Russians have come up with an ingenious way to cheat slot machines, from which the casino cannot defend

In early July 2014, accountants from casino Lumiere Place [Lumiere Place] in St. Louis discovered that several of their slot machines went crazy for a couple of days. Software approved by the government gives automata a fixed odds with mathematical methods, so that casinos are sure about how much they will earn in the long run - say, 7.129 cents per dollar. But on July 2 and 3, several slot machines from the Lumiere casino gave out much more money than they accepted, despite the absence of any special jackpots. Such a deviation in industry jargon is called negative hold. And since the software is not prone to fits of insanity, the only explanation was that someone was cheating.

The casino security picked up the video surveillance archives and found the culprit, a dark-haired man of 30 with something in a zip-up polo shirt with a brown rectangular bag. Unlike most of the scammers, he didn’t seem to have any effect on the automata he had chosen. He chose only older models made by the Australian company Aristocrat Leisure. He simply played by pushing buttons like Star Drifter or Pelican Pete games, while sneaking off his iPhone closer to the screen.

A few minutes later he left the machine, then came back again to try again. And then he was lucky. He bet from $ 20 to $ 60 and won about $ 1300, then cashed out the winnings and went on to the next machine, where he started all over again. For a couple of days, he won about $ 21,000. The only thing that seemed strange in his behavior was how he held his finger over the “Spin” button for quite long periods of time and then sharply clicked on it. Ordinary players do not make such pauses between games.
')
On 9 June, Lumiere Place shared her findings with the Missouri Gambling Commission, which issued a warning throughout the state. After that, several casinos found that they were deceived in the same way, although in some cases they were played by other people. In each case, the attacker held the cellphone closer to the Mark VI’s Aristocrat machine shortly before it began to carry.

After examining the car rental data, the Missouri authorities identified the scammer from Lumiere Place as Murat Bliev, a 37-year-old Russian. Bliev returned to Moscow on June 6, but an organization based in St. Petersburg, distributing dozens of its operatives to manipulate slot machines around the world, quickly sent him back to the US to work with another team. The decision to re-send Bliyev to the United States will be a rare mistake by an organization that quietly makes millions on hacking the most valuable algorithms for the gaming industry.

From Russia with deception

Russia has become a hotbed of gambling-related crimes since 2009, when gambling was practically banned in the country. Vladimir Putin, who was then prime minister, is said to have believed that this step would reduce the chances of Georgian organized crime. Because of the ban, all casinos had to sell machines with big discounts to any buyers they could find. Some of these machines were in the hands of scammers who wanted to learn how to download new games on old boards. Some obviously got to the owners of Murat Bliev in St. Petersburg, who wanted to investigate the source code of the machines for vulnerabilities.

By 2011, casinos in central and eastern Europe began to record incidents in which the machines of the Austrian company Novomatic issued incredibly large amounts. Novomatic engineers could not find evidence that they had done something with their machines, and they decided that the scammers had figured out how to predict the behavior of the automata. “By means of purposeful long-term observation of the progress of individual games, and also, probably, of the records of individual games, it is possible to determine certain“ regularities ”in the loss of game results,” the company told its customers in February 2011.

Recognizing these sequences is expensive. The results of the games of automata are controlled by pseudo-random number generators (HRC), which should produce unpredictable values. Government regulators confirm the performance of each algorithm before the casino can use it.

But the prefix "pseudo" seems to hint at a not quite complete randomness of numbers. Since people create them using instructions in the code, the HRTs remain a little deterministic. A truly random number generator should be used along with any phenomenon that was not created by man - for example, with radioactive decay . The HRT takes the initial number, and leads it through various functions, mixing it with variables like computer time - to produce a result that is seemingly unpredictable. But if hackers can identify the ingredients of this mathematical soup, they are potentially capable of predicting the output of the HRT. The reverse engineering process becomes easier when the hacker has access to the insides of the slot machine.

But just to deal with the secret arithmetic used by the machine for generating pseudo-random numbers - this is still half the battle. The input data of the HPL depends on the temporary state of the machine. The initial values ​​are different at different times, because the data comes from the internal clock. So, even if you understand the work of the HPC automaton, hackers need to analyze its game in order to calculate the patterns. It takes time and computer power, and working on your laptop in a casino is a great way to attract the attention of security.

The deception in Lumiere Place showed how Murat Blyev and his accomplices got around this obstacle. Upon learning what had happened in Missouri, casino security expert Darrin Hawke, who was then director of casino surveillance services at the Lauberge du la casino resort in Lake Charles, Louisiana, decided to conduct an investigation into the scale of the hacking operation. After talking with colleagues who reported on the strange behavior of machines and analyzing photos from surveillance cameras, he identified 25 potential operatives working in casinos around the world, from California to Romania and Macau. Hawke studied the hotel registration records and found out that two Bliev associates from St. Louis remained in the United States and traveled west to the Pechanga resort in Temecula, California. On July 14, 2014, agents of the California Department of Justice detained one of the Pechang operatives and confiscated four mobile phones and an amount of $ 6,000. No charges were brought against the detained Russian citizen, and his current whereabouts are unknown.

Mobile phones from Pechang, along with data from investigations in Missouri and in Europe, provided key details of the case. According to a security consultant from a Las Vegas casino, Willie Ellison, who has been tracking Russian hackers for several years, operatives use their phones to record a couple of dozen runs of the game they want to cheat. They upload video to technicians in St. Petersburg, analyzing video and counting patterns based on data on the operation of the HPM of this model machine. Finally, a team from St. Petersburg transmits a list of temporary markers for a specially written application on the phone of an operative. A quarter of a second before the operative has to press a button, they give him a signal through the vibration of the phone.

"The speed of human reaction is about a quarter of a second, so that's how it is set up," says Allison, the founder of the annual international conference on the protection of games. Temporary markers are not always correct, but the results can be achieved much more than usual. Individual scammers win over $ 10,000 per day. Allison notes that operatives are trying to ensure that the gain from one slot does not exceed $ 1000, so as not to attract attention. A team of four people, working in different casinos, can earn up to $ 250,000 per week.

Reusable business

Since there are no automata in Murat Bliyev’s home country, he did not stay in Russia after returning from St. Louis. He flew twice more in the United States in 2014, and the second visit began on 3 December. From the airport, he immediately went to St. Charles, where he met with three other people, trained to cheat Mark VI Aristocrat slot machines: Ivan Gudalov, Igor Larenov and Evgeny Nazarov. The quartet planned to spend the next few days attacking various casinos in Missouri and western Illinois.

Bliev did not have to return. On December 10, shortly after he was spotted at the Hollywood Casino in St. Louis, four scammers were arrested. Since Bliev and his accomplices worked in several states, the federal authorities accused them of fraud. Official accusations became the first serious obstacle in the work of the St. Petersburg organization. Before that, not even one of their operatives had been tried.

Bliyev, Gudanov and Larenov, citizens of Russia, agreed with the investigation and were sentenced to two years' imprisonment with subsequent deportation. Nazarov, a citizen of Kazakhstan who received religious refuge in the US in 2013, and is now a Florida resident, is still awaiting sentencing, which means that he is cooperating with the authorities. Representatives of Aristocrat say that one of the four defendants has not yet been convicted, because he "continues to assist the FBI in their investigation."

The information provided by Nazarov may be hopelessly outdated. Two years after the arrests, the operatives from the St. Petersburg organization became more cautious. Some tricks were uncovered last year, when the Singapore authorities caught and condemned the team: one of its members, a Czech citizen, Radoslav Skubnik, gave details of the organization’s financial structure (90% of revenue goes to St. Petersburg) and tactics. “They are now putting the mobile phone in a breast pocket, and hiding it behind the net, so that it does not need to be held in their hands,” says Allison. Darrin Hawk says that he received messages about the transfer of video to Russia via Skype, so they do not need to move away from the machines to download the video.

Apparently, fraudsters were convicted in only two cases, in Missouri and in Singapore, but some were also caught and expelled from individual casinos. The organization from St. Petersburg sends its operatives further and further. In recent months, at least three casinos in Peru have reported that they were deceived by Russian players who played behind the old Novomatic Coolfire slot machines.

The economic reality of the gaming industry is such that the organization from St. Petersburg is guaranteed to continue to flourish. There is no easy way to fix slot machines. As Hawk says, the producers of Aristocrat, Novomatic, and everyone else whose HPLs have been compromised, will have to "recall all the machines and replace them with something else, but they will not do it." Aristocrat stated that it was unable to “detect defects in games under attack,” and that the machines “are built and approved according to strict technical standards.” At the same time, most casinos can not afford to buy updated slot machines that use cryptographic encryption to protect mathematical secrets. And while the old, hacked machines still enjoy popularity with customers, the casino will be more profitable to use them further, taking periodic losses in favor of fraudsters.

So, the casino security services need to monitor the indirect signs of fraud. A finger that hangs over a button for too long may be the only sign that hackers from St. Petersburg are preparing for another win.