Man May be Sent to Prison for Exploiting Firmware Bug in Poker Machine
May 2, 2013 11:48 AM
comment(s) - last by
Casino tends player was "hacking" by pressing a clever combination of buttons
In 2009, Las Vegas local John Kane scored the dream of many gamblers, winning five large jackpots on slot machines in an hour worth around $8,200 USD a piece at the
Silverton Casino Lodge
. Now he's in danger of going to federal prison -- all for pressing buttons on a slot machine in a fashion he figured out would exploit a flaw in the machine's logic.
The case against Mr. Kane and co-defendant Andre Nestor (who helped Mr. Kane figure out the exploit) is being heard in
U.S. District Court for the District of Nevada
Federal Judge Miranda Du
. Prosecutors, backed by Silverton Casino and the slot machine manufacturer International Game Technology (
), are looking to not only deny the man his jackpot, but also charge him and his friend for violating the ambiguously worded Computer Fraud and Abuse Act of 1986 (
18 USC § 1030
Sentences for various for-profit "hacking" violations carry sentences of up to five years under the act, as
Goatse Sec. hacker Andrew "weev" Auernheimer
painfully found out.
Andrew Leavitt, a veteran LV lawyer representing Mr. Kane, calls the accusation ridiculous, saying his client was playing by the rules of the machine and was not responsible for the manufacturer's programming errors. He tells
in an interview, "I’m not exaggerating or embellishing. … In one year he played 12 million dollars worth of video poker. It’s an addiction. He accidentally hit a button too soon, and presto. It was a fluke. There was no research… Just playing."
He admits that his client, along with Mr. Nestor (who played primarily in Penn. casinos) then exploited the bug at the Fremont, the Golden Nugget, the Orleans, the Texas Station, Harrah’s, the Rio, the Wynn, and the Silverton, but contends he did not "hack" and did nothing wrong.
The pair used their trick on the Game King multi-game machine. [Image Source: IGT]
Even Las Vegas' Gaming Control Board chief inspector Jim Barbaree calls the exploit an "extreme rarity", saying most "cheaters" use mechanical tricks or other physical attacks like shocking the machine to try to earn illicit playouts. By contrast Mr. Kane was playing the game, but had found an error of the game within its rules.
Mr. Nestor commented on the charges previously, "I’m being arrested federally for winning on a slot machine. It’s just like if someone taught you how to count cards, which we all know is not illegal. You know. Someone told me that there are machines that had programming that gave a player an advantage over the house. And that’s all there is to it.… Who would not win as much money as they could on a machine that says, ‘Jackpot’? That’s the whole idea!"
Andre Nestor faces years in prison for winning a slot machine. [Image Source: Wired]
The key to the case is an ambiguous phrase "exceeds authorized access". That catch all phrase is used by companies to try to send whoever they dislike to prison by accusing the target of using their machine/software in a way they didn't approve of. In some cases such "violations" have resulted in prison time, in others the suspects have been found innocent.
The CFAA is under reform, after RSS-coauthor and internet activist Aaron Schwartz
questionable CFAA charges
thought to be partially to blame.
Rep. Zoe Lofgren
Sen. Ron Wyden
(D-Oreg.) have sponsored a bill called "
", however it has yet to pass and be signed into law.
U.S. District Court for the District of Nevada via Wired [PDF]
This article is over a month old, voting and posting comments is disabled
5/3/2013 11:06:14 AM
By that logic, someone who break into a house through a window that was left open and steals the TV is not a thief.
While I can admit that the initial discovery of that exploit wouldn't be criminal, as he wasn't necessarily seeking out a weakness in the machine, the fact that exploited it over and over again, claiming money he did not win in the initial wager, is proof of intent and criminal action. It doesn't matter what input was used, he used an exploit to intentionally claim money that he did not properly win. That's theft. This does need to be prosecuted.
5/3/2013 1:28:12 PM
No, it is not theft and I'll explain to you why.
1. The machine doesn't have stated in the rules: You are not permitted to press buttons in x sequence. Pressing them in such a way would be breaking the rules, thus, you aren't allowed to do it.
2. The machine did not have code in place to prevent this sequence from dispensing money. It did nothing to prevent the button presses from allowing that to happen.
#2 above illustrates Casino risk. Wait, what? Well, think about it. When you go to a Casino, you pay them money to take a risk at making money in return. You accept that you have odds of some number in winning but in return, you have odds of losing your money--and typically your odds of losing money are far greater than winning. On the other side of the fence, the Casino shares in those odds with you. They accept that they have higher odds of winning and should those odds tilt against them in the gamblers favor, they should pay out.
Casinos go to great lengths to mitigate their risks. I happen to know people who have written software for Casino machines. They've told me lots of stories about how the machines are optimized in certain ways to maximize positive cash flow for the Casino. The Casinos do things like putting machines with better odds of small payouts in the front row and the machines with the best odds of large payouts in the back (but have very poor odds of frequent, small payouts). The reason being is if people walk in and see patrons winning, they'll be more inclined to play.
Casinos game the system. Don't ever walk into one and think they don't. They're gaming you from the minute you set foot on the premesis. They do everything in their power to entice you to spend money and will utilize every legal trick in the book to keep you spending that money from the illusion of possibly being able to win all the way down to buying you free drinks (to get you drunk) to giving you free rooms (to keep you spending money). They even employ people to play versus others to keep the illusion strong.
They also contract with machine manufacturers who work with them to help them remain profitable. When a Casino purchases something, be it a billards table or a slot machine, they assume risk with that purchase. They might be told by the manufacturer that the odds are X and they can change them with the press of a button--but they assume the burden of payout should the risk not tilt in their favor.
Why should you, the patron, assume all the risk? Casino bets are a two sided transaction, not a one sided one. Just because you figure out a way to win (say by counting cards which is NOT illegal), it doesn't mean you are breaking the law or shouldn't be paid... provided you work within the rules of the game and don't use 3rd party devices or equipment to cheat the system.
No, what the man did is not criminal. He found a way to work within the system provided. He should not be prosecuted.
The only grievance here exists between the Casino and the machine manufacturer. Nobody else. The Casino perhaps could sue the manufacturer for faulty equipment and misrepresentation. Nothing more.
About the ONLY thing the Casino can do to the patron who is winning is... kick them out. That's all. Not anything else. Playing within the posted rules is not criminal, no matter if they figured out how to win or not.
Lets say a patron walks into a rigged casino that has a roulette wheel biased not only to black but say the number 42. The number 42 wins more often than not on black--and say the patron discovers this. Lets say they figure out a mathematical sequence the casino is using and bet always at the right time. They exploit the casino's system. They then proceed to win thousands of dollars. Is that criminal? Should they be incarcerated? Did they break the law?
No. Risk is two-sided in Casinos. Never forget that.
5/4/2013 10:45:53 AM
No your logic is wrong. You don't invite someone to come to your home to take your stuff. However the casinos do invite you to try and win which this guy did. The problem is the casinos for buying machines with buggy software. (which by the way may have been done on purpose by some programmer who actually exploits it from time to time themself)
Do they really expect people to report these things to them?
Player: Excuse me I just won a millions bucks but I want to make sure your machine didn't make a mistake.
Casino: Yep its a mistake sorry no money for you.
The Casinos needs to take it up with the manufacturer of the machine and not try to throw someone in jail that has lost way more than they have ever won. If his lawyer is telling the truth this guy is still WAYYYYYYY in the hole to the Casino so what are they bitching about?
"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson
Goatse Security iPad Hacker Gets 41 Months for "Doing Arithmetic"
March 18, 2013, 11:06 PM
House Committee Questions Aaron Swartz Charges in Letter to DOJ
January 29, 2013, 5:08 PM
Anonymous Declares War on the U.S. Government Following Aaron Swartz' Suicide
January 26, 2013, 1:43 PM
Chromebooks Expected to See Sales Grow 26 Percent to 7.3 Million Units This Year
May 22, 2015, 1:26 PM
Apple Finally Updates 15" MacBook Pro w/ Force Touch; 5K iMac Gets Price Cut
May 20, 2015, 1:45 PM
LG G4's International Rollout Begins; Pint-Sized G4c, High-End G4 Stylus Trot Out
May 19, 2015, 12:54 AM
President Obama Posts His First "Personal" Tweet to Twitter Via an iPhone
May 18, 2015, 4:38 PM
Microsoft Bricks the Xbox Ones of Gears of War Testers Responsible for Leaks
May 14, 2015, 5:26 PM
Windows 10 Mobile Build 10080 is Available for New Phones, Brings Office Preview
May 14, 2015, 2:53 PM
Most Popular Articles
America's Largest Cable Company, Comcast, Sees Internet Subscriptions Pass TV
May 4, 2015, 2:46 PM
Can id Software's Doom Find Its Way Out of a 7+ Year Development Hell?
May 19, 2015, 7:38 PM
Oculus Rift Confirms "Pause" in OS X, Linux Development, Some Devs are Mad
May 18, 2015, 11:36 PM
The Pirate Bay Loses Its Iconic Swedish Dot SE Domains
May 20, 2015, 6:31 PM
In-Depth: Apple's ~$1B Court Victory Over Samsung to be Cut up to a Third
May 18, 2015, 9:20 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information