Insider Attack on Lottery Software

Eddie Tipton, a programmer for the Multi-State Lottery Association, secretly installed software that allowed him to predict jackpots.

What's surprising to me is how many lotteries don't use real random number generators. What happened to picking golf balls out of wind-blown steel cages on television?

Posted on August 22, 2017 at 6:40 AM • 29 Comments

Comments

ScottAugust 22, 2017 8:37 AM

Golf Balls in wind blown cage. That would be a serious wind. Ping Pong balls more likely?

AnuraAugust 22, 2017 8:41 AM

For something like this, it's probably best to take data that is sufficiently unpredictable, but is published regularly from independent sources to use as a verifiable source of random data. For example, feed stock tickers, flight tracking and weather data from all over the country into an RNG in a manner that can be verified by a third party.

MichaelAugust 22, 2017 9:25 AM

25 YEARS!!! Rapists and murderers get less time! The scale of this crime is nothing compared to that of the bankers who caused the GFC, who still get to go home to their families every night in their Porches and Maseratis...

Anonymous CowAugust 22, 2017 9:43 AM

I remember that story. Eddie Tipton was more than a programmer, news reports had him as the security director for the Multi-State Lottery Association. At the time the story broke, the authorities released surveillance video showing him buying lottery tickets at a convenience store. What surprised me was that the surveillance footage had audio. Before that I didn't expect private conversations near a cash register to be susceptible to being picked up and recorded in security recordings.

MikeAAugust 22, 2017 9:54 AM

@Anura -- This is the "Numbers Racket", based on e.g. published wager info from horse tracks. IIRC, this was allegedly "hacked" back in the day to favor a "random" number expected to have heavy emotionally-based betting in particular neighborhoods, and thus bankrupt a rival gang who operated mainly in those areas. A state-sanctioned lottery would not be so vulnerable, as they use pari-mutuel payouts, limiting exposure to such betting storms. OTOH, they _can_ use pari-mutuel because of their special status as trusted, incorruptible entities...

BobAugust 22, 2017 11:35 AM

My argument is you could probably write some software 'not connected' to the system and do okay. They have patterns within nearest neighbor thresholds quite often (from win to win). Since the numbers are ordered, exposes these fuzzy patterns. It looks worse than a bad PRNG implementation. They probably added code to minimize repeats, and that is where you screw up in the code.

"The depth of his deceit is dumbfounding," Assistant Iowa Attorney General Rob Sand

Because that never crosses a govt worker's mind at all. National lottery probably funds half of the government. You could kill the lotteries and effectively shut down our e-bond system.

wumpusAugust 22, 2017 12:15 PM

This sounds like the "voting machine problem" where a few engineers can quickly converge on the obvious solution (a voting machine that spits out a human & machine readable ballot) while legislators will prefer a solution provided by a donor without caring about the issues.

The biggest issue I can think of is the "big heist problem". As of today, a powerball jackpot will award $443 million dollars. While even standard accounting/checking methods failed to stop this gang (likely any company hired to run the lottery is completely corrupt), unless you can completely prevent an attack *every* time lottery numbers are chosen (at least for powerball-level jackpots) it is likely worth an attack that only exposes the criminals after they are safely in Brazil. - Note: While I doubt that many people sufficiently numerate follow lotto, I think that powerball never got this large while Tipton's gang was controlling the numbers...

So the issues for such a random number generate are pretty severe:

Modification of numbers should be futile. Sending the numbers into a secure hash should solve this issue, but have fun explaining this to those in control. Note that making the hash well beyond Bruce's "x wide with y rounds" unbreakable crypto would be completely reasonable for such a scheme (presumably starting with a SHA1024 hash). Don't forget to make sure that hash is audited multiple times between generation and publication.

Allowing the public access to the hash changes everything, I suspect even the most brazen criminals wouldn't be certain they've anonymously cried wolf enough times to get away with using pregenerated data.

The problem with the public option is the "chain of custody" problem. You have a limited window of publicly available data, all which should have far higher security than can be expected. I suspect that the size of the publicly available data will be a lot smaller than readers of this site would expect, probably only closing Dow Jones data and major league final scores in a narrow window of time between the end of ticket sales and the announcing the winners. Ideally it should be >> 40 bits, but I don't expect any real solution that will be available in a national emergency.

In practice, the real security will come from "each auditor provides a >>40 bit string of random data and verifies the hash of all auditor supplied data. While this data certainly must be public, I'm not including it in what I call "publicly available data": that should be things that no specific cabal can gain sufficient control. Without the public option, this provides full security if only one auditor is trustworthy. With the public option, it keeps working as long as the publicly available data is sufficiently random and available *AND* the public agrees with the lottery agency (see election trust problem) *OR* a single auditor is trustworthy (presumably the lottery agency will always believe the auditors)

This system assumes that even if our auditors formed a cabal and secretly passed the numbers around ahead of time they, it still wouldn't be worth maintaining the cabal until some event allowed them to ignore the public data. Judging by how long it took to catch Tipton (and crew) this might not be sufficient and a robust public option would be needed (although I originally assumed that subverting all auditors would be difficult then I remembered Arthur Anderson and Co and just how much their "trust" is worth).

I'm guessing that the publicly available data would have to be defined as sources of data likely to be as available as the lottery data itself (and presumably no winning data would be available until both it and some percentage of the input data was available). This would at least take care of the "cheating is easy without publicly available input".

While the multiple auditors may appear redundant in this situation, I still think they are valuable in that if any auditor decided that collaborating with other auditors and buying tickets in advance in hopes that they can subvert the public data is simply not worth it, they will drop out of any conspiracy and produce completely random data. It shouldn't be difficult to set the randomness and availability of public data such that the auditors are supply physically produced crypto-hard random data. I have my doubts on the hardness of reliable public data (although the hash of digitally available evening TV news would be an ideal source of completely random data. No idea if any are streaming over the internet, nor how resistant to emergencies they really are). No idea what the risk/reward needed to keep the guys from Arthur Anderson who certified Enron's accounting to keep sending crypto-hard numbers is, but that is the key to this system. Good luck explaining to lottery officials and state legislators that you need to hold up a week's worth of lottery money because of internet issues. That money will be demanded even after an EMP blast destroys all computers in the state (although how you would verify the ticket or pay it out is beyond me).

* I'm guessing that Tipton and crew came from the gambling industry. That industry presumably has systems in place to avoid cheating the house, but I suspect that cheating the players isn't remotely as well guarded (keeping insiders off the floor is primarily keeping them from the house's money). Since the lotto payout money is fixed, the "house" didn't care who won, and Tipton's crew took advantage of that.

** I had to rewrite this whole thing once I realized that it was quite possible for the public to check the auditors hashes. That changes everything and answers the "who watches the watchmen" problem. Considering that Enron was hardly the only company allowed to cook their books (and that the SEC is only slowly getting companies back on GAAP), this is pretty critical to securing any such system.

BobAugust 22, 2017 12:47 PM

@wumpus
Did you drink a Red Bull? Great essay. B+

I think it is probably simple, devious, and catching him with an expert audit was necessary. It could happen again unless they do some gatekeeping.

He obviously had access to the code. Given he had the code, and developed a prediction system, only required the time seed/entropy to be written out to a file he could grab real quick. Sort of like the RSA /dev/random attack. That would require not much in the way of code. It almost doesn't matter that the product looks like an 80's generator. The most complicated part of the code is accessing and analyzing the win database, and delivering the product. He skipped all of that and went for the head.

That is what I would do. At most, he would have to get in the way of some file hash on the app itself before running numbers. Grabbing the seeds, would he have the time to run the numbers and buy tickets without a built-in predictor on the running system? Why not? What's the time lag there? At most 24-hours but probably down to a one hour lock in. He could grab the seeds, run the predictor on a laptop, and make some phone calls during his lunch break. That quick.

pegrAugust 22, 2017 1:15 PM

I ran into a great fraud opportunity doing a lotto gig.

The scratch-off tickets are designed to have so many winners at so many values before they are even shipped to the lottery. All you need as an insider is a list of winners and where they were shipped. I laid it all out for the senior auditors, who did absolutely nothing with it.

In May of 2004, the lottery was hit with this exact fraud for a two million dollar ticket. Yes, the same lottery I helped audit.

I was young, but not qualified. Apparently, I was the only person NOT an idiot on that team.

Mall MosquitoAugust 22, 2017 1:50 PM

"Multi-state lottery association"

That is by definition "federal," but not in accordance with the United States Constitution, which forbids such agreements, associations, or treaties among the several states without the consent of the Congress of the United States.

What they are doing is illegal and criminal to begin with.

So you really think some non-U.S. federal association of states is going to run a lottery honestly? They prey on poor, ignorant, and hopeless minorities, selling a ticket for a chance to dream, but denying even the very possibility of that dream.

Of course they aren't going to roll balls in a cage on TV. That would deprive them of their ill-gotten gains.

QnJ1Y2UAugust 22, 2017 3:42 PM

What happened to picking golf balls out of wind-blown steel cages on television?

Looks like they don't use that for every drawing - the association's Wikipedia page lists a bunch of smaller games.

That page also describes a previous insider attack:

In December 2010, a jackpot-winning ticket for Hot Lotto jackpot was purchased near MUSL headquarters. However, the ticket was not claimed until just before the Iowa Lottery's one-year deadline. At that time, an attorney from New York state attempted to claim the jackpot on behalf of a Belize trust. The trust later decided not to pursue the claim, to avoid revealing the purchaser's identity.

QnJ1Y2UAugust 22, 2017 3:50 PM

Whoops - needed to read a bit more of the wikipedia page. The 2010 case is the one Bruce posted.

gAugust 22, 2017 4:22 PM

"Multi-state lottery association"

That is by definition "federal," but not in accordance with the United States Constitution, which forbids such agreements, associations, or treaties among the several states without the consent of the Congress of the United States.

Counterargument: Virginia v. Tennessee(1893), U.S. Steel Corporation v. Multistate Tax Commission (1978).
tl;dr: Interstate compacts are okay without Congressional consent as long as they do not encroach upon the federal government's authority.

Mall MosquitoAugust 22, 2017 4:57 PM

"tl;dr: Interstate compacts are okay without Congressional consent as long as they do not encroach upon the federal government's authority."

Nice. Now let's review the Constitution and Bill of Rights.

Article I. Section 10.

No State shall enter into any Treaty, Alliance, or Confederation; grant Letters of Marque and Reprisal; coin Money; emit Bills of Credit; make any Thing but gold and silver Coin a Tender in Payment of Debts; pass any Bill of Attainder, ex post facto Law, or Law impairing the Obligation of Contracts, or grant any Title of Nobility.

No State shall, without the Consent of the Congress, lay any Imposts or Duties on Imports or Exports, except what may be absolutely necessary for executing it's inspection Laws: and the net Produce of all Duties and Imposts, laid by any State on Imports or Exports, shall be for the Use of the Treasury of the United States; and all such Laws shall be subject to the Revision and Controul of the Congress.

No State shall, without the Consent of Congress, lay any duty of Tonnage, keep Troops, or Ships of War in time of Peace, enter into any Agreement or Compact with another State, or with a foreign Power, or engage in War, unless actually invaded, or in such imminent Danger as will not admit of delay.

...

Amendment X

The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.

Did the judge read that right? Or was that judge blind and illiterate as usual?

Slime Mold with MustardAugust 22, 2017 8:23 PM

Re: Ping Pong Balls
In 1980, a lottery announcer in Pennsylvania repainted all the air-blown balls for the 'pick three' game, except "4" and "6" with heavy latex paint. He and co-conspirators were caught by forgetting 's Lenin's admonishment on the size of conspiracies and failure to compartmentalize.

genaAugust 22, 2017 11:55 PM

> What's surprising to me is how many lotteries don't use real random number generators

I'm surprised at how far a criminal can go with a half-baked plan. My assumption was that some sociopaths avoid getting caught because they're smart enough to stay hidden, or because they've subverted political processes to make what they're doing legal. In this case, the organization being exploited was incompetent enough that they didn't notice for a decade, even when he was openly building a giant house he shouldn't have been able to afford.

(It's fun to imagine the movie-plot threats, like people inserting backdoors into compilers or BIOSes in the 1990s and collecting 20 years later. Simple plots like this ruin my fun.)

But what's this part about: "Iowa won't pay jackpots without proof of who bought the ticket"? I've known lotteries as a cash business; how would a legitimate winner prove they bought the ticket? Are you expected to save your $1 convenience store receipt, which wouldn't have your name anyway?

tensorAugust 23, 2017 12:15 AM

" In this case, the organization being exploited was incompetent enough that they didn't notice for a decade, even when he was openly building a giant house he shouldn't have been able to afford."

Which may explain why he got brazenly greedy enough to purchase a ticket himself, instead of just socking all of the money away in offshore/Swiss accounts for an early retirement.

"Are you expected to save your $1 convenience store receipt, which wouldn't have your name anyway?"

You have to obtain the security-camera video and hope it's HD enough to prove it's (a) you, (b) buying (c) the ticket. (Be sure to narrate your transaction in a loud voice for the audio.) :-)

NancyAugust 23, 2017 7:27 AM

Such a sad story, 25 years is a long time. I was dating Eddie during this time and had no idea.

Professor ChaosAugust 23, 2017 6:48 PM

randomness in the real world (not inside a computer) is disappearing. human induced control mechanisms have reduced the amount of randomness one would normally experience.

MarkHAugust 24, 2017 12:46 PM

@Mall Mosquito:

In 1893, the Supreme Court of the United States interpreted the language of Article I Section 10 concerning any Agreement or Compact between states, as being "directed to the formation of any combination tending to the increase of political power in the states, which may encroach upon or interfere with the just supremacy of the United States."

This ruling found that "there are many matters upon which different states may agree that can in no respect concern the United States."

Accordingly, under Constitutional interpretation which has prevailed for the last 124 years, compacts between states concerning a host of practical and financial matters are not held to require the consent of the United States Congress.
_______________________________________

Commonwealth of Virginia v. State of Tennessee, 148 U.S. 503, 504

ProhiasAugust 25, 2017 8:44 AM

The judge authorized the sentence for Tipton to be of a duration not exceeding 25 years. Articles say he is likely to be sentenced for 5 years, with 3 or 4 years actually served, if he remains on good behavior. The sentencing system is a comparable scam to what Tipton engaged in. Not to mention the scam a government run lottery is in itself. So this was a scammer who scammed a scam and got a scam sentence.

vas pupAugust 25, 2017 12:08 PM

@all:
Could anybody provide clarification of the idea of setting up trust in the case of winning jackpot to protect your identity?

If foreigner being on tourist visa in the US bought the ticket and win jackpot can he claim the prize? If yes, what kind of taxation applied?

I am thinking that Eddie just did not know Ben's Franklin: "Three could keep secret when two are dead".
Moreover, he probably should target big jackpot ONCE with conspirator with no previous identifiable connections (electronic first) with him as relative, friend, girlfriend you name it (including social media) back several years ago. Then let that person win, take money (after taxes for sure), set up trust and buy nice property in the country with no extradiction agreement and let that person live there for couple years.
Then quit and relocate by himself to the same location, and hope that Ben's Franklin rule will not apply.

MarkHAugust 30, 2017 7:23 PM

@vas pup:

I don't have a well-informed answer. There seem to be more than 50 lotteries in the US alone.

However, from my reading, the rules of at least some major (potentially high-win) lotteries require public identification of the winner or winners.

In such cases, a trust wouldn't allow concealment of the winner's identity.

For someone hacking a lottery, the co-conspirator route offers the potential for concealment, but I suppose is very difficult to do in practice. How do you find someone with whom you (a) have no detectable relationship and (b) sufficient trust to rely that this person will carry out the plan in your favor?
___________________________________

As I understand it, the primary purpose of the winner identification rules is specifically to assure lottery bettors that the game is not "rigged."

Of course, it also helps the administrators to protect against insider hacking like that of Mr Tipton.
___________________________________

A joke about insider hacking of another kind of system ...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.