The story of one bug in the machine for video poker

Bugs in some programs go unnoticed for years. Others are quietly corrected. But there are bugs that become the object of universal attention and even litigation. This is exactly the story that happened with an error in the Game King Multi-Game slot machine. The player who discovered it did not inform the developers about the found vulnerability, but began to shoot jackpots at various casinos. An FBI investigation revealed that he removed more than $ 500,000 from slot machines.

The first machines for video poker appeared in American casinos in the 70s and they were immediately awaited by great success. The players liked that they can influence the result (choose the cards), and not turn the drum stupidly. The owner of the patent International Game Technology held an IPO and was listed on the stock exchange in 1981.

The main trump card of IGT was the use of computer technology in slot machines. The company achieved the perfect formula in 1996, with the release of the Game King Multi-Game model, which offered several options for poker. The casinos purchased these machines, and the manufacturer sold them new firmware with new games. September 25, 2002 released the fifth version of the firmware - Game King 5.0.
')
As it turned out, an error crept into the Game King 5.0 code. More precisely, a number of small bugs in the program under the number G0001640. They managed to avoid detection during testing.

The bug went unnoticed for the next 7 years, moving into each new firmware version. As a result of copying the code, it penetrated 99 different programs on thousands of IGT gaming machines. As far as we know, no one took advantage of them until April 2009, when he was accidentally discovered by John Kane (in the photo).

Bug appeared by chance. John Kane spent a lot of time playing. Once, in one of the slot machines near the Chinese diner on the outskirts of Las Vegas, he tried different poker options, but then decided to order a cashout and look for luck in another slot machine. As soon as he pressed the “Cash Out” button, the screen suddenly blocked, the machine blinked, rang and reported the jackpot more than $ 1000. John did not even begin to play a new hand. He told the approached employee about the glitch, but he considered it a joke and gave out a prize.

John Kane called a friend Andre Nestor, they sat down at the machines and started testing the game system, trying different games, limits and sequence of actions.

The essence of the bug was that the car allowed to change the size of the bet at low limits from 1 to 50 cents, while mistakenly allowing you to change the size retroactively. That is, after winning at the rate of 1 cent, it was possible to change the nominal value to 50 cents and get the gain 50 times more than it should be.

After seven hours of testing, friends were able to establish an exact, step-by-step sequence of actions to reproduce the bug.

Unfortunately, for some reason, the bug manifested itself only in Game King machines installed in one small area of ​​Las Vegas - in Fremont. However, in 5 weeks of hard work, Kane managed to withdraw more than $ 100,000 in the area.

Managers noticed something was wrong and turned off the “Double Up” rate doubling function at losing ATMs, after which everything stopped working. And here on the "hackers" came the insight: after all, this feature is disabled by default in all the machines on which they tried it last time. Thus, they could go to any casino, ask to enable the function - and get the jackpot. Friends have agreed not to withdraw more than $ 20 thousand per day from the casino.

Moreover, over time, it turned out that after receiving the jackpot, repeating a certain combination of actions allowed us to repeat the jackpot with exactly the same cards. Actually, they were eventually caught by them.

After the next jackpot, the slot machines were sealed and sent for examination to the technical department of the Nevada Casino Regulatory Agency. The investigation was commissioned by 25-year-old John Lastusky, a recent graduate of the computer science department at the University of South Carolina. He studied the logs, then copied the contents of the EPROM and found no signs of external interference and backdoors. Nevertheless, repeating the winning actions, after a few days, Lastusky was able to reproduce the desired sequence. He reported the find to management, and soon the “Double Up” function was deactivated on all slot machines.

The prosecutor’s office charged Andre Nestor with 698 counts, from theft to criminal conspiracy. In 2011, the case was transferred to the Ministry of Justice, and the defendants were charged under a new article on computer hacking (Computer Fraud and Abuse Act). But it ended with a happy ending. Friends refused to testify against each other, and the Ministry of Justice was forced to drop the charges, and in March 2014 the case was closed.

Nestor spent all the money on a lawyer, but Kane kept the winnings. Judging by the court records, they were not confiscated, so that the former pianist now leads a quiet peaceful life, not working anywhere.

Andre Nestoru has been banned from entering all casinos in Pennsylvania, and now he is wasting his time playing Candy Crush on an Android tablet. In two months, Nestor completed 515 levels using a cheat found on the Internet.