Feds Drop "Hacking" Charges Against Video Poker Jackpot Winners
May 8, 2013 9:50 AM
comment(s) - last by
Men still face a single count of wire fraud for exploiting bug in the machines
Following an outburst of public outcry over a pair of men
facing up to five years in federal prison
for "exceeding authorized use" and
exploiting a bug in video poker casino machines to win big
, the two charged counts under the Computer Fraud and Abuse Act of 1986 (
18 USC § 1030
) have been dropped.
U.S. District Court for the District of Nevada
Federal Judge Miranda Du
cited a recent
Ninth Circuit Court of Appeals
[PDF], which sought to more strictly confine the ambiguous wording of the CFAA to prevent abuse. She demanded prosecutors to justify their use under the 9th Circuit's
ruling; federal prosecutors were unable to so they dropped the CFAA charges against co-defendants John Kane, 54, and Andre Nestor, 41.
Assistant U.S. Attorney Michael Chu wrote in a
[PDF] obtained by
, "The United States of America, by and through the undersigned attorneys, hereby moves this Court to dismiss Counts 2 and 3 of the Indictment."
Prosecutors had argued previously that the sequence of buttons needed to activate the programming error constituted "hacking". But they were unable to defend that opinion in the face of the recent regional scale-back of the CFAA, when defense lawyers argued that the co-defendants were simply playing by the rules of the machine (rules which were broken).
The pair used their trick on the Game King multi-game machine. [Image Source: IGT]
That leaves a single count of wire fraud against each man. The wire fraud charges (
18 U.S.C. § 1343
) are built on the premise that the defendants used phone conversations to plan to defraud the plaintiffs (the casinos), a federal offense. Of course, given that the feds couldn't even make the accusation that they "hacked" (a form of fraud) stick, the fraud-based claim seems pretty questionable.
Mr. Kane's counsel --
, a veteran LV lawyer -- comments, "The case never should have been filed under the CFAA, it should have been just a straight wire fraud case. And I'm not sure its even a wire fraud. I guess we'll find out when we go to trial.'"
In a previous interview he had stated, "They’re going to have real tough time with the wire fraud. I never really understood why the federal government took this case in the first place."
Now with one victory in hand he looks to beat back this final federal charge.
U.S. District Court for the District of Nevada via Wired [PDF]
This article is over a month old, voting and posting comments is disabled
5/8/2013 12:07:43 PM
I suspect it made it to federal court because the issue it deals with is bigger than a slot machine in a casino. On the one hand you have a system which was clearly intended to be operated a certain way. On the other hand, you have defective programming which allowed it to be operated a different way. If someone operates it that different way, who is to blame?
The same issue comes up with hackers exploiting a security vulnerability in a server's software. Or with people exploiting a bug in an online game. Those who own the server or game view it as exploitation and place 100% of the fault on the hackers or exploiters. The people taking advantage of the bug view it as bad programming and place 100% of the fault on the programmers. Since it was intentionally programmed that way, they feel they are doing nothing wrong by taking advantage of it.
The Feds obviously want to come down on this as far in favor of the casino/server/game as possible. Hence the initial hacking charges. From their perspective, intent when designing the system should count for everything. That even if you forgot to lock your door, the fact that you intended to lock it means uninvited guests are not welcome.
I'm really not sure what the solution here is. If you go with the intent of the slot machine designers, then you're vulnerable to fraud when they later claim they intended something which they really didn't while designing it. If you go with the people using the system as designed (but not intended), then you're requiring that every system be implemented perfectly. Clearly an unachievable goal.
In the locking the house door example, you get around the problem by ignoring the lock and codifying into law the
of the lock - to prevent trespassers. So you just make trespassing illegal, then it doesn't matter if you forget to lock the door. Unauthorized entry is still a crime. But if you try to apply that to everything, you have to codify into law everything that is and isn't considered authorized behavior in every game, server, and slot machine. That seems a bit excessive, and would threaten to increase the size of our laws by several orders of magnitude. Online games can put it in their EULA, and servers can be given a modicum of protection by making it illegal to access the system if you're not authorized to use it. But I'm not sure how you'd do it for things which are intended to be used by anybody, like slot machines, ATMs, automatic toll booths, self-checkout scanners, etc.
5/8/2013 2:00:25 PM
No those hackers writes codes that explore a vulnerability. This guy is using a fixed function machine. He did not do anything besides what is allowed.
The fault is by whoever made the machine.
5/9/2013 11:37:41 PM
Add to that. Unless the instructions say wait until the prompt appears before you press a button, then you are following the printed instructions even though a programming error makes an early button press generate a winning hand.
This is a program bug and it is the responsibility of the casino to take the machines offline until they can be patched.
As private businesses they may sue to recover money lost due to the programming error, but finding a bug and failing to report it is (not yet) a crime.
The earlier vending machine example would clearly be theft as the instructions will clearly state that payment is expected for each item taken.
The ATM example (which has happened) is often handled as theft as users are expected to know that the amount dispensed is supposed to be the same as the amount charged to the account.
5/8/2013 7:46:53 PM
The keyword is intent. In your trespassing example the intent is the act of trespassing which is itself illegal. The intent of a hacker is to gain unauthorized access and/or do any number of illegal activities.
The intent when playing a slot machine is to win money which is not illegal. As long as you play the game without doing anything illegal then you have not done anything wrong in my opinion.
"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard
Man May be Sent to Prison for Exploiting Firmware Bug in Poker Machine
May 2, 2013, 11:48 AM
Goatse Security iPad Hacker Gets 41 Months for "Doing Arithmetic"
March 18, 2013, 11:06 PM
Retiree Sues Apple For $7,500 for Wiping Honeymoon Photos From His iPhone
November 30, 2015, 10:23 AM
iPhone 7 May Pack 3-4 GB Memory, More Storage; 4-Inch Comeback is Rumored
November 20, 2015, 10:12 PM
OnePlus One, OnePlus 2 Will Receive Android Marshmallow in Q1 2016
November 16, 2015, 9:58 AM
Lenovo Whoa: Motorola Droid MAXX 2 and Turbo 2 Break Cover in Leaks
October 26, 2015, 3:12 PM
Leak: Apple Preps for First Real Android App Foray With New Apple Music App
October 24, 2015, 1:59 PM
Pepsi Smartphone? Empty Calories Coming Soon to the Midrange
October 12, 2015, 11:41 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information