Feds Drop "Hacking" Charges Against Video Poker Jackpot Winners
May 8, 2013 9:50 AM
comment(s) - last by
Men still face a single count of wire fraud for exploiting bug in the machines
Following an outburst of public outcry over a pair of men
facing up to five years in federal prison
for "exceeding authorized use" and
exploiting a bug in video poker casino machines to win big
, the two charged counts under the Computer Fraud and Abuse Act of 1986 (
18 USC § 1030
) have been dropped.
U.S. District Court for the District of Nevada
Federal Judge Miranda Du
cited a recent
Ninth Circuit Court of Appeals
[PDF], which sought to more strictly confine the ambiguous wording of the CFAA to prevent abuse. She demanded prosecutors to justify their use under the 9th Circuit's
ruling; federal prosecutors were unable to so they dropped the CFAA charges against co-defendants John Kane, 54, and Andre Nestor, 41.
Assistant U.S. Attorney Michael Chu wrote in a
[PDF] obtained by
, "The United States of America, by and through the undersigned attorneys, hereby moves this Court to dismiss Counts 2 and 3 of the Indictment."
Prosecutors had argued previously that the sequence of buttons needed to activate the programming error constituted "hacking". But they were unable to defend that opinion in the face of the recent regional scale-back of the CFAA, when defense lawyers argued that the co-defendants were simply playing by the rules of the machine (rules which were broken).
The pair used their trick on the Game King multi-game machine. [Image Source: IGT]
That leaves a single count of wire fraud against each man. The wire fraud charges (
18 U.S.C. § 1343
) are built on the premise that the defendants used phone conversations to plan to defraud the plaintiffs (the casinos), a federal offense. Of course, given that the feds couldn't even make the accusation that they "hacked" (a form of fraud) stick, the fraud-based claim seems pretty questionable.
Mr. Kane's counsel --
, a veteran LV lawyer -- comments, "The case never should have been filed under the CFAA, it should have been just a straight wire fraud case. And I'm not sure its even a wire fraud. I guess we'll find out when we go to trial.'"
In a previous interview he had stated, "They’re going to have real tough time with the wire fraud. I never really understood why the federal government took this case in the first place."
Now with one victory in hand he looks to beat back this final federal charge.
U.S. District Court for the District of Nevada via Wired [PDF]
This article is over a month old, voting and posting comments is disabled
5/8/2013 12:07:43 PM
I suspect it made it to federal court because the issue it deals with is bigger than a slot machine in a casino. On the one hand you have a system which was clearly intended to be operated a certain way. On the other hand, you have defective programming which allowed it to be operated a different way. If someone operates it that different way, who is to blame?
The same issue comes up with hackers exploiting a security vulnerability in a server's software. Or with people exploiting a bug in an online game. Those who own the server or game view it as exploitation and place 100% of the fault on the hackers or exploiters. The people taking advantage of the bug view it as bad programming and place 100% of the fault on the programmers. Since it was intentionally programmed that way, they feel they are doing nothing wrong by taking advantage of it.
The Feds obviously want to come down on this as far in favor of the casino/server/game as possible. Hence the initial hacking charges. From their perspective, intent when designing the system should count for everything. That even if you forgot to lock your door, the fact that you intended to lock it means uninvited guests are not welcome.
I'm really not sure what the solution here is. If you go with the intent of the slot machine designers, then you're vulnerable to fraud when they later claim they intended something which they really didn't while designing it. If you go with the people using the system as designed (but not intended), then you're requiring that every system be implemented perfectly. Clearly an unachievable goal.
In the locking the house door example, you get around the problem by ignoring the lock and codifying into law the
of the lock - to prevent trespassers. So you just make trespassing illegal, then it doesn't matter if you forget to lock the door. Unauthorized entry is still a crime. But if you try to apply that to everything, you have to codify into law everything that is and isn't considered authorized behavior in every game, server, and slot machine. That seems a bit excessive, and would threaten to increase the size of our laws by several orders of magnitude. Online games can put it in their EULA, and servers can be given a modicum of protection by making it illegal to access the system if you're not authorized to use it. But I'm not sure how you'd do it for things which are intended to be used by anybody, like slot machines, ATMs, automatic toll booths, self-checkout scanners, etc.
5/8/2013 2:00:25 PM
No those hackers writes codes that explore a vulnerability. This guy is using a fixed function machine. He did not do anything besides what is allowed.
The fault is by whoever made the machine.
5/9/2013 11:37:41 PM
Add to that. Unless the instructions say wait until the prompt appears before you press a button, then you are following the printed instructions even though a programming error makes an early button press generate a winning hand.
This is a program bug and it is the responsibility of the casino to take the machines offline until they can be patched.
As private businesses they may sue to recover money lost due to the programming error, but finding a bug and failing to report it is (not yet) a crime.
The earlier vending machine example would clearly be theft as the instructions will clearly state that payment is expected for each item taken.
The ATM example (which has happened) is often handled as theft as users are expected to know that the amount dispensed is supposed to be the same as the amount charged to the account.
5/8/2013 7:46:53 PM
The keyword is intent. In your trespassing example the intent is the act of trespassing which is itself illegal. The intent of a hacker is to gain unauthorized access and/or do any number of illegal activities.
The intent when playing a slot machine is to win money which is not illegal. As long as you play the game without doing anything illegal then you have not done anything wrong in my opinion.
"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer
HTC Confirms Worst Quarter in Its History, Focuses on Strong HTC One Reviews
May 2, 2013, 10:14 AM
EA CEO Resigns Due to Financial Misses
March 18, 2013, 6:50 PM
Quick Note: Moto X Gets Mad for the Month of March
March 7, 2014, 5:14 PM
Staples Closing 225 Stores Across North America
March 7, 2014, 1:24 PM
HP Launches $170, 8" Android Tablet
March 7, 2014, 8:09 AM
Sony Computer Entertainment America CEO Jack Tretton Stepping Down
March 6, 2014, 8:52 PM
Apple Won't Let UK Sons Unlock Their Deceased Mother's iPad
March 6, 2014, 12:44 PM
Benchmarks for NVIDIA Tegra K1 Hit the web
March 6, 2014, 8:57 AM
Most Popular Articles
Mt. Gox Bitcoin CEO Can't Stifle Grin as he Bows in Apology for Bankruptcy
February 28, 2014, 5:00 PM
Facebook Kills Popular Messenger App for PCs
March 1, 2014, 4:01 PM
Report: Microsoft Considering Offering Free “Windows 8.1 with Bing”
February 28, 2014, 10:21 AM
Two More Microsoft Executives Leaving the Company
March 3, 2014, 4:38 PM
USAF Moves Forward With Long Range Bomber Program Despite Budget Crunch
March 4, 2014, 9:44 AM
Latest Blog Posts
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
NSA and Congress -- You Will Never Kill the Constitution, It's an Idea
Nov 10, 2013, 2:00 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information