Revenge On the One-Armed Bandit

[InfoSec News <isn () C4I ORG>]

http://www.wired.com/news/politics/0,1283,37190,00.html

by Charles Mandel
12:00 p.m. Jun. 23, 2000 PDT

EDMONTON, Alberta -- WMS Gaming of Chicago is suing an Edmonton man
for $10 million, alleging that he threatened to publicize a software
flaw in its slot machines that allowed players to consistently win
large amounts of money.

The company filed suit in the Alberta Court of Queen's Bench in late
February after Zues Yaghi, an Edmonton software consultant, began to
post information about the software glitch on the Internet. The flaw
came to light after a publication ban on the suit was lifted in court
earlier this week.

The flaw may easily have cost the slot machine manufacturer $50,000 a
day, Yaghi said in an interview.

But lawyers for WMS estimate the losses at between $1-2 million,
because they say some Edmonton gamblers visited three states in the
U.S. between December 1999 and February 2000, where they used the flaw
to win at gaming.

In Alberta alone, some 300 machines were affected. WMS Gaming is one
of the largest manufacturers of slot machines in the world, with
annual revenues in 1999 of $125.9 million.

The flaw involves players doubling their bets on an electronic poker
game in conjunction with several other commands. Yaghi said he first
discovered the flaw in December, doing what he called "field intrusion
testing," a technique he described as probing functions on a machine
for weaknesses.

Yaghi said tapping on the "draw" button as the last credit registered
would get players into what he believed was a so-called Easter egg.
Easter eggs are deliberately inserted pieces of code meant to produce
a hidden option for users. Normally, Easter eggs are harmless
mini-games or puzzles.

Yaghi demonstrated the flaw for Alberta Gaming and Liquor Commission
officials last December. Within five minutes he emptied a single slot
machine of about $600 three times.

His problems began when Yaghi offered his services to WMS Gaming as a
consultant for $250,000. WMS counter-offered with about $50,000. The
counter-offer enraged Yaghi, according to Edmonton lawyer Mark
Lesniak, who has been retained by WMS Gaming.

Yaghi began describing the glitch on Internet message boards in late
February. He wrote that he was "amazed to discover a huge open door in
the programming of these slot machines. I can literally empty
thousands of dollars in minutes from these machines."

Yaghi said in the interview he has not used the technique himself on
the slots.

Shortly after the postings, WMS obtained a search-and-seizure order,
entering Yaghi's Edmonton home three times and seizing computers and
data files. The company then filed suit.

"At that stage, when we started seeing Internet postings, something
had to be done," said Lesniak. "It's just not legal to try and destroy
somebody's share value."

Shortly after Yaghi demonstrated the glitch, the gaming authority
issued a notice recommending casinos bar Yaghi from entering. Yaghi
has filed a countersuit for C$1 million against WMS Gaming and has
also filed a $2 million suit against Alberta Gaming for defamation.

Alberta Gaming is trying to recover an unspecified portion of the
losses from WMS Gaming. The losses would be revenues that would
normally have gone into the Alberta Lottery Fund. The government's
revenue is 70 percent after prizes.

Lesniak said gaming regulators in Alberta, Michigan, Iowa, and
Illinois are investigating to see if they can lay criminal charges
against the individuals who took advantage of the flaw.

WMS Gaming claims to have fixed the glitch with a software patch, but
Yaghi says he believes other models may have similar problems. Scott
Schweinfurth, WMS Gaming's CFO, said the company has no comment on any
aspect of the issue.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".