.

    > inserted a thumbdrive into a highly locked-down computer

    If it had a USB slot it wasn't a "highly locked-down computer". For exactly this reason.

    I did an audit of a lottery style computer a few years ago. It had almost too many security holes to list. When I presented my findings to the lottery people I might as well have been speaking Martian.

    "Our random number generator is teh uber leet impossible to predict. No way anyone could ever."

    "But that doesn't matter if I have full control of your server."

    "...........??? But our random number generator..."

    Seriously. That's all they could say. Random number generator, random number generator, random number generator. You even see the same thinking reflected in the first few posts to this article. Sure if the ping pong balls are televised it is too late to change the results later. But what if you can print a ticket after the drawing is over? Full control of the server would allow that!

    In the end, the company didn't fix any of the basic flaws I pointed out. They truly didn't seem to understand the concept of someone else having control of their computer and what that would mean. And anyway, they don't care who wins, as long as they get their cut. And if you don't win because of a hacked system, how would you ever know to complain?

    • (Score: 2, Disagree) by Anonymous Coward on Thursday April 16 2015, @12:13PM

      by Anonymous Coward on Thursday April 16 2015, @12:13PM (#171540)

      Well, I wasn't there, but I guess it was in part also your failure at communicating at a level they can understand. You probably used many technical terms that were pure Chinese to them. You probably failed to simplify the description enough that they could understand.

      But what if you can print a ticket after the drawing is over? Full control of the server would allow that!

      Did you use this wording (or equivalent) at the presentation? And did you say so before they had effectively shut down their listening because of all the technical "gibberish" you told them (because to a layman most of the technical description is gibberish)? If you did, then it's clearly their fault, because there's probably no way to say it more clearly and more understandable. But otherwise, I can only say you should have.

      • (Score: 5, Funny) by khallow on Thursday April 16 2015, @01:21PM

        by khallow (3766) Subscriber Badge on Thursday April 16 2015, @01:21PM (#171573) Journal
        Well when it's brillig, of course slithy toves gyre and even gimble in the wabe. That's just what they do in the situation. We can just look at this a little bit here. Borogoves mimsy? Check. Mome raths outgrabe? Check. This is so obvious. Coherent we don't even
        • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @07:31PM

          by Anonymous Coward on Thursday April 16 2015, @07:31PM (#171699)

          have you ever thought about writing a sequel to lord of the rings or the wheel of time? you're definitely channeling one of the authors...

          • (Score: 2) by Zinho on Thursday April 16 2015, @09:43PM

            by Zinho (759) on Thursday April 16 2015, @09:43PM (#171743)

            Nope, (mis)quoting from Lewis Carroll. If you really want weapons-grade gibberish go to a mathematician, not a fantasy writer: generation of randomness is not something to be left to chance.

            --
            "Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
      • (Score: 2) by Mr Big in the Pants on Thursday April 16 2015, @07:46PM

        by Mr Big in the Pants (4956) on Thursday April 16 2015, @07:46PM (#171705)

        You weren't there. That is the only thing you wrote that is factual.

        When spending money is involved, some managers tend to get blustery and willfully ignorant - especially when its coming out of their budget or to accept it would accept truisms to be false.

        If YOU haven't been there before I doubt you have been to many important meetings..