Feds Drop "Hacking" Charges Against Video Poker Jackpot Winners
May 8, 2013 9:50 AM
comment(s) - last by
Men still face a single count of wire fraud for exploiting bug in the machines
Following an outburst of public outcry over a pair of men
facing up to five years in federal prison
for "exceeding authorized use" and
exploiting a bug in video poker casino machines to win big
, the two charged counts under the Computer Fraud and Abuse Act of 1986 (
18 USC § 1030
) have been dropped.
U.S. District Court for the District of Nevada
Federal Judge Miranda Du
cited a recent
Ninth Circuit Court of Appeals
[PDF], which sought to more strictly confine the ambiguous wording of the CFAA to prevent abuse. She demanded prosecutors to justify their use under the 9th Circuit's
ruling; federal prosecutors were unable to so they dropped the CFAA charges against co-defendants John Kane, 54, and Andre Nestor, 41.
Assistant U.S. Attorney Michael Chu wrote in a
[PDF] obtained by
, "The United States of America, by and through the undersigned attorneys, hereby moves this Court to dismiss Counts 2 and 3 of the Indictment."
Prosecutors had argued previously that the sequence of buttons needed to activate the programming error constituted "hacking". But they were unable to defend that opinion in the face of the recent regional scale-back of the CFAA, when defense lawyers argued that the co-defendants were simply playing by the rules of the machine (rules which were broken).
The pair used their trick on the Game King multi-game machine. [Image Source: IGT]
That leaves a single count of wire fraud against each man. The wire fraud charges (
18 U.S.C. § 1343
) are built on the premise that the defendants used phone conversations to plan to defraud the plaintiffs (the casinos), a federal offense. Of course, given that the feds couldn't even make the accusation that they "hacked" (a form of fraud) stick, the fraud-based claim seems pretty questionable.
Mr. Kane's counsel --
, a veteran LV lawyer -- comments, "The case never should have been filed under the CFAA, it should have been just a straight wire fraud case. And I'm not sure its even a wire fraud. I guess we'll find out when we go to trial.'"
In a previous interview he had stated, "They’re going to have real tough time with the wire fraud. I never really understood why the federal government took this case in the first place."
Now with one victory in hand he looks to beat back this final federal charge.
U.S. District Court for the District of Nevada via Wired [PDF]
This article is over a month old, voting and posting comments is disabled
5/8/2013 12:07:43 PM
I suspect it made it to federal court because the issue it deals with is bigger than a slot machine in a casino. On the one hand you have a system which was clearly intended to be operated a certain way. On the other hand, you have defective programming which allowed it to be operated a different way. If someone operates it that different way, who is to blame?
The same issue comes up with hackers exploiting a security vulnerability in a server's software. Or with people exploiting a bug in an online game. Those who own the server or game view it as exploitation and place 100% of the fault on the hackers or exploiters. The people taking advantage of the bug view it as bad programming and place 100% of the fault on the programmers. Since it was intentionally programmed that way, they feel they are doing nothing wrong by taking advantage of it.
The Feds obviously want to come down on this as far in favor of the casino/server/game as possible. Hence the initial hacking charges. From their perspective, intent when designing the system should count for everything. That even if you forgot to lock your door, the fact that you intended to lock it means uninvited guests are not welcome.
I'm really not sure what the solution here is. If you go with the intent of the slot machine designers, then you're vulnerable to fraud when they later claim they intended something which they really didn't while designing it. If you go with the people using the system as designed (but not intended), then you're requiring that every system be implemented perfectly. Clearly an unachievable goal.
In the locking the house door example, you get around the problem by ignoring the lock and codifying into law the
of the lock - to prevent trespassers. So you just make trespassing illegal, then it doesn't matter if you forget to lock the door. Unauthorized entry is still a crime. But if you try to apply that to everything, you have to codify into law everything that is and isn't considered authorized behavior in every game, server, and slot machine. That seems a bit excessive, and would threaten to increase the size of our laws by several orders of magnitude. Online games can put it in their EULA, and servers can be given a modicum of protection by making it illegal to access the system if you're not authorized to use it. But I'm not sure how you'd do it for things which are intended to be used by anybody, like slot machines, ATMs, automatic toll booths, self-checkout scanners, etc.
5/8/2013 2:00:25 PM
No those hackers writes codes that explore a vulnerability. This guy is using a fixed function machine. He did not do anything besides what is allowed.
The fault is by whoever made the machine.
5/9/2013 11:37:41 PM
Add to that. Unless the instructions say wait until the prompt appears before you press a button, then you are following the printed instructions even though a programming error makes an early button press generate a winning hand.
This is a program bug and it is the responsibility of the casino to take the machines offline until they can be patched.
As private businesses they may sue to recover money lost due to the programming error, but finding a bug and failing to report it is (not yet) a crime.
The earlier vending machine example would clearly be theft as the instructions will clearly state that payment is expected for each item taken.
The ATM example (which has happened) is often handled as theft as users are expected to know that the amount dispensed is supposed to be the same as the amount charged to the account.
5/8/2013 7:46:53 PM
The keyword is intent. In your trespassing example the intent is the act of trespassing which is itself illegal. The intent of a hacker is to gain unauthorized access and/or do any number of illegal activities.
The intent when playing a slot machine is to win money which is not illegal. As long as you play the game without doing anything illegal then you have not done anything wrong in my opinion.
"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
Man May be Sent to Prison for Exploiting Firmware Bug in Poker Machine
May 2, 2013, 11:48 AM
Goatse Security iPad Hacker Gets 41 Months for "Doing Arithmetic"
March 18, 2013, 11:06 PM
Microsoft Admits Lumia 925 and 1020 Have Sleeping Sickness, Bug Fix is Planned
November 24, 2014, 1:12 PM
Report: Samsung Galaxy S5 Sales Have Come in 40% Below Projections
November 24, 2014, 6:58 AM
Quick Note: Google Chromebooks Now Coming with 1TB of Google Drive Space
November 21, 2014, 1:20 PM
Xiaomi Aims to be #1 Smartphone OEM Within 10 Years, Apple Urges Caution
November 21, 2014, 9:33 AM
Quick Note: Samsung's Request to Dismiss Microsoft Lawsuit is Rejected
November 20, 2014, 12:53 PM
Amazon Offers "The Washington Post" Free for Six Months to Kindle Fire Owners
November 20, 2014, 7:41 AM
Most Popular Articles
Uber Exec Threatens to "Spend Millions" to Stalk Female Reporter and Her Family
November 19, 2014, 12:31 PM
Apple Replaces “FREE” Label with “GET” on App Downloads in iTunes App Store
November 19, 2014, 5:38 PM
Rand Paul Casts Crucial "No" Vote on Obama-Backed PATRIOT Act Renewal Bill
November 19, 2014, 5:15 PM
FTC Announces Crackdown on Computer Speedup/Tech Support Scams
November 20, 2014, 1:40 PM
Wal-Mart: Miss Thanksgiving, Get Xbox One + Master Chief Collection for $299
November 17, 2014, 9:40 PM
Latest Blog Posts
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information