Slots are the golden geese of the gaming industry. They are the cash cows of every casino, responsible for more than 50% of all revenues in real-life establishments and close to 80% in the online sphere.
Their appeal lays in their simplicity. True games of chance that require little to no skill and offer massive payouts, thousands of times a player’s initial bet. Given that they are technology-dependent, it’s safe to assume that many have attempted to manipulate them and tip lady luck in their favor. Here are a few slot machines hack stories.
Slot machine outcomes are controlled by programs called pseudorandom number generators that produce baffling results by design. (A true random number generator must be rooted in a phenomenon. All slots at online casinos work using RNG or Random Number generator software. This is to ensure that the outcome is not fixed by software providers. The good news is that most trustworthy online casinos will have their RNG games audited by third parties such as eCogra to ensure that game outcomes are fair. An iPhone and a few well-timed button pushes by a mysterious patron was all that was needed to make a Missouri casino's slot machine pay out lots of cash. But this wasn't. A slot machine gang could try to hack the algorithm responsible for the intermittent, addictive reinforcement, by trying to predict when the machine is due to reinforce the player. This has little to do with the design of any underlying RNG in the slot machine h/w or s/w. As you know, the random number generator in the slot machine is continuously working even when the machine is not in play. So even though one patron feels cheated, their run-in ultimately led to pressing the spin button at that exact millisecond when the RNG was on the winning combination.
In early 2011, casinos throughout Europe reported incidents of Novomatic slots paying out improbable winnings. The company’s engineers launched an investigation but could not find any evidence that the machines in question had been tampered with. This led them to believe that someone had figured out a way to predict the slot’s behavior.
A security expert by the name of Darrin Hoke, an employee of the L’Auberge du Lac Casino Resort, in Louisiana, decided to do some investigating of his own. He was able to identify a 25-man operation. These field operatives were part of a larger group from St. Petersburg, Russia, and they scammed casinos from all around the globe.
After involvement by the FBI, Murat Bliev, one of the group’s main field operatives was spotted in Hollywood Casino in St. Louis, and he, and three others of his cohorts were arrested. They were brought up on fraud charges and eventually agreed to plea bargains. Each of the four got a sentence of two years in federal prison.
The success of this group was thanks to a Russian mathematician and programmer named Alex. He used his talents to reverse engineer the slot’s Random Number Generator algorithm. Because he knew how to predict the machine’s behavior, he passed along this insight onto his field agents who did all the leg work.
Armed with iPhones, the field agents recorded the slots in action. Then, they sent the footage back to St. Petersburg for analysis. Once Alex and his team back in Russia looked at the video, they could determine the wisest time to bet and spin the reels. They would send data to the field agents on a custom app, that would vibrate at a given time and tell them when to press “Spin”. This cue was most useful and would result in big wins.
If you’re wondering – can a slot machine be hacked with an android phone? Well, this Russian outfit only used their iPhones as a recording device, as one part of a multi-step process. So, they could have just as well used an android phone for filming.
It’s very difficult, if not impossible to hack real money online slots. The scam described above targeted older machines with more primitive random number generators. Today’s online casino games are practically hack-proof.
RNGs use mathematical algorithms to generate random numbers. This process initializes with a seed value. If someone can figure out what variable the algorithm uses as the seed value, in theory, they could figure out the pattern used to generate the numbers. But it’s very difficult to obtain this kind of information, due to high-end security measures. Even if someone has managed to figure out the seed value, casinos can simply re-adjust the RNG.
Nowadays, most online casinos use cryptographic RNGs, and these are very difficult to hack compared to normal ones.
In 2011, federal agents arrested one, Andre Nestor, and brought him up on 650 felony counts of theft, computer trespassing, criminal conspiracy, and many other charges. He was in cahoots with a certain John Kane of Las Vegas, as they stood trial for winning hundreds of thousands of dollars in fraudulent jackpots.
After devising the scheme in 2009 on how to hack slot machines in casinos around the US, Nestor brought roommate Kerry Verde onto the team. The trio went to work and cashed out winnings of close to $430,000 before getting caught.
According to authorities, these criminals had insight into a software glitch in one of the high-roller machines. For the glitch to be available, a special feature had to be internally activated. This was called a – double-up feature, and was the norm for players that like to bet big. Nestor convinced employees to activate it so he could play for large sums.
The feature allowed players to risk doubling their winnings or losing it all. However, when a player would push a specific sequence of buttons, the machine displayed a false jackpot. These jackpots weren’t recorded in the machine’s internal system and went unnoticed.
The trio’s enterprise came to a screeching halt when a gaming control board agent noticed the big payoffs and launched a formal investigation.
In 2018, officers of the Cybercrime Department of the General Directorate Combating Organized Crime (GDCOC) of Bulgaria neutralized an organized criminal group of four. The special operation took place in late March of that year.
The group used a slot machine hack device to gain access to slots in casinos throughout the country to manipulate the game’s outcome. The four became suspects after an investigation into a large theft at an unnamed Bulgarian casino.
The GDCOC soon after discovered and raided the group’s property and seized large sums of cash along with the devices used to perpetrate the crimes.
The four acted extremely conspiratorially and professionally. Each member had a specific role. One member’s job was to secure access to the machine. Another would step up to simulate playing the slot, while the others would remotely access the game and tamper with the outcome.
The person who created the device was among the four arrested and was brought up on specific charges for his clever invention.
In early July 2014, Lumiere Place accountants noticed that several slot machines from their casino had gone mad for a couple of days. The certified software gives casinos fixed edge so that casinos know how much they earn in a long run, let it be 7,129 cents for each dollar. But on June 2 and 3, several slot machines at Lumiere Place had paid much more than they had received, though no major jackpot had been awarded. In the gambling industry lingo, it is called negative hold. As the casino software is not affected by any fits of madness, the only explanation for that was cheating.
The casino security service checked their video archives and identified the reason, a black-haired middle-aged man in a polo with a square brown bag. Unlike other con men, he wasn't obviously cheating on their slot machines. He played only at old-fashioned models produced by the Australian Aristocrat Leisure manufacture. He was playing played, pushing the buttons, like in any other game, furtively holding his iPhone close to the slot’s screen.
He would leave the slot machine, then return back to it for another try and win the bank. The player would make a bet from $20 to $60 and win about $1300; after than make a cashout and go to another slot machine to repeat the whole pattern. He won about $21.000 in 2 days. The only suspicious thing about him was the way he would hold his index finger above the “Spin” button; the man would hold it above the button for long enough before finally pushing it. Common players don’t do anything like that.
On June 9, Lumiere Place shared what they had found out with the Missouri Gambling Comission, which issued a warning for the state. After that, several casinos discovered that they had been tricked the same way, though in particular cases there had been some other players. And, in every case, the players had been holding their phones in front of the slot machines' screens.
Having examined car rental records, Missouri authorities identified the player from Lumiere Place as Murat Bliev, a 37-year-old Russian citizen. Bliev returned back to Moscow on June 6 and was sent back to the USA by the criminal enterprise he was a member of, based in Saint-Petersburg and making a specialty of worldwide slot scamming, soon after his arrival. It was a serious mistake of the enterprise, quietly making money by cracking some of the most valued algorithms in the gambling industry, to send him back.
From Russia with Fraud
Russia has become a nest of criminals hacking slot machines since 2009, when gambling was virtually restricted in the country. Vladimir Putin believed this step would reduce the influence of Georgian criminal enterprises. Casinos had to sell all their slot machines with great discounts to any buyers they could find. Some of these slot machines were purchased by the perpetrators who wanted to know how to upload new games to old boards. Naturally, some of these slot machines were purchased but Murat Bliev’s bosses who wanted to find vulnerabilities in pokies’ source code.
In 2011, central and eastern Europe casinos registered a number of incidents when the pokies produced by the Austrian developer Novomatic paid unbelievably huge sums. Novomatic’s engineers couldn’t find any evidence of manipulations made to their pokies and decided that the perpetrators had found out the way to predict pokies’ behavior. ‘It is possible to detect some “patterns” in the game outcome by focused and prolonged observation of particular games’, reported the company to its clients in February 2011.
Such tracing is expensive. The game outcomes are generated by pseudorandom number generators which are designed to give unpredictable results. Government regulators certify all algorithms before they are implemented in casinos.
But the name contains this word “pseudo” which means that generated numbers are not truly random. They are created with code instructions so they are a bit deterministic. Input data depends on the current slot state. Input data may vary in different periods of time because it comes from the internal clock. It means, that if hackers know how the pseudorandom number generators work, they have to analyze how the slot works before they can find out the patterns. It takes time and computer power so it is impossible to do in a casino as it will attract securities’ attention.
Lumiere Place case showed that Murat Bliev and his companions had found the way to overcome this obstacle. Darin Hoke, who was the head of surveillance at L’Auberge du Lac Casino Resort in Lake Charles, Louisiana, carried out his own investigation. Having talked to his colleagues who had reported unusual pokies’ behavior, and examined photos taken by surveillance cameras, he identified 25 possible perpetrators who had been working in casinos around the world, from California to Romania and Macau. Hoke checked out hotel records and found out that 2 of Bliev’s companions from Saint Louis had stayed in the USA and had been heading to the Pechanga Resort & Casino in Temecula, California.
On July 14, 2014, California Department of Justice agents apprehended one of them at Pechanga and confiscated 4 mobile phones and $6.000 in cash. This Russian citizen wasn’t charged; his current location is unknown.
The mobile phone from Pechanga together with investigation results from Missouri and Europe revealed some key details of the case. According to Willy Allison, a security consultant from Las Vegas who has been tracking the group of Russian hackers for several years, the perpetrators use their phones to record several dozens of spins at the game they want to hack. They upload the video to technicians from Saint-Petersburg, who analyze and identify the patters of slot machines. Finally, the team from Saint-Petersburg sends a list of temporary markers to specially developed mobile application installed on the perpetrator’s mobile phone. The markers make the phone vibrate in a quarter of second before the moment when he should press the “spin” button.
‘The reaction speed of a human being is about a quarter of second, that’s why they use these settings’, says Allison, the founder of the annual game protection conference. The temporary markers don’t always work as expected but still they let the hackers to win much more than normally. Some perpetrators can win more than $10.000 per day but they try not to cashout more than $1.000 from a single slot machine not to attract attention. A team of 4 men, working in different casinos, can earn up to $250.000 per week.
Reusable Business
Since there are no slot machines in Murat Bliev’s home country, he didn’t stay in Russia for a long time after returning back from St. Louis. He visited the USA for 2 times during 2014; his second visit started on December 3. He headed from the airport straight to St. Charles, where he met 3 other men trained to win at Mark VI Aristocrat slot machines: Ivan Gudalov, Igor Larenov, and Yevgeniy Nazarov. They planned to spend the next days “attacking” various casinos in Missouri and western Illinois.
It was a mistake for Bliev to come back. On December 10, as he was spotted in Hollywood Casino in St. Louis, the four perpetrators were arrested. As Bliev and his companions had worked in several states, they were accused of fraud. The formal charges became the first serious challenge for the team from Saint-Petersburg. It was the first time when one of their members faced prosecution.
Bliev, Gudanov, and Lavrenov, Russian citizens, confessed to the crime and were sentenced to 2 years in prison with the following deportation. Nazarov, a citizen of the Republic of Kazakhstan, granted religious asylum in the USA in 2013, is still waiting for his sentence, which means he is cooperating with the government. Aristocrat representatives states that one of four defendants hasn’t been sentenced yet as he continues to assist the FBI with the investigation.
The information provided by Nazarov may be hopelessly outdated. Two years has passed since the arrest date so the team from Saint-Petersburg has become more cautious. Some of their tricks were discovered during the previous year, when Singaporean authorities arrested and prosecuted a group of hackers. Radoslav Skubnik, a Czech citizen and a member of the team, disclosed some details of the financial structure of the criminal enterprise (90% of total income goes to Saint-Petersburg) and their tactics. ‘They put a mobile phone in a vest pocket, mask it with a net, not to hold it in their hands’, says Alisson. Darrin Hoke says he received a message saying that they send the videos via Skype so they don’t have to leave pokies to send the videos.
It appears, that the criminals were prosecuted only in 2 cases, in Missouri and Singapore, and there are more known cases when they were caught and kicked off particular casinos. The team from Saint-Petersburg continues to operate. In the past 3 month, 3 casinos in Peru reported they had been cheated by Russian gamblers playing at old Novomatic Coolfire slot machines.
It seems that the enterprise from Saint-Petersburg will continue to flourish. There is no simple way to change the slot machines. Hoke says Aristocrat, Novomatic and other manufactures whose slot machines have been hacked would have to recall and change them with something else but they will never do that. Aristocrat reported there were no flaws in their slot machines and those machines had been designed and certified with full accordance to the strict technical standards. In the same time, many casinos can’t afford buying updated slot machines protected from hackers. While old hackable slot machines are still in use and popular among the clients, it will be more profitable for casinos to use them accepting occasional losses caused by hackers.
Thus, casino security service has no choice but to keep an eye on the indirect signs of fraud. A finger hovering above the “spin” button may appear the only sign to tell that hackers from Saint-Petersburg are about to win again.