Head of US Lottery Information Security "finalized" a random number generator and won millions of dollars

In the USA , a rather interesting case of using an official position for personal enrichment has become known . A member of the US State Lottery Information Security Department has won millions of dollars (including nominees) for several years, and for the time being no one suspected him of anything. This employee, Eddie Raymond Tipton, used a small "refinement" of the random number generator, which allowed him to correctly "guess" the winning numbers.

But something to the law enforcement authorities seemed suspicious. Last year, this man was arrested, and now it has become known exactly how he was able to get rich. Eddie Raymond Tipton was not an ordinary IT employee (as reported in various media last year), but the director of information security of the Multi-State Lottery Association. As a manager, he had access to the room where the random number generator was installed.

As it turned out, the attacker introduced his own code into the system after the generator was inspected by an independent company. “Revision” allowed to achieve the fact that the generator did not show random numbers three days a year (specific days) when two more conditions were met (about them below). On these three days, a sequence of numbers was generated using the Tipton algorithm. Thus, three days a year, he could predict the result.
')
Probably, in this case, we can say that the ex-director of information security just greedy. He took advantage of the situation six times, from November 23, 2005 to December 29, 2011. Specialists who studied winning combinations, realized that these sequences are very similar, and suspected something was wrong. If he used his scheme 1-2 times, hardly anyone would be suspicious.

During the investigation were found third-party DLL, embedded in the memory of the computer system. The combination predicted by the attacker should have appeared three times a year, two specific days of the week, at a specific time of the day.

One of the dynamic libraries triggered a program that produced a certain number that could be predicted by an attacker or a person who was privy to this “secret”. Along with Eddie Raymond Tipton was his brother, Tommy Tipton from Texas, a police reserve officer. He was associated with jackpots in Colorado and Oklahoma. Another member of the "winners" group is Tipton's friend. Yes, the head of the operation himself did not receive all the winnings in his name, which would be very stupid, but this did not help him avoid punishment - the system was fairly transparent, and the law enforcement officers were able to identify the scheme described above.