Prosecutors say they have evidence indicating the former head of computer security for a state lottery association tampered with lottery computers prior to him buying a ticket that won a $14.3 million jackpot, according to a media report.
Eddie Raymond Tipton, 51, may have inserted a thumbdrive into a highly locked-down computer that's supposed to generate the random numbers used to determine lottery winners, The Des Moines Register reported, citing court documents filed by prosecutors. At the time, Tipton was the information security director of the Multi-State Lottery Association ), and he was later videotaped purchasing a Hot Lotto ticket that went on to fetch the winning $14.3 million payout.
Related Stories
A lottery security director who was convicted of fixing a $16.5m lottery jackpot also allegedly rigged several other lottery random-number generators to be able to predict the winning numbers, according to Iowa investigators.
For several years, Eddie Tipton, the former security director of the US Multi-State Lottery Association, installed software code that allowed him to predict winning numbers on specific days of the year, investigators allege. The random-number generators had been erased, but new forensic evidence has revealed how the hack was apparently done.
Tipton was convicted last year of rigging the $16.5m jackpot in Iowa, and is now awaiting trial on charges linking him to prizes in Colorado, Wisconsin, Oklahoma and Kansas.
Previous coverage: Prosecutors Suspect Man Hacked Lottery Computers to Score Winning Ticket
(Score: 4, Interesting) by mendax on Thursday April 16 2015, @05:36AM
This is why you're supposed to use ping pong balls for lotteries. Computers don't generate truly random numbers, and how easy it is to replace the random number function with something else more predictable.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by c0lo on Thursday April 16 2015, @05:43AM
But... but... ping-pong balls come with a price tag, won't somebody think of the cost?!
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @06:02AM
Because you can't rig a ping pong ball machine? What about dice? I heard loaded dice are totally impossible, because reasons.
(Score: 5, Insightful) by Anonymous Coward on Thursday April 16 2015, @07:26AM
Of course you can rig it. But you can easily test whether a machine is rigged before the actual drawing. First, you can weight the balls, verifying that they are indeed all of the same weight. You can do so with a simple pair of balances which you can separately test for bias in a very simple way. Then you can do a few test draws to check whether the draws are biased in an obvious way. Since the ball-drawing machine has no memory, you can be sure that a bias would not suddenly materialize on the actual drawing for the lottery.
Note that any more complex tampering of either the balances or the ball drawing machine would be very visible, since the mechanism is so simple. Moreover, to manipulate the machine, you would have physical unobserved access for a prolonged time. There's nothing analogous to putting manipulation software on an USB stick and put that stick into a port of the computer at an unattended moment, and remove it at a later unattended moment.
Yes, there's no way to make absolutely certain that the lottery was not manipulated. But already with minimal security effort, manipulating the ball-based machine without being detected before the drawing is orders of magnitude harder than tampering with a computer program without being detected.
(Score: 4, Interesting) by Anonymous Coward on Thursday April 16 2015, @08:27AM
Yes, there's no way to make absolutely certain that the lottery was not manipulated. But already with minimal security effort, manipulating the ball-based machine without being detected before the drawing is orders of magnitude harder than tampering with a computer program without being detected.
Which, BTW, is why electronic voting is such a bad idea. A strategic law can mean a billion dollar windfall for a company, it would totally be worth it to invest 50 million to hack an important election. The candidate himself wouldn't even need to be aware of it, just as long as you know he'll do your bidding on the one law you care about.
(Score: 2) by Bot on Thursday April 16 2015, @10:39PM
There can be different ways of rigging.
I recall one Italian lotto scandal where some numbers to were warmed up before the extraction, and the blindfolded child was instructed to look for those (like it was a game) . It needed insiders of course, and it gave a new meaning to the "hot" number.
But it would not have worked in a lottery because all numbers should have been picked, and in the correct order.
Don't forget the problem, which is generating a random number. It can be done BOTH electronically and physically, just combine the two or more sources. So the idea is still good.
Account abandoned.
(Score: 0) by Anonymous Coward on Friday April 17 2015, @12:44PM
With a ball-drawing machine, there's no child (or other human being) involved in the actual drawing. Any manipulation therefore would have to be on the machine or balls, before the drawing begins.
(Score: 4, Informative) by TheRaven on Thursday April 16 2015, @10:45AM
sudo mod me up
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @01:50PM
Nick Perry of 666 fame would have disagreed that you can't manipulate ping pong balls. His problem was he and his friends had loose lips.
(Score: 0) by Anonymous Coward on Friday April 17 2015, @12:47PM
Note that I explicitly included checking the weight of the balls. Had this been done back then, the rig would have been detected before the drawing occurred.
(Score: 2) by hubie on Friday April 17 2015, @02:25AM
Of course you can [wikipedia.org].
(Score: 4, Insightful) by Anonymous Coward on Thursday April 16 2015, @05:46AM
Lottery officials are supposed to be ineligible to win, to prevent exactly this sort of cheating.
(Score: 3, Informative) by Anonymous Coward on Thursday April 16 2015, @05:38PM
He wasn't eligible. That is why he constructed a super complicated ticket laundering scheme. In fact, the investigators spent over a year trying to trace the ticket backwards. It wasn't until they figured out that he was the guy who bought the ticket that all the pieces fell in place.
(Score: 2) by bradley13 on Thursday April 16 2015, @06:23AM
I thought employees and their immediate families were banned from participation? Seems an obvious precaution...
Everyone is somebody else's weirdo.
(Score: 5, Informative) by wonkey_monkey on Thursday April 16 2015, @07:23AM
That's why he tried (it is alleged) to claim the winnings through an offshore holding company.
Of course, being videotaped buying the ticket in the first place was not the smartest move...
systemd is Roko's Basilisk
(Score: 2) by hemocyanin on Thursday April 16 2015, @04:11PM
I'm a little surprised the store still had the video of him buying a ticket. It was turned in almost a year later just hours before it expired. That seems like a long time to store the video and makes me think a little about the longevity of all the public and private surveillance we are subjected to.
(Score: 2, Informative) by Anonymous Coward on Thursday April 16 2015, @05:56PM
No, the lottery had that the whole time. As part of the agreement with the lottery, they have to provide the video of the person purchasing it.
(Score: 2) by hemocyanin on Thursday April 16 2015, @06:15PM
That makes sense.
(Score: 2) by vux984 on Thursday April 16 2015, @07:30AM
I thought employees and their immediate families were banned from participation? Seems an obvious precaution...
It does say 'former'... not sure if that means former to winning, or former to buying the ticket. But if he rigged the system, and then quit... or simply applied his knowledge from having been in the system and then rigged it from the outside, maybe a remote hack, maybe some social engineering on coworkers he left behind... etc.
(Score: 1, Insightful) by Anonymous Coward on Thursday April 16 2015, @09:57AM
What I want to know is how you can insert a USB thumbdrive into a "highly locked down computer". 2 plus 2 only reaching 2 here.
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @02:14PM
Usually the cable lock is on the back of the computer, so he probably used the front USB port.
;-)
(Score: 2) by jimshatt on Thursday April 16 2015, @07:18AM
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @08:18AM
He should have hired a bum to do it. Get a guy, buy him enough liquor so that his memory is fuzzy, then given him some fortune cookies with lottery numbers in them, send him into the store and tell him to get a ticket for each fortune cookie.
(Score: 2) by pkrasimirov on Thursday April 16 2015, @08:54AM
Downside is when the bum decides he can go without you.
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @09:54AM
huh?
(Score: 1, Funny) by Anonymous Coward on Thursday April 16 2015, @10:27AM
The lonely nights of anguish....
(Score: 1) by khallow on Thursday April 16 2015, @01:15PM
(Score: 2) by hemocyanin on Thursday April 16 2015, @04:00PM
Bum walks out of the store, give him two 1.75l bottles of cheap vodka in exchange for the tickets.
The bum idea isn't awesome though because there is the risk he'll be found, interviewed, and pissed that a lifetime supply of booze was missed.
I don't know if it would work out better, but a confederate with whom you will split the money might be a plan. Prior to buying tickets, you'd make mutually incriminating videos. The friend would win and then fork over half. If he renegged, you'd self-destruct taking him with you by releasing the videos.
The risk here is that one side could threaten MAD in a gambit to get more of the proceeds.
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @04:35PM
The other danger is that you might be wrong on the level of incrimination by the video. For example, say they both are married, and they film each other having sex with a prostitute, with the proviso that the video is distributed to the other's wife should he not fulfil his part of the deal. After having collected the money, that other person tells you "by the way, I told my wife about the thing with the prostitute; she is absolutely OK with that, so feel free to send her the video. You should also know that I've decided to keep all the money; and in case you should plan to do something about it, remember that I've still got the video of you …"
(Score: 2) by hemocyanin on Thursday April 16 2015, @06:15PM
By incriminating I meant"
LottoGuy: OK, here is the plan, I'll rig the machine to spit out a certain number, I'll tell you that number, and then you buy the ticket using that number. When that ticket wins, you will collect the winnings. You'll select the lump sum option, put half the post-tax winnings in an offshore account, and then transfer that account and my half of the winnings to me.
Friend: Yes -- that is our plan and I agree to it.
LottoGuy: I agree to it to.
Now they are both co-conspirators in the fraud.
(Score: 0, Insightful) by Anonymous Coward on Thursday April 16 2015, @07:49PM
lol
there are some dumb ACs on here
the first AC not smart enough to realize you would collect the ticket from the bum as soon as he walks out of the store
and now this AC who thinks you were talking about making a sex tape
I bet its the same dummy
(Score: 1) by khallow on Friday April 17 2015, @01:29PM
Bum walks out of the store, give him two 1.75l bottles of cheap vodka in exchange for the tickets.
You still need someone to cash the tickets. What probably gave the scheme away in the first place was the shell corporation which held the winning ticket.
(Score: 3, Insightful) by jcross on Thursday April 16 2015, @01:39PM
Presumably the smart thing would be to get the lottery tickets back from the bum *before* the results were announced, when their expected value is outweighed by the value of the liquor.
(Score: 5, Interesting) by Justin Case on Thursday April 16 2015, @10:35AM
Frankly, I'm not the least bit surprised by this story.
> inserted a thumbdrive into a highly locked-down computer
If it had a USB slot it wasn't a "highly locked-down computer". For exactly this reason.
I did an audit of a lottery style computer a few years ago. It had almost too many security holes to list. When I presented my findings to the lottery people I might as well have been speaking Martian.
"Our random number generator is teh uber leet impossible to predict. No way anyone could ever."
"But that doesn't matter if I have full control of your server."
"...........??? But our random number generator..."
Seriously. That's all they could say. Random number generator, random number generator, random number generator. You even see the same thinking reflected in the first few posts to this article. Sure if the ping pong balls are televised it is too late to change the results later. But what if you can print a ticket after the drawing is over? Full control of the server would allow that!
In the end, the company didn't fix any of the basic flaws I pointed out. They truly didn't seem to understand the concept of someone else having control of their computer and what that would mean. And anyway, they don't care who wins, as long as they get their cut. And if you don't win because of a hacked system, how would you ever know to complain?
(Score: 2, Disagree) by Anonymous Coward on Thursday April 16 2015, @12:13PM
Well, I wasn't there, but I guess it was in part also your failure at communicating at a level they can understand. You probably used many technical terms that were pure Chinese to them. You probably failed to simplify the description enough that they could understand.
Did you use this wording (or equivalent) at the presentation? And did you say so before they had effectively shut down their listening because of all the technical "gibberish" you told them (because to a layman most of the technical description is gibberish)? If you did, then it's clearly their fault, because there's probably no way to say it more clearly and more understandable. But otherwise, I can only say you should have.
(Score: 5, Funny) by khallow on Thursday April 16 2015, @01:21PM
(Score: 0) by Anonymous Coward on Thursday April 16 2015, @07:31PM
have you ever thought about writing a sequel to lord of the rings or the wheel of time? you're definitely channeling one of the authors...
(Score: 2) by Zinho on Thursday April 16 2015, @09:43PM
Nope, (mis)quoting from Lewis Carroll. If you really want weapons-grade gibberish go to a mathematician, not a fantasy writer: generation of randomness is not something to be left to chance.
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
(Score: 2) by Mr Big in the Pants on Thursday April 16 2015, @07:46PM
You weren't there. That is the only thing you wrote that is factual.
When spending money is involved, some managers tend to get blustery and willfully ignorant - especially when its coming out of their budget or to accept it would accept truisms to be false.
If YOU haven't been there before I doubt you have been to many important meetings..