Hacking Scratch Lottery Tickets

Design failure means you can pick winning tickets before scratching the coatings off. Most interesting is that there's statistical evidence that this sort of attack has been occurring in the wild: not necessarily this particular attack, but some way to separate winners from losers without voiding the tickets.

Since this article was published in Wired, another technique of hacking scratch lottery tickets has surfaced: store clerks capitalizing on losing streaks. If you assume any given package of lottery tickets has a similar number of winners, wait until you sell most of the way through the packet without seeing those winners and then buy the rest.

Posted on February 10, 2011 at 6:42 AM • 68 Comments

Comments

salachFebruary 10, 2011 7:14 AM

Why bother? the easiest way is to shine strong UV light on the scratchable area and in many such tickets you can figure out the text underneath. I had one case personally where a store gave you such discount cards when you stood in queue in front of the cash register. There was a big mercury vapor lamp above the queue which was like a turkish bath but the up side-you could see through and know the size of the discount. It was too small so i just asked for another card and the discount was much more significant.
Sometimes low-tech is the best approach...

JustinFebruary 10, 2011 7:16 AM

I've heard about this being done for quite some time; there are rules/regs/laws that prohibit store employees from buying tickets for that reason going back decades...

JurjenFebruary 10, 2011 7:24 AM

When I was a student, MacDonalds had scratch tickets where you had to open just one box, and that box determined your prize.
I ate quite a few free hamburgers these days.

YuriFebruary 10, 2011 8:04 AM

In the UK scratch tickets are usually dispensed from rolls, so there is no option of pre-choosing the ticket.
So here you would have to buy lots, and return ones you don't want, which still works but is more effort.
Store clerks of course can still count the losing streaks, but with up to 10 different cards on dispensers at each till, I doubt that it'd be easy to keep track.

Clive RobinsonFebruary 10, 2011 8:18 AM

I'm realy not that surprised about this "side channel" leaking information to the punter.

If you consider the demographic of those who buy these "last hope" cards then you will get an insight as to why the manufactures (printers) and operators of such systems don't put a great deal of effort into them.

From the manufactures point of view they want to produce them as cheaply as they possibly can (ie tenths of a cent) form the operators point of view they want to maximise the "hook" value as they get a fixed percentage of retail price.

It is in neither of their financial interests to put in any more effort than required.

Thus the people who lose out in the long run are the "last hope" punters laying down the price of a tin of baked beans in the folorn hope of winning the big one.

From my view point nearly all lottos are a viciously cinical exploitation of those at the very bottom of society...

Eric RileyFebruary 10, 2011 8:28 AM

I was wondering why any stores would (as is mentioned in the original article) buy back any of the tickets or allow people a choice in which ticket they get. As I recall from the few that I've bought, you get the next one on the roll and it never even occurred to me that the sale could be taken back (whatever happened to 'all sales are final')? I would be awfully suspicious of someone coming in with a pile of unscratched lottery tickets to sell...

caseyFebruary 10, 2011 8:44 AM

-Clive

You are too right about the lottery. Even worse, the lottery where I live always tries to associate the lottery with specifically supporting the school system to cover the stink of the ethical failing. They are also adding slot machines for the more impatient fools.

Another scam we have is when school children sell $4 candy bars ($.80 goes to the school!) to support art/music.

I would vote against it, but sadly, both major political parties want it. The only difference is the who/where issue.

PatrickFebruary 10, 2011 8:54 AM

I remember when I was a kid, we got scratch-off tickets from the local convenience store where they said every ticket could be a winner, if you scratched the correct apple. There were five apples covered and one would get you a free prize. We figured out that you could simply hold the ticket over any light bulb and see right through the scratch-off material.

Lots of free slurpees!

RandyFebruary 10, 2011 8:57 AM

In Ohio, USA the lottery is marketed as "supporting education". What the state government never says is that for every dollar that the lottery gives to the education fund, the state takes away a dollar from their budget, so it's a wash. Schools *never* get more money. It's really dishonest.

Randy

BasFebruary 10, 2011 9:20 AM

The capitalization of the losing streaks can't work if the number of winners is evenly distributed.

A hundred times no 6, does not make 6 more likely in dice rolls. Even if the dice rolls are "pre-rolled".

ZimmieFebruary 10, 2011 9:37 AM

Bas:

It depends on the window over which winners are evenly distributed. If a roll of tickets contains 50 tickets, and every roll is guaranteed to have two winners, there is a chance of the winners clustering at the end in some rolls.

If the winners are distributed randomly throughout all rolls, you will get some rolls that have no winners at all, yes. That generally is not how scratch-off lottery tickets work, though.

bob (the original bob)February 10, 2011 9:51 AM

I was unaware that you could return unscratched tickets. Why would any lottery allow that, it seems stupid at first glance?

Are the "returned" tickets resold or destroyed? (and if sold, is it at face value? "Half-price lottery tickets sold here - odds of winning only slightly lower!")

boogFebruary 10, 2011 10:00 AM

@bob (the original bob) "I was unaware that you could return unscratched tickets. Why would any lottery allow that, it seems stupid at first glance?"

I was thinking the same thing, but then Srivastava said the following: "Of course, you could also just find a retailer willing to cooperate or take a bribe. That might be easier."

Indeed it would be.

ShaneFebruary 10, 2011 10:25 AM

This _might_ be interesting if it weren't for the fact that you can't simply walk into a gas station and ask to inspect the roll of scratch offs, then buy only the ones you want.

ShaneFebruary 10, 2011 10:28 AM

Again, _might_ be interesting, cept the guy said it himself: he makes more as a consultant.

Flawed or not, the only 'winners' in the lottery are the state, and the gaming commissions. Everyone else gets like 50 cents on the dollar.

And you CANNOT return unscratched tickets in every state. At least not when I was a wee little gas station attendant in my high school years.

Clive RobinsonFebruary 10, 2011 10:39 AM

For those talkingabout "rolls" of lottery tickets, they are not always sold that way. They used to be sold from books like you buy raffle tickets.

Likewise not all lottery sales are through big state or governmental setups. Many charities buy on "sale or return" books of lotto tickets for selling at fairs etc, which is just a variation on raffles or tombolers etc.

Also in various european countries disabled or ex service people can buy on sale or return books of tickets that they sell from little kiosks or street corner stands alongside the bigger "draw" lottery ticket sales.

NobodySpecialFebruary 10, 2011 10:48 AM

This particular game had individual cards so you could pick the ones you wanted.

Some jurisdictions allow refunds on unused lottery tickets to reduce gambling addiction (!) - apparently to allow you to change you mind.

The major flaw in the lottery here is that the store has a machine that tells you if you have won - the usual scandal is the store owner having lots of wins from telling customers (especially ones that don't speak english) that they have lost and then keeping the winning ticket.

ShaneFebruary 10, 2011 10:50 AM

@Clive

Well buddy, here in the states, namely many Midwest states, you have two choices:

Buy singles from a vending machine (no returns there), or you buy them off of a roll at a convenience store.

I stand by my statements. Not very interesting to find a flaw that requires the stars be in alignment to profit more than the 50c on the dollar ratio :/

If the guy who figured it out dismissed it as no more profitable than his day job, Wired is having a slow news day, and got a little woody from his background as a statistician.

ShaneFebruary 10, 2011 10:58 AM

I think we could all agree though, that if any 'hack' in the system was even remotely affecting the bottom line, it would've been noticed straight away.

I see this as no more significant than counting cards in blackjack. Sure, you can do it. But you're not gonna get rich, at least, not before doing some jail time or having your name plastered all over every casino in the country.

Hollywood and the media might want to make it sound like a clever little romp vis-a-vis beating the system, but I've yet to see anyone bankrupt any of the gambling outlets, local state or otherwise.

On the flipside, casinos and lotteries bankrupt your regular joe-middle-income quite frequently, before sending them off to their sister industry: gambling addicts anonymous.

ShaneFebruary 10, 2011 11:00 AM

Besides, did anyone stop to think that the lottery only prints winning tickets it can afford to pay for in the first place? Pretty obvious.

Which would, in turn, mean that you're not 'beating the system', your 'defrauding the other players'.

Big difference IMHO.

RSXFebruary 10, 2011 11:04 AM

Eh, lotteries are pretty unethical as it is (Monthly payments over 20 or 30 years, the 40% tax you have to pay so someone can have their own 'lottery' with no trip to the gas station required, etc).
It's ok to level out the playing field..They're criminals, so I feel its alright to be one too.

Alan BostickFebruary 10, 2011 11:05 AM

The Wired article hints at this: is it possible that this design flaw isn't a flaw at all, but a feature? A reasonably successful strategy for picking winning tickets can turn into a reliable method of laundering money for organized crime. If crime organizations have penetrated the businesses that produce lottery tickets for the states, they can exploit the built-in back door to turn dirty cash into "legitimate" lottery winnings.

ShaneFebruary 10, 2011 11:08 AM

@Alan

Clever maybe, but kind of ridiculous. Plenty of white collar bankers out there (esp. with a ratio of 1 psychopath in every 100 for an evenly distributed population, generally falling into categories of executives or mass murderers) to launder the money for them.

Why go through 10 extra steps and a state-sponsored organization?

ShaneFebruary 10, 2011 11:10 AM

Not to mention isn't one of the ideas behind laundering money to avoid paying taxes? Why would the Mob want to pay a 40+% capital gains tax and go through the trouble of sifting through scratch-offs?

Occam's Razor anyone?

cbarnFebruary 10, 2011 11:19 AM

Shane, you're correct - the lottery has already priced in all the winning tickets and knows it'll come out ahead, so only the other players are being defrauded.

On a related note, I wonder if playing on general awareness of this type of hack could actually be used to increase sales. Recently a food product I buy regularly started a contest - the inside of the lid has a letter, and if you can collect the letters to form certain words you can win fairly substantial prizes. It's obvious looking at the list of words that each word has two unique letters in it, the rest of the letters appear in several or all of the words. Obviously those "singleton" letters in each word control the number of winners - and yes, on the very first day I got one of those letters. Odds are that there's an awful lot of that letter in circulation, and it's the other one in the unique pair that really controls the prize - but a less skeptical person might easily think "Ooh, I got one of the special letters, I'm half-way to winning! I'd better buy more product ..."

Sure, we all know that logic is flawed, but this blog is FULL of examples of people misjudging the odds ...

Rich WilsonFebruary 10, 2011 12:50 PM

In high school I worked at a small gas station that sold scratch tickets. One of the owners took advantage of losing streaks and often picked up an extra $5-$50. The other owner was highly annoyed, and saw it as killing the goose that lays the golden egg. Those small wins are there to encourage people to buy more tickets. If the customers don't get that incentive, they stop buying them, and the owner loses that revenue stream.
I'm not sure if the lack of wins actually put anyone off, but the ticket-buying-owner surely didn't make any great fortune, if he even did better than even.

boogFebruary 10, 2011 1:17 PM

@cbarn "...the lottery has already priced in all the winning tickets and knows it'll come out ahead, so only the other players are being defrauded."

That seems awfully short-sighted; if players only buy winning tickets, lottery revenues would be significantly lower, despite payouts being unchanged (or increased).

They also expect that a percentage of winning tickets won't be redeemed; expiration dates are evidence of this. More winning tickets being redeemed means they pay out more than they were estimating. Sure, they can already cover the payouts, but they get less in the end.

Clearly these "hacks" (while not terribly profitable for the player) affect the bottom line, and clearly the lottery does care about cheaters. Otherwise, why would the tic-tac-toe game be pulled from stores the day after its flaws were revealed?

ShaneFebruary 10, 2011 1:29 PM

@boog "if players only buy winning tickets, lottery revenues would be significantly lower"

That's making the assumption that the actual POS vendors of said tickets haven't already paid the distributors for the bundles of tickets.

I couldn't speak to that with any accuracy, but taking an example from just about every other facet of US retail, it generally doesn't work like that.

My _guess_ is that vendors purchase a bundle of tickets for X dollars - then pays out winners up to $100 (at least AFAIK), and bills the distros for the payouts.

Still leaves the profit margins relatively untouched. Which, considering the multi-billion dollar status of the industry, seems the likeliest of methodologies. Just a thought.

ShaneFebruary 10, 2011 1:36 PM

Additionally, I don't see pulling the tickets off of the shelves any kind of tell as to the vulnerability of their profit margins. Even a savings of $.10 past the cost of a recall would likely be enough justification for any corporation.

boogFebruary 10, 2011 1:48 PM

@Shane "My _guess_ is that vendors purchase a bundle of tickets for X dollars - then pays out winners up to $100 (at least AFAIK), and bills the distros for the payouts."

That's certainly possible, even likely. So you would agree then that it's in the _vendors'_ best interest that players not cheat, correct?

HistorianFebruary 10, 2011 2:13 PM

@Clive - "From my view point nearly all lottos are a viciously cynical exploitation of those at the very bottom of society..."

For a change, I agree with you 100%.

In the US, though, all of that lotto income that is given to the government willingly without levying a tax has proven to be too great a temptation for most states.

ShaneFebruary 10, 2011 2:53 PM

@boog - I suppose to a certain degree, yes, but in that case you still have to account for the rest of the lottery customers, most of whom would be unaware that there were (hypothetically) no more winning tickets on the bundle they were purchasing from, hence still buying losing tickets, hence still filling the vendors coffers.

derekFebruary 10, 2011 3:06 PM

about 15 years ago I worked at a gas station, we ran a promo for a few months where you got a scratch ticket with any purchase.
the tickets had prizes of discount gas, free junk food and such.

it didn't take me long to note that winning tickets where about "a 1/8th of a not much" longer then the others.
the size difference was so small that you could not see it, but you could feel it when you run a finger down the end of a large stack.

I would take the stacks of tickets and sort the winners from the stack and make sure to give a winner to the nice customers.

all the customers who I didn't like got a short ticket. (better luck next time)


.

kingsnakeFebruary 10, 2011 3:54 PM

Playing the numbers -- or the state-sponsored version thereof -- is only a waste if you do it to excess, same as any other form of gambling. Sure, your odds of winning are extremely small, but there is still *some* chance of winning. Blow that same dollar on a soda, and you have zero chance of winning. If the game is honest, no one is being defrauded anymore than they are if they spend $10 on a crappy movie.

no foolFebruary 10, 2011 4:13 PM

@cbarn: "but a less skeptical person might easily think "Ooh, I got one of the special letters, I'm half-way to winning! I'd better buy more product ..."

The problem with food-related contests is the possibility that the one-and-only unique game piece might be bought by a one-time customer, who is either not aware of the contest, or who doesn't care. After consuming the product, the game piece is thrown away, lost forever, preventing the "Grand Prize" from ever being awarded.

No OneFebruary 10, 2011 5:38 PM

@no fool: The problem with food-related contests...

That's a problem? (Intentional cynicism activated.)

Though in truth, that never happens. Why? Because in reality ever since the inception of the McDonald's Monopoly game people very close to the company that prints and distributes the game pieces have won the top prizes every year. A few of them have been convicted of fraud but I'm guessing most of the cars and TVs were claimed without issue.

Tony H.February 10, 2011 5:58 PM

@kingsnake
"Sure, your odds of winning are extremely small, but there is still *some* chance of winning. Blow that same dollar on a soda, and you have zero chance of winning."

Actually, no, if we're talking about the big jackpot kind of thing, rather than these little scratch & win cards. There's little connection between having bought a ticket and winning, because the odds of winning are so tiny that multiplying by the chance that you'll somehow unexpectedly acquire a ticket doesn't change it much. I have never bought one of those big jackpot tickets in my life, but I have several times had one bought for me as a gift, and I once found one on the street. "You can't win if you don't buy a ticket" is just a marketing slogan.

Tony H.February 10, 2011 6:15 PM

Why would retailers buy back unused tickets? Well why not? If they refuse, it contributes to the impression that the tickets can be "read" by some means without scratching/opening, and that reduces confidence all round. If they are truly technically immune to un-tamper-evident reading, then surely it contributes to confidence for sellers to buy them back.

And as for allowing purchasers to choose which tickets they buy, this is surely part of the marketing that calls buying a ticket "playing" the lottery. The OLG et al want to encourage buyers (uh, "players") to think that their wacky numerology or whatever systems will help them, so why not let them choose the card with a serial number that matches their birthdate, or their lucky colour scheme or whatever, the same as they allow buyers of the big jackpot draw tickets to choose their own numbers? Again, if the tickets are read-proof, there is no issue.

In Ontario (where the original story is from), gas stations and grocery stores have flat clear-plastic-covered trays for the tickets, and often the entire tray is handed to the buyer for inspection, and then they point to the ticket(s) they want.

A stitch in timeFebruary 11, 2011 12:05 AM

Old school (UK) there was spot the ball cards and an initial would be placed against each person's bet, though as it was a folded card merely machine stitched together. Manual Stitching & Unpicking the stitch skills could be very profitable.

$600 dollars *a day* via scratch card gaming seems a good trade off for a days work:
"I estimated that I could expect to make about $600 a day. That’s not bad. But to be honest, I make more as a consultant, and I find consulting to be a lot more interesting than scratch lottery tickets.”"
http://www.wired.com/magazine/2011/01/ff_lottery/all/1

$4200 per week is no small change and what about buying the cards wholesale and working with a confederate to cash then in...

ytFebruary 11, 2011 5:31 AM

For those wondering where/why they would let you choose which scratch-off ticket you take, I can answer half of the question. In Finland, buying a scratch-off ticket is a small ritual in which the cashier presents the available tickets and the customer selects one. As to why, I'm not sure.

jdFebruary 11, 2011 8:28 AM

@kingsnake
"Sure, your odds of winning are extremely small, but there is still *some* chance of winning. Blow that same dollar on a soda, and you have zero chance of winning."

Quite the opposite, actually! True story: one day, me and my father-in-law went to a donut shop. He spent a dollar on an instant-lose lotto ticket, and I spent a dollar on a donut. I won, of course: I had a delicious jelly donut, while all he had was a piece of paper that he scratched at and then threw in the garbage. (I pointed this out to him, and he got all angry.)

NobodySpecialFebruary 11, 2011 11:41 AM

@yt - superstition. If the idiot (sorry customer) can select tickets and pick the one with their lucky numbers they are more likely to buy.

If they just get given the next one off the roll and everything is decided for them they are much less likely to play - it becomes more like paying taxes than gambling.

no foolFebruary 11, 2011 11:45 AM

@no one

After posting, I pondered the likelihood of some small print in the rules of those "food" games which states that the game distributor has "the right to not award all prizes", in the event that key game pieces are never redeemed.

Former Game Printing GuyFebruary 11, 2011 12:29 PM

I once worked for a company that made game pieces for McDonalds. The minor prizes were inserted semi-randomly into the common strips of losing/insignificant game pieces

All the major prizes were printed only with McD's execs present, handed off to the execs and the dies destroyed after the winning pieces were confirmed successfully printed. There is no randomness to which store/newspaper gets the million-dollar winner, nor any of the other major prizes.

Red BugFebruary 11, 2011 2:44 PM

I wonder if one could make microscopic scratches that wouldn't be visible to naked eyes but would be useful in determining the underlying symbol?

JakeFebruary 11, 2011 8:13 PM

I remember about 10 years ago there was a promotion from Coca-Cola in which a prize was stated on the underside of the bottle cap.

I quickly discovered that out of every pallet of 36 20oz sodas, two in specific positions had a "win free 20oz soda".

there was a convenience store in which the items were loaded into the refrigerator still on the pallet, as opposed to being taken out one at a time and ostensibly scrambled.

my friends were shocked at my ability to drink 30 sodas and pay for maybe four before the promotion ended.

Nick PFebruary 12, 2011 12:14 AM

Well, in our area, most cards are manufactured by Scientific Games. This is the company that invented scratch-off lottery, as far as media reports. Co-founder John Koza is a brilliant Artificial Intelligence researcher who [officially] created & rocked the field of Genetic Programming. Needless to say, they were pretty smart about everything and they invest heavily in the security of the scratch-off material. I read one article describing a pen tester they employ to try everything to get the numbers w/out evidence of tampering and failing every time due to their proprietary chemicals and printing process.

I've actually never seen one of the cards mentioned in the articles. The local cards are mostly Scientific Games and the only numbers that are on the card (and significant) are scratch-off. To beat the system, one must be able to see the numbers w/out evidence of tampering. Any thoughts on that? Is this material really unbeatable and meriting further applications by the security community? Or are they overstating how hard it is to beat?

Another aspect of this that I look at is the codes on the back. I've seen claims that the barcodes or at least the other, longer barcode on the back of a card indicates what the payout will be. Is there any evidence Sci Games or other companies are producing cards with this weakness or is it hearsay? I'm always focused on high assurance, so Sci Games is my target because it seems they've realized it in this market. Or have they? My mind boils with ideas, but I'd like to hear what you "hands-on" types think.

Clive RobinsonFebruary 12, 2011 5:03 AM

@ Nick P,

"I've seen claims that the barcodes or at least the other, longer barcode on the back of a card indicates what the payout will be."

It may well be true (and probably is) but that does not mean it actually leaks information as to if the card is a winner or not.

Let us assume for them moment the long bar code can indeed be used to verifiy that the card is a winner for 100,000USD.

Then the question arises can this code be proof positive without revealing that the card is a winner.

The simple answer is yes and without difficulty if you have an appropriate one way function. Such as the number is an index to a Database of all the cards. Provided there is no patern in the way the prizes are asigned and recorded in the. database then there would be no value to the number prior to it's presentation (unless you had access to the DB).

However a lot depends on sufficiently decoupling the "index number" from "prize potential", and lets be honest a lot of code cutters are not overly bright in this respect... We have afterall seen gambaling machine programes using pesuodorandom generators bassed on very short Liniear Feedback Shift Registers...

Nick PFebruary 12, 2011 2:01 PM

@ Clive Robinson

"and lets be honest a lot of code cutters are not overly bright in this respect"

That's what I'm counting on. The Sci Games people might have had good security engineers design the scheme with oversight from the brilliant co-founder. Or they just hired some guys with a decent resume who were more focused on getting the product out than ensuring its security. With this company, it really could be either one.

If the codes are made with a hash, then the odds are quite against me. There's no telling what the input was. Even a reused nonce would prevent me from reverse engineering it if I only had the hash output and no clue where to start. I guess I'm looking for a design flaw that leaks information. Many times companies try to be clever and use a proprietary method instead of tried-and-true crypto. There's also the situation where someone *wants* it to leak information so that certain people can profit off it (e.g. money laundering).

The scratch-off material is still my biggest curiosity. Did they really make a perfectly secure seal that costs like a penny per card? If so, I could see other applications for it. I keep thinking of using methods to see through it from the back instead of the front. Using some kind of imaging technology. It would have to be one that differentiated between colors because the numbers are printed on the card itself.

PubliusFebruary 12, 2011 5:52 PM

The coin doesn't remember what came up in previous throws. There is no reason to think a run of losses increases the odds of the next throw to be a win, if it's a sufficiently random generator.

However if the game admins are engineering a certain number of wins without using randomness and long run expectation to make the game work correctly, then somebody like a gas station owner noticing the runs of losses could very well make a significant difference in his odds. I mean if you know there are 2 wins in a batch and nobody won from the batch yet, those few remaining cards contain the winners. In this case the game companies are engineering their own destruction. Of course bad government could step in and say anything is cheating and fail to fix the true problem.

DonFebruary 12, 2011 10:03 PM

Ha ha,

Well, the lottery kiosk at my local shopping center doesn't keep the scratch cards in their rolls. As the lady in the kiosk says, a bunch of rolls where people can't see the cards won't sell, so she has a glass case covering the length of the counter with nice rows of scratch cards attractively arranged so the customers can better decide which ones they like (and of course, now, more than a few will probably be looking at them with a gleam in their eyes trying to figure out a system.)

RobertTFebruary 13, 2011 12:04 AM

Although I know absolutely nothing about "scratch-it" lottery tickets, I do no a lot about material physics and different forms of imaging using concepts similar to "vibrational spectroscopy".

Based on what little I have read I'll bet there is an imaging window somewhere in the 0.2Thz to 0.4Thz range where the coatings are transparent but the ink used to print the unique numbers will be at a molecular resonance. Unfortunately this equipment is probably a little hard for the average Joe to obtain.

If I were looking for a simple, off the shelf solution, I'd start at some easy to obtain IR optics for imaging, say 8000nm to 10000nm wavelengths and I'd probably try to create a temperature differential across the ticket, say cool the back of the ticket, with "dry ice" and scan the front with a low power 10000nm laser. I expect that either the ink, or the process of printing the numbers, will change the heat transmission characteristics of the ticket significantly. making the secret information easy to read.


Clive RobinsonFebruary 13, 2011 11:43 PM

@ Nick P,

"I guess I'm looking for a design flaw that leaks information. Many times companies try to be clever and use a proprietary method instead of tried-and-true crypto."

I'm sure there are design flaws (I'd take that as a given in all systems ;) the question then becomes is the flaw identifiable and if so is it amenable to cost effective exploitation.

I suspect (from experiance) that the best place to look for "Inadvertant flaws" is on the "boundaries" or "interfaces" of peoples responsibilities / knowledge / remit.

The next is to look for "deliberate flaws"...

And no I don't mean somebody has deliberatly "rigged it" for explotation. Instead think about the bane of most engineers lives "auditing information". The "auditors" will want some method of ensuring "product quality" etc or more importantly nobody else has "rigged the system" deliberately or inadvertently.

The number of "end runs" I've seen put in systems to keep "auditors of our backs" makes me think that they are always "additions" to the system and not "built ins".

As always "additions" to the original specification or "functional creep" are a prime place to look for security flaws, usually because of "hidden assumptions". The "predictability" flaw outlined is the article is in all likely hood a classic example of this "additions" problem.

I will make a small bet (the usuall pint of beer) that an existing but flawed process was "co-opted" into the roll of printing the match panel.

If you think about it the idea (probably from marketing) was to make the card more attractive to the punnter than just an ordinary scratch card. That is by adding a "match" asspect as a "hook" to get more involvment from the punter. Now as we know from often bitter experiance "creative marketing" types want it by yesterday...

Thus I suspect an existing process was "rapid prototyped" into producing examples quickly. And that nobody checked the original process for a flaw (predictability) in the new application. I further suspect that the predictability flaw was known and talked about originaly but deamed "ok" as in the original use it was "implicitly assumed" to be "hidden from view" under the scratch off material thus could not be seen to be exploited. A safeguard the new use obviously lacked...

Nick PFebruary 14, 2011 5:41 PM

@ RobertT and Clive

So, basically, the attackers have little to gain and require tons of effort, time, knowledge and sophisticated equipment to gain it. Most probably move on to poorly designed scratch-off cards, credit card fraud, etc. that are easier with a better payoff. I'd say this is an example of security done right, from a risk management angle. I rarely say that on this blog... lol

Nick PFebruary 16, 2011 2:55 PM

@ Jason

Incidentally, that's the one I was examining. This is why I changed the discussion to revealing the hidden numbers. Scientific Games did great work on their sealing technology where traditional methods don't work so well.

AltF4February 18, 2011 8:12 PM

@Shane
Counting cards isn't illegal and you wont spend any jail time for doing it. You are however right that it isn't necessarily profitable. In blackjack the house usually has about a 0.5% advantage when counting cards the player has about a 1% advantage. So its very difficult to turn a significant profit solo.

Leah48March 16, 2012 7:20 PM

This is regarding regular lotto drawings: Since the computers "know" all the number combinations that have been bought before the drawing, has anyone ever wondered if these are rigged NOT to select a winner for quite a few drawings? The reason would be that they only have to pay a fraction more to add to non-winning drawing, whereas if more drawings had a winners, they would have to pay much more than the fraction added. For this reason, it seems to me the ONLY fair way to have a lotto would be something like the pingpong balls being chosen rather than computers that know all our numbers. Any thoughts??? Anyone think THOSE are rigged not to have winners???

GrantDecember 1, 2012 10:22 PM

In Canada, and I assume elsewhere in the civilized World, Lotos have to be 100% random. Therefore there would not neccessarily be x number of winning tickets per batch. There would legally have to be a random number of winning tickets per batch. There would be a specific number of winners in the whole lottery, but any number could be in each batch. Theoretically if a store got 1000 tickets to sell every ticket could be a winner, or a loser.

Clive RobinsonDecember 2, 2012 2:34 AM

@ Grant,

In Canada, and I assume elsewhere in the civilized World, Lotos have to be 100% random

Err no for a couple of reassons, firstly define random and how you chose to measure it. Secondly because it also partly depends on the mechanics of the type of lotto game.

Therefore there would not neccessarily be x number of winning tickets per batch. There would legally have to be a random number of winning tickets per batch.

The solution to these problems is to generate your wining profile of tickets as a total set of winning and losing tickets sorted in an ordered way which is in size some multiple of the "batch" size. You would then make a series of subsets (batches) by picking every Nth value from the set and putting them in the first subset when that set is full you do the same but for the next set and so on.

So your starting set is

123456789ABCDEFG

Becomes 4 batches,

159D, 26AE, 37BF, 48CG

This in effects gives each batch a percentage of the winners (what you actually do to save time is instead of starting from the first position you start from a randomly selected start point).

Having got your batches you randomly reyorder the batch and then print the batch out as tickets.

So although the tickets are randomly sorted the prizes are spread evenly acrosss each batch and across the entire print run.

Nick PDecember 2, 2012 9:36 AM

@ Grant

The main reason lotto's won't be random is that people have to win (small amounts) consistently. It's the bait. A lotto nobody ever wins won't succeed much. Plus, regulations in some places require a specific percentage payout, which can't happen if truly random.

Clive mentioned one strategy they might use. That's mainly for scratch-off type lottos. Those like Powerball are easier b/c you just need to generate numbers within a certain range. To prevent bias, I think designers often map a set of random numbers to a statistical distribution to produce a set of numbers within range. I'd also whiten the entropy source as true random numbers often repeat.

badkarma1977December 3, 2012 7:18 AM

i don't know how people say that the people who work at places that sell scratch off's and get the ones that they have better odds at winning, or say people do find a way to know the winning tickets, i don't see how people say that is ripping other players off or the government because regardless every ticket get sold. you can't get to the winners without going through the losers.

BrendanMay 5, 2013 3:21 PM

Im a store clerk and i try to cash in on loosing streaks but i dont work 24/7 so i dont kno which ones have been loosing recently and im sick of loosing so i want to cheat...my method is easy to spot bc it sucks but no ones seen it yet. If you kno where the 4 digit code is under the scratch use ur nail to reveal the code then scan the barcode on the back of the ticket and the cash machine tells u if its good or not. People dont notice bc its a small scratch if u do it right.

fdpfgJune 15, 2013 2:32 AM

ive got the best lotto scam ever. 1st go to college,2nd earn a high degree,3rd land a very high paying job or start your own business and make boatloads of cash, 4th never ever play the lotto. Now you can scam the lotto out of the money you would have otherwise spent on those sorry games. Genius!

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..