Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines | WIRED

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Allan Davidson <alland () heckerty com>
> Date: August 5, 2017 at 1:10:07 PM EDT
> To: Dave Farber <farber () gmail com>
> Subject: Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines | WIRED
>
> May be of interest to the list:
> > https://www.wired.com/story/meet-alex-the-russian-casino-hacker-who-makes-millions-targeting-slot-machines
> >
> > Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines
> >
> > David Brandon Geeting for WIRED
> > Late last autumn, a Russian mathematician and programmer named Alex decided he’d had enough of running his 
> > eight-year-old business. Though his St. Petersburg firm was thriving, he’d grown weary of dealing with payroll, 
> > hiring, and management headaches. He pined for the days when he could devote himself solely to tinkering with code, 
> > his primary passion. The time had come for an exit strategy.
> > But Alex couldn’t just cash out as if he owned an ordinary startup because his business operates in murky legal 
> > terrain. The venture is built on Alex’s talent for reverse engineering the algorithms—known as pseudorandom number 
> > generators, or PRNGs—that govern how slot machine games behave. Armed with this knowledge, he can predict when 
> > certain games are likeliest to spit out money—insight that he shares with a legion of field agents who do the 
> > organization’s grunt work.
> > These agents roam casinos from Poland to Macau to Peru in search of slots whose PRNGs have been deciphered by Alex. 
> > They use phones to record video of a vulnerable machine in action, then transmit the footage to an office in St. 
> > Petersburg. There, Alex and his assistants analyze the video to determine when the games’ odds will briefly tilt 
> > against the house. They then send timing data to a custom app on an agent’s phone; this data causes the phones to 
> > vibrate a split second before the agent should press the “Spin” button. By using these cues to beat slots in 
> > multiple casinos, a four-person team can earn more than $250,000 a week.
> > Alex, who insists that his hacking doesn’t violate Russian law, fancies himself a bit of a Robin Hood—a champion for 
> > the common man against an avaricious casino industry. “Gaming manufacturers claim they provide ‘entertainment,’ but 
> > we all know the nature of this ‘entertainment’ a little too well,” he says by email. “All they and I are really 
> > doing is moving money. Their job is to help casinos take money from the people; my job is to help myself and the 
> > people take money from the casinos. Just a little counterweight to the global gambling system, where the house 
> > always wins.” Yet he also knows that his self-described “milking system” is considered criminal in several 
> > countries, including the United States: In 2014, four of his agents were indicted on federal fraud charges after 
> > sweeping through casinos in Missouri, Illinois, and California.
> > David Brandon Geeting for WIRED
> > Determined to find a way to score one last payday before shutting down his enterprise, Alex reached out to 
> > Aristocrat Leisure, an Australian slot machine manufacturer whose vulnerable products have been his chief targets. 
> > In a November 2016 email to Tracey Elkerton, the company’s global head of regulatory and product compliance, he 
> > offered to direct his agents to “cancel their work on Aristocrat slots to stop compromising your trademark” as well 
> > as “help your developers eliminate all design flaws.” He did not mention the fee he expected to be paid for these 
> > services, though he did note that he wished “to extract maximum money from my developments.”
> > Alex also insinuated that Aristocrat might face grave consequences if it chose to ignore him. “The matter could 
> > become worse if technical details would be available for your competitors or will be shared via internet or media,” 
> > he warned. To underscore the fact that he needed to be taken seriously, he ended the email with proof of his 
> > technical prowess: a mathematical breakdown of the supposedly secret PRNG that powers Aristocrat games like 50 Lions 
> > and Heart of Gold.
> > Clearly unsettled by the tenor of Alex’s approach, Elkerton suggested that they meet on neutral ground in the US. 
> > “If we were to arrange a meeting, our goal would be to understand the method that you have developed that is being 
> > used in various countries to cash out more money than expected from certain Aristocrat slot games,” she wrote in her 
> > reply.
> > Alex could never agree to such a meeting, of course; by setting foot on US soil he would be risking arrest. 
> > Frustrated by what he perceived as stalling on Aristocrat’s part, he decided to make Elkerton aware of just how much 
> > havoc he could wreak on her employer.
> > My own dialogue with Alex began in February of this year, after he read a story I’d written about his agents’ 
> > exploits in the US. (“I keep an eye on what becomes public regarding my business,” he explained via email.) His name 
> > had already come up twice in the course of my reporting—once from someone close to the fraud investigation in the 
> > Eastern District of Missouri and once in conversation with Willy Allison, a casino security consultant who has been 
> > tracking the St. Petersburg organization for years.
> > After much back and forth, Alex agreed to an on-the-record interview on the conditions that his surname not be used 
> > and that he could disregard questions about his personal life that struck him as too invasive. To bolster the 
> > veracity of what he shared, Alex supplied corroborating evidence in the form of emails, mathematical proofs, and 
> > audio recordings. I was able to verify several of his statements by checking them against legal documents or by 
> > consulting with people familiar with his organization’s work.
> > There are still several aspects of Alex’s story that could not be confirmed, however, starting with his education. 
> > He claims that after studying math and programming at a top Russian university, he spent two years at the FSB 
> > Academy, a government-run school that trains prospective members of the country’s intelligence apparatus. He also 
> > says he was once employed at a St. Petersburg military university that specializes in teaching cryptography and 
> > hardware hacking. During his formative years, Alex says, he never had the slightest interest in slot machines: “As a 
> > mathematician, I was aware of how odds work at an early age,” he says. “Mostly gambling appeared to me as nothing 
> > more than taxation on stupidity.”
> > Alex’s life-changing introduction to slots came about a decade ago, while he was working as a freelance hacker. A 
> > Russian casino hired him to learn how to tweak machines manufactured by Novomatic, an Austrian company, so that 
> > their odds would favor the house more than usual: The machine had been programmed to pay out 90 percent of the money 
> > it took in, a figure that Alex’s client wanted him to adjust down to 50 percent.
> > David Brandon Geeting for WIRED
> > In the course of reverse engineering Novomatic’s software, Alex encountered his first PRNG. He was instantly 
> > fascinated by the elegance of this sort of algorithm, which is designed to spew forth an endless series of results 
> > that appear impossible to forecast. It does this by taking an initial number, known as a seed, and then mashing it 
> > together with various hidden and shifting inputs—the time from a machine’s internal clock, for example. Writing such 
> > algorithms requires tremendous mathematical skill, since they’re supposed to produce an output that defies human 
> > comprehension; ideally, a PRNG should approximate the utter unpredictability of radioactive decay.
> > After wrapping up the casino gig, Alex spent six months teaching himself everything he could about PRNGs—in part 
> > because he admired their beauty but also because he knew that such expertise could prove profitable.“I mastered it 
> > to the point where I can develop such algorithms myself, on a level I am yet to see in a gambling machine,” says 
> > Alex, who will never be accused of lacking confidence. “It’s in my bloodstream now. I feel the numbers; I know how 
> > they move.”
> > In 2008 Alex unleashed his newfound mastery on the gambling world, hiring a small group of employees to “milk” 
> > Novomatic machines throughout eastern Europe. (Three years later, Novomatic became the first slots manufacturer to 
> > warn its customers that some of its PRNGs had been compromised.) After Russia largely outlawed its casino industry 
> > in 2009, resulting in a massive sell-off of gaming equipment, Alex was able to get his hands on an Aristocrat Mark 
> > VI slot machine cabinet. He reverse engineered the PRNGs for numerous Mark VI games and the popular machine—more 
> > than 100,000 are still on casino floors worldwide—soon became his burgeoning organization’s favorite prey: In the 
> > 2014 case in Missouri, for example, every count in the indictment relates to the bilking of a Mark VI.
> > Alex recruits his field agents online and meets few of them in person, ensuring that they won’t be able to reveal 
> > too much about his operation if they’re ever caught and interrogated. He pays little attention to the applicants’ 
> > education or professional backgrounds, since the job requires minimal know-how: The entire training regimen takes 
> > just two hours, during which prospective agents are taught how to use the customized phone app that prompts them 
> > when to hit a machine’s Spin button.
> > What Alex values most in his employees is discretion: He looks for people who, he says, “understand the importance 
> > of covertness in their actions and general behavior” and who “look respectable enough not to cause unnecessary 
> > suspicion.” Before they embark on their first assignment, new agents are offered the chance to purchase an 
> > “insurance policy”: In exchange for taking a bigger cut of the agent’s winnings, the organization will provide legal 
> > assistance and financial aid to the agent’s family in case of arrest.
> > Those arrests have been rare, since the milking system isn’t technically illegal in many jurisdictions. When agents 
> > have been caught by casino security guards, they’re usually just stripped of their winnings and banned from the 
> > premises. But Alex has weathered a few notable legal setbacks, which have resulted in some of his secrets spilling 
> > forth.
> > In the Missouri case, for example, one of the defendants, a Kazakh national who had been living in Florida, decided 
> > to cooperate with the FBI in exchange for leniency. (His three codefendants, all of whom were Russian citizens, pled 
> > guilty and received short prison sentences.) And in 2016, a Czech man opened up to Singaporean authorities after he 
> > was charged, along with two Russian accomplices, with violating that nation’s Casino Control Act. These two 
> > informants divulged how their fellow agents record video of slot machines without arousing suspicion (they often 
> > conceal phones behind mesh shirt pockets) and how the organization’s revenue gets divvied up (90 percent goes back 
> > to St. Petersburg).
> > Besides his Robin Hood justification, Alex defends his enterprise as cunning but by no means criminal. “We, in fact, 
> > do not meddle with the machines—there is no actual hacking taking place,” he says. “My agents are just gamers, like 
> > the rest of them. Only they are capable of making better predictions in their betting. Yes, that capability is 
> > gained through my technology, it’s true. But why should it be against the law? On the basic level, it’s like using a 
> > calculator for counting faster and more accurately, rather than relying on one’s natural capacity.” It is logic very 
> > much in sync with Russia’s culture of cutthroat capitalism.
> > Just before Aristocrat shut down for Australia’s Christmas break last year, Tracey Elkerton received an unexpected 
> > phone call from a man who identified himself only as Peter. “I’m calling on behalf of Alex,” he explained in lightly 
> > accented English, without informing Elkerton that he was secretly recording the call. (Alex let WIRED listen to the 
> > recording.) “He is a guy from Russia that you had an email exchange with? He hired me as an interpreter and he’s 
> > currently on the other line with me. Can you speak for a few minutes with him?” (Alex knows some English, but he 
> > prefers to use a translator when handling sensitive business matters.)
> > On the recording, Elkerton sounds initially flustered by the situation and appears to try to nip the conversation in 
> > the bud by saying that she has a meeting to attend. But Peter cajoles her into remaining on the line so he can relay 
> > Alex’s message, and the veteran Aristocrat executive gradually becomes more assertive as the half-hour conversation 
> > wears on. “He is talking of a deal with you where he can help you neutralize the exploit and stop the occurrences in 
> > the casinos,” Peter says on Alex’s behalf. “Like, he wants to be paid for it. So his question is whether you are 
> > willing to negotiate on that issue.”
> > David Brandon Geeting for WIRED
> > Elkerton sounds skeptical. “It is very unlikely that Aristocrat will pay for information,” she replies. “It’s simply 
> > not how we operate. We have developed a solution for our products moving forward and we’re comfortable with that 
> > solution.”
> > Peter counters by expressing Alex’s doubt that Aristocrat realized just how many of its machines are at risk. He 
> > then makes a startling new claim: Alex has cracked the PRNGs for games that run on Aristocrat’s latest slot-machine 
> > cabinet, known as the Helix, which is two generations more advanced than the Mark VI.
> > Elkerton does not dismiss the possibility outright. In fact, she says that it does at least seem plausible. The 
> > Helixes that Aristocrat had been shipping, she says, “do not yet contain the solution that we have implemented.” (An 
> > Aristocrat spokesperson stresses that “Ms. Elkerton’s comment in response to the extortionist’s cheat allegation 
> > against unspecified games on Helix cabinets simply acknowledged a theoretical potential.”)
> > Sensing that he now has the advantage, Alex instructs Peter to demand that his proposal be passed along to 
> > Aristocrat’s most senior decision-makers, whom he believes would accept his offer if they knew their Helixes were in 
> > peril. But Elkerton counters by citing not only Aristocrat’s commitment to being “truly ethical” in its dealings but 
> > also her fear that Alex might not be a man of his word: “I have no guarantee that Alex shuts down this crew slash 
> > syndicate if we were to pay him a fee, a consulting fee, whatever we want to call it.”
> > Before ending the call, Elkerton poses a question to Alex: Why, after many years of earning millions with his 
> > milking system, is he now eager to cut a deal with Aristocrat? Why is he no longer content to continue making a 
> > small fortune by sending his agents around the globe? “He does know that in some countries [his system] is illegal, 
> > and that does concern him because he does not want to be criminal,” Peter answers. “He decided it would be better 
> > for him to get out of the illegal field and just shut it down and get a certain payment from the company for 
> > consultation and the patch.”
> > Upon hearing that Alex’s fondest wish is to be a straight arrow, Elkerton bursts into grim laughter.
> > Alex waited three weeks for Aristocrat to have a change of heart, then sent Elkerton a lengthy email in which he 
> > detailed the specific services he could provide in exchange for a sum that ran into eight figures. He also outlined 
> > some of the steps he might take if Aristocrat continued to dawdle, such as sharing his vulnerability information 
> > with the company’s competitors so that they could secure their own machines as well as poach Aristocrat’s customers.
> > As in his earlier email, he offered mathematical evidence of his bona fides—in this instance a breakdown of how the 
> > PRNG works for a game called 50 Dragons that runs on Helix machines. The proof also included a photograph of a Helix 
> > machine that Alex’s organization had allegedly targeted at the Sands Macau Casino; Alex urged Elkerton to have one 
> > of the company’s engineers check the machine’s logs to verify his claims.
> > Aristocrat parsed its words carefully in response to my inquiry as to whether Alex has cracked a Helix game’s PRNG. 
> > “Aristocrat received information from the extortionist alleging to be proof of a cheat,” the company informed me in 
> > a written statement. “However we could not verify any cheat based on the information provided. Aristocrat reiterates 
> > that it has no evidence of any actual or potential cheat of any title other than the handful of Mark VI vintage 
> > titles previously reported.” (Aristocrat has informed its customers that the thousands of compromised Mark VI games 
> > “are no longer supportable” and urges them “to replace this old, end of life technology with new, more modern 
> > products.”)
> > It seems improbable, however, that Alex could send Aristocrat a proof that the company’s engineers would instantly 
> > recognize as fiction. Were he to do so, Aristocrat would have good reason to dismiss him as a charlatan whose 
> > threats are idle. But based on its reaction to my various inquiries, the company seems far from nonchalant about the 
> > Alex situation. (In response to a specific question about whether Alex’s email contained the 50 Dragons proof, a 
> > company spokesman said: “Aristocrat has confirmed this extortion attempt, the fact that it has been referred to the 
> > relevant authorities, and managed in compliance with all relevant protocols. It would be inappropriate to comment 
> > further.”)
> > After Alex shared his most recent Aristocrat PRNG proof with me, I showed it to David Ackley, a computer science 
> > professor at the University of New Mexico. Ackley discovered that the algorithm had a peculiar backstory.  On a 
> > hunch, he took some of the equation’s values that were expressed in hexadecimal format and converted them to decimal 
> > format. When he did, he noticed that the resulting numbers were familiar: One was an approximation of pi (31415926), 
> > one was an abbreviation of the mathematical constant e (271828), and one was a slightly ribald jest (69069).
> > By tracing those jokey references back, Ackley found that those exact numbers had also been used in a PRNG featured 
> > in SpaceOut, a 1988 program for the X Window System that simulated travel through a star field. When I contacted the 
> > author of SpaceOut, he recalled that he had cribbed his PRNG from the second volume of Donald Knuth’s The Art of 
> > Computer Programming, a classic of the discipline. I was able to locate that PRNG in the edition of the book that 
> > was published in 1981, though it may also appear in the original edition from a dozen years earlier.
> > This coincidence raises at least two possibilities. The first is that Alex sent Aristocrat a fake proof full of 
> > mathematical in-jokes and wagered that the company’s engineers would be too dense to realize that he was putting 
> > them on. The second is that Aristocrat has been basing some of its PRNGs, at least in part, on an algorithm that is 
> > at least 36 years old and which has long been in the public domain.
> > If the latter is the case, then Aristocrat—like all slot machine manufacturers—has a ready defense against any 
> > suggestion that its PRNGs are too feeble. Because government regulators must vet and approve all PRNGs before 
> > they’re used in casinos, those regulators are easy to blame when hackers like Alex find flaws in the code. “Every 
> > single Aristocrat game that is on a venue floor—regardless of where it is—has been approved by the relevant 
> > regulators and complies fully with the standards required at the time it was placed,” a company spokesperson told me.
> > Aristocrat has held fast to its refusal to negotiate with Alex, a decision that not all of its corporate peers have 
> > made when dealing with similar crises. In fact, plenty of companies confronted by hackers with damaging information 
> > have opted to play ball and transmit the requested bitcoins to their tormentor. “You might be able to live with the 
> > cost of paying off the lawsuits and that sort of stuff, but the potential reputational damage might be too much to 
> > bear,” says Steve Stone, a leader of IBM's X-Force Incident Response and Intelligence Services division, which 
> > advises client on how to handle cyberextortion. But he adds that those companies often rue their decision in the 
> > long run, since—as Tracey Elkerton implied in her phone call with Alex—black-hat hackers aren’t known for being 
> > merciful: “It’s not all that unusual to pay and then they come back and say, ‘Oh, now we have two things.’ And then 
> > it’s ‘Now we have three things.’”
> > Having failed to persuade Aristocrat to strike a deal, Alex is now toying with the idea of approaching IGT, another 
> > slot machine manufacturer; Alex claims to have recently deciphered the PRNGs for games that run on machines made by 
> > Atronic, an Austrian company that is now an IGT subsidiary. “I have to say they are a bit more robust [than 
> > Aristocrat’s] and some machines did give me the pleasure of a challenge, but they are still generally weak,” he 
> > boasts. “An engineer’s mind is just too linear. They don't understand the psychology of dismantling, they just don’t 
> > know where and how a hacker is going to strike. So they leave a number of doors open for me to enter.”
> > Alex also claims to be engaged in selling his milking system to interested parties. One of his customers, he says, 
> > was a New York-based crew of alleged Russian and Georgian mafiosi, 33 of whom were indicted in June for 
> > racketeering, fraud, and other crimes. According to confidential government informants, this crew, known as the 
> > Shulaya Enterprise, brought an Aristocrat Mark VI slot machine to a Brooklyn aparment in September 2016; four months 
> > later, the group began fleecing casinos in Pennsylvania by using “electronic devices and software designed to 
> > predict the behavior of particular models of electronic slot machines.”
> > When he inevitably tires of the slot-machine racket altogether, Alex is prepared to exit the industry in a blaze of 
> > mischief. “Sometimes I fantasize about just putting my tech out there for everyone to use,” he says. This would 
> > result in what he terms his “zombie apocalypse” scenario: Equipped with Alex’s information and software, both 
> > obtained online for free, anyone with a smartphone will be able to turn a vulnerable slot machine into a gaudily 
> > decorated ATM.
> > “Can you imagine something like that?” Alex asks. “It could uproot the entire slot machine industry. And the world 
> > just might become a slightly better place. Well, for most people at least.” Should that future come to pass, the 
> > losers will only have their mathematical sloppiness to blame.
> > Brendan I. Koerner (@brendankoerner) is a WIRED contributing editor and the author, most recently, of The Skies 
> > Belong to Us: Love and Terror in the Golden Age of Hijacking.
>
>
>                                                               ______________________
>
> Allan Davidson                                                                tel:                    +1 480 234-5978
> heckerty.com — fun videos, great stories, smiling kids                        email:          alland () heckerty com
> The Heckerty Company, Inc.                                                            chat:           Chat Center‌
>                                                                                                               ‌
> ‌‌                    
> ‌SUBSCRIBE NOW!‌              ‌       
>
> HECKERTY’S LATEST FABULOUS ADVENTURES!



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170805141122:7A1EC9B8-7A09-11E7-A77F-9CD6A6DB1AED
Powered by Listbox: http://www.listbox.com