Taking Down The House — Meet The Russian Casino Hacker Who Reverse-Engineered The Digital DNA Of Slot Machines To In Some Cases — Illegally Rake In Millions; And, A Re-Post Of “Humanity Hasn’t Got A Chance: The Perfect Bet”
Brendan Koerner had an interesting article on the August 5, 2017 online website, WIRED.com about a Russian cyber expert who is using his talent; and, knowledge of slot machine technology to steal millions of dollars. Mr. Koerner begins by noting that “Late last Autumn, a Russian mathematician named Alex, decided he’d had enough of running his eight-year old business. Though his St. Petersburg firm was thriving, he’d grown weary of dealing with payroll, hiring, and management headaches. He pined for the days when he could devote himself solely to tinkering with code, his primary passion. The time had come for an exit strategy,” Mr. Koerner wrote.
“But, Alex couldn’t just cash out as if he owned an ordinary start-up,” Mr. Koerner noted, “because his business operates in murky legal terrain. The venture is built on Alex’s talent for reverse engineering the algorithms — known as pseudorandom number generators, or PRNGs — that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likely to spit out money — insight that he shares with a legion of field agents who do the organization’s grunt work.”
“These agents roam casinos from Poland to Macau, to Peru, in search of slots whose PRNGs have been deciphered by Alex,” Mr. Koerner wrote. “They use phones to record video of a vulnerable machine in action, then transmit the footage to an office back in St. Petersburg. There, Alex and his assistants analyze the video to determine when the games’ odds will briefly tilt against the house. They then send timing data to a custom app on an agent’s phone; this [which] causes the phones to vibrate a split second before the agent should press the “Spin” button. By using these cues to beat slots in multiple casinos, a four-person team can earn more than $250K per week.”
Mr, Koerner writes that “Alex, who insists that his hacking doesn’t violate Russian law, fancies himself as a bit of a Robin Hood — a champion for the common man against an avaricious casino industry.” As Mr. Koerner notes, “Alex’s activities are considered illegal in several countries, including the United States; and in 2014, four of his agents were indicted on federal fraud charges, after sweeping through casinos in Missouri, Illinois, and California.”
“Determined to score one last payday before shutting down his enterprise,” Mr. Koerner wrote, “Alex reached out to Aristocrat Leisure, an Australian slot machine manufacturer whose vulnerable products have been his chief targets. In a November 2016 email to Tracey Elkerton, the company’s global head of regulatory and product compliance, he offered to direct his agents to “cancel their work on Aristocrat slots to stop compromising their your trademark,” as well as “help your developers eliminate all the design flaws,” “He did not mention the fee he expected to be paid for these services, though he did note that he wished to “extract maximum money from my developments.” Not surprisingly, Alex threatened to make things much worse for Aristocrat if they did not follow up on his offer. I refer you to Mr. Koermer’s article for additional details. Ms. Elkerton was coy in her response and suggested a face-to-face meeting in the U.S. to hash out additional details. But, Alex knew that meeting in the U.S. was a probable trap, since he was wanted by federal authorities related to his prior criminal activities in Missouri, Illinois, and California. “Frustrated by what he perceived as stalling on Aristocrat’s part,” Mr. Koermer wrote, Alex “decided to make Elkerton aware of just how much havoc he could wreak on her employer.”
Mr. Koermer was able to establish a dialogue with Alex back in February of this year, after exchanging enough personal information that allowed Mr. Koermer to verify he was indeed ‘talking’ with Alex. Mr. Koermer writes that “there is still several aspects of Alex’s story that could not be confirmed,” such as his formal/professional education. Alex told Mr. Koermer that he studied math and computer programming at a top Russian university; and then, spent two years at the Russian Federal Security Services (FSB) Academy, which is the top Russian intelligence university, or ‘spook school,’ for the country’s spies. Alex also “claims he was once employed at a St. Petersburg military university that specializes in teaching cryptography, and hardware hacking,” or offensive cyber operations Mr. Koermer wrote.
“Alex’s life-changing introduction to slots came about a decade ago,” Mr. Koermer notes, “while he was working as a freelance hacker. A Russian casino hired him to learn how to tweak machines manufactured by Novomatic, an Austrian company, so that their odds would favor the house more than usual: The machine had been programmed to pay out 90 percent of the money it took in, a figure Alex’s client wanted him to take down to 50 percent.”
“In the course of reverse engineering Novomatic’s software,” Mr. Koermer wrote, “Alex encountered his first PRNG. He was instantly fascinated by the elegance of this sort of algorithm, which is designed to spew forth an endless series of results that appear impossible to forecast,” Mr. Koermer added. “It does this by taking an initial number, known [referred to] as a seed; and then [mashes] mashing it together with various hidden and shifting inputs — the time from which a machine’s internal clock, for example. Writing such algorithms requires tremendous mathematical skill, since they are supposed to produce an output that defies human comprehension; ideally a PRNG should approximate the utter unpredictability of radioactive decay.”
“After wrapping up the casino gig, Alex spent six months teaching himself everything he could about PRNGs — in part because he admired their beauty; but also because he knew that such expertise could prove profitable,” Mr. Koermer wrote. “I mastered it to the point where I can develop such algorithms myself, on a level I have yet to see in a gambling machine,” Alex told Mr. Koermer. “It’s in my bloodstream now. I feel the numbers; I know how they move.”
“In 2008,” Mr. Koermer notes, “Alex unleashed his newfound mastery on the gambling world, hiring a small group of employees to “milk Novomatic [slot] machines throughout eastern Europe. (By 2011, Novomatic became the first slots manufacturer to warn its customers that some of its PRNGs had been compromised.) After Russia largely outlawed its casino industry in 2009, resulting in a massive sell-off of gaming equipment, Alex was able to get his hands on an Aristocrat Mark IV slot machine cabinet.” Alex then proceeded to “reverse engineer the PRNGs for numerous Mark IV games; and, the popular machine — more than 100,000 are still on casino floors worldwide — soon became his burgeoning organization’s favorite prey: In the 2014 case in Missouri, for example, every count in the [federal] indictment relates to the bilking of a Mark IV.”
“Alex recruits his field agents online, and meets few of them in person,” Mr. Koermer wrote, “ensuring they won’t be able to revea too much about his operation — if they’re ever caught and interrogated. He pays little attention to the applicants’ education or professional backgrounds, since the job requires minimal know-how: The entire training regimen takes just two hours, during which prospective agents are taught how to use the customized phone app that prompts them when to hit a machine’s Spin button.”
“What Alex values most in his employees is discretion,” Mr. Koermer wrote. “He looks for people he says, “understand the importance of covertness in their actions and general behavior,” and “who look respectable enough not to cause unnecessary suspicion.” “Before they embark on their first assignment,” Mr. Koermer notes, “new agents are offered the chance to purchase an “insurance policy;” In exchange for taking a bigger cut of the agent’s winnings, the organization will provide legal assistance and financial aid to the agent’s family — in case of arrest.”
“Those arrests have been rare,” Mr. Koermer notes, “since milking the system isn’t technically illegal in many jurisdictions. When [Alex’s] agents have been caught by casino security guards, they’re usually just stripped of their winnings, and banned from the premises. But, Alex has weathered a few notable legal setbacks, which has resulted in some of his secrets [trade-craft] spilling forth.”
I refer you to Mr. Koermer’s WIRED.com article for the remainder of this most interesting article, which goes on to explain in additional detail Alex’s operation and interaction with Aristocrat Leisure. As noted cyber security guru Bruce Schneier noted on his blog page, he wasn’t sure how much of what Alex claimed was “really true;” and, emphasized that “the sad part is, slot machine vulnerability is so easy to fix.” “Although the article says that ‘writing such algorithms requires tremendous mathematical skill,’ it’s really only true that designing the algorithms requires that skill,” Mr. Schneier explains. “Using any of secure encryption algorithm, or harsh function as a PRNG is trivially easy. And, there’s no reason why the system can’t be designed with a real RNG. There is some randomness in the system somewhere; and, it can be added to the mix as well,” he noted. “The programmers can use a well-designed algorithm like my [Mr. Schneier’s] own Fortuna [no relation to my blog]; but, even something less well-thought-out is likely to foil this attack,” he contends.
Two things we all understand well come to mind: If there is a way around or into a network, someone will find it; and, exploit for their own purposes or gain. And two, often even rudimentary best cyber hygiene practices is enough to deter would-be digital malcontents, or send them in search of other more vulnerable/careless potential victims. And then…….there’s this. I apologize in advance for the different font below; but, I did not want to rewrite the entire article. This is an article that I wrote and posted to my blog last year (2016).
Humanity Hasn’t Got A Chance: The Perfect Bet: Book Review By Thomas Bass
…”Lady luck has left the house. Computers are beating us at our own game. From quiz shows, to foreign-exchange trading, from poker to arbitrage, artificial intelligence is winning.”…
Thomas Bass had a review of Adam Kucharski’s new book, “The Perfect Bet: How Science And Math Are Taking The Luck Out Of Gambling,” in the March 8, 2016 edition of The Wall Street Journal. Mr. Bass describes Mr. Kucharski as “a young Ph.D. from the University of Cambridge, who specializes in the mathematical modeling of infectious diseases.” Mr. Bass is a Professor at SUNY Albany; and, the author of “The Predictors: How A Band Of Maverick Physicists Used Chaos Theory To Trade Their Way To Fortune On Wall Street,” — and, he would seem ideally suited to review Mr. Bass’s enlightening work.
Mr. Bass begins: “Lady luck has left the house. Computers are beating us at our own game. From quiz shows, to foreign-exchange trading, from poker to arbitrage, artificial intelligence is winning.”
“The story,” Mr. Bass writes, “begins 500 years ago, when Gerolamo Cardano leapt up at a card game in Venice to stab a cheating opponent. Wondering if there might be a less bloody defense against card sharps, Cardano began mathematically analyzing games of chance, and working out the laws of probability. Thus commenced the long tradition of gamblers as godfathers to statistics, chaos theory, artificial intelligence, and scientific systems [algorithms and big data mining] for predicting world financial markets.”
Mr. Bass says that “The Perfect Bet,” “provides an elegant, and amusing account of the history of betting, and mankind’s attempt to sway the odds. Mr. Bass adds that Mr. Kucharski “interviewed key figures in recent schemes, and does a good job of describing in general terms — how they work. Anyone planning on entering a casino, or place an online bet — would be advised to keep this book handy.”
Mr. Bass notes that he [himself] makes an appearance in Mr. Kucharski’s book, “featured in his narrative is the work of Eudaemonic Enterprises, a scientific commune in Santa Cruz, CA., that built one-toe operated computers into shoes; and, beat the game of roulette in the late 1970s’. Proceeds from this venture,” Mr. Bass writes, “went into a communal pot, known as the Eudaemonic Pie, which was the title of the 1985 book, about my alternating roles as Eudaemonic scribe, and high-stakes bettor. Mr. Kucharski describes a successful computer-aided attack on London’s Ritz casino, in 2004, and recent work by Doyne Farmer, Norman Packard, and other Eudaemonons on building models for market prediction.”
“Science and gambling are intertwined,” Mr. Kucharski says, with wagers being “windows into the world of chance.” “Statisticians are getting good at predicting sports scores,” Mr. Bass writes. “Intelligent algorithms can beat human poker players. Lottery games have been picked off, by brute force attacks (buying up large combinations of numbers). Using customized computer models, Bill Benter, an American gambler, who moved from card counting to horses, has gained an edge in betting at race tracks in Hong Kong and elsewhere. Sports betting pools are now being designed for pension funds. Mr. Kucharski quotes a financial planner saying that gambling is “the missing asset class.”
“Many of these strategies,” Mr. Bass notes, “rely on teams of players or syndicates. There is also a move to cut out the middle-man. Online exchanges such as Betfair, are handling millions of bets a day. Betfair’s founder, Andrew Black, launched his site in 2000, with a mock funeral procession through London’s financial district, which included,” Mr. Kucharski says, “a coffin announcing the ‘death of the bookmaker.”
“In a chapter titled, “Rise Of The Robots,” Mr. Kucharski “talks about automated strategies for arbitrage, a practice he dates from 1844, when Samuel Morse sent his first telegram message up the line from Washington to Baltimore. Once cables had been stretched around the world, it was possible to buy pork bellies in Chicago, and sell them in Beijing, and vice versa. Since then, we have witnessed the rise of automated gamblers, artificial arbitragers, and algorithmic trading that depends on lightening-fast execution, measured in milliseconds.”
“Here, Doyne Farmer enters the picture again,” Mr. Bass writes. “After beating roulette, [Mr. Farmer] and Norman Packard founded a statistical-arbitrage operation called The Prediction Company that successfully applied nonlinear dynamics to the movement of futures, currency, and other financial markets. If one thinks of [stock] markets, not as a static set of rules; but, as evolving ecosystems, one can imagine how biology and finance might eventually unite in a grand unified model. Mr. Farmer, who is currently a researcher at Oxford, speculates in “The Perfect Bet” that smart machines might eventually get too smart, creating a future where “humans are unable to participate inn real time; and instead, an ultra fast ecology of robots rises up to take control.”
“Along with finance, Mr. Kucharski takes us through the world of poker, where bots now infest online, high-stakes tables,” Mr.Bass writes. “Checkers and chess have fallen to computers, and the programs keep getting stronger — with the addition of artificial intelligence, particularly in areas known as “opponent modeling,” aka knowing when to bluff. In 2011, and IBM computer, Watson, beat the game show “Jeopardy!” “Watson has since become key to IBM’s strategy to profit from “cognitive computing,” and a new manager for Watson has just been brought in from the Weather Co. (Weather, with its complex systems and big data, is another fruitful area for developing predictive systems.) “Machines take me by surprise with great frequency,” said mathematician Alan Turning, who’s pioneering work at the onset of WWII helped the West decode the German Enigma machine — greatly aiding the allied war effort and ultimately saving countless lives. “With computer programs competing against one another at 2,000 games per second, no wonder our machines are getting smart. We design them to surpass us…….and, they do,” Mr. Bass profoundly observes.
“Mr. Kucharski ends with a discussion of whether poker is a game of skill, or chance,” Mr. Bass writes. “This is a practical, as well as a theoretical issue, since laws governing Internet gambling are different from those covering games of “skill,” such as stock trading, or horse racing. A U.S. court ruled in 2012 that poker is a game of skill, which means it does not count as gambling under federal law. ” “The line between luck and skill — and between gambling and investing — is rarely as clear as we think,” Mr. Kucharski says. “Now that the bots are combining mathematics, physics, and psychology, let the games begin,” Mr. Bass writes. “Or should I say,” he ends, “with perfect bets and winning strategies played by super-fast computers — the games are over.?”
Big data mining, and sophisticated algorithmic programs can help us ferret out and discover a terrorist operational cell, to how to treat cancer, to yes, managing our portfolio. This technology holds tremendous promise, and may well lead o Ray Kurzweil’s Singularity prediction — where man and computer eventually merge into one — and, we become……immortal. But, as with any technological leap, this same kind of technology can, and no doubt will be used by the darker angels of our nature in a malicious and homicidal manner. I wouldn’t bet the house that the good guys win. But, it is a race we must not lose.
With respect to managing one’s portfolio and investing, there are already firms on Wall Street that ‘manages’ their clients investments — 100 percent by computer. It will be interesting o see how these firms stack up against their human counterparts at the end of this year. This kind of investing is still in the nascent stage; but, money will follow performance. And, how will the computer do? Better, or worse? Wanna bet? Let the games begin. V/R, RCP