Two-armed Bandits
February 7, 2017 12:47 PM   Subscribe

...the operatives use their phones to record about two dozen spins on a [slot machine] they aim to cheat. They upload that footage to a technical staff in St. Petersburg, who analyze the video and calculate the machine’s pattern based on what they know about the model’s pseudorandom number generator. Finally, the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button.
Russians Engineer a Brilliant Slot Machine Cheat—And Casinos Have No Fix
posted by griphus (53 comments total) 35 users marked this as a favorite
 
Not satisfied with only rigging elections.
posted by nubs at 12:53 PM on February 7 [4 favorites]


How is this fraud if counting cards isn't? They're not sabotaging the machines, they're not defeating any locks, they're simply playing the games better than their developers anticipated was possible.
posted by enn at 12:56 PM on February 7 [25 favorites]


Yeah the fact that they keep calling it a scam seemed to ring false to me? They're not selling you a counterfeit ring, they're pressing the button at the right times.
posted by Carillon at 1:01 PM on February 7 [10 favorites]


I'm surprised that slot machines are that honest.

If a pseudo random number generator is a problem, you'd think this would be a fairly easy fix unless it's somehow hardware based/hardwired. How odd.
posted by 2N2222 at 1:02 PM on February 7 [3 favorites]


I don't believe that it is fraud or cheating in any legitimate sense of the word. Casinos can still kick out and ban people who use this system--as they do for blackjack card counters--but AFAIK they're not breaking the law.
posted by Halloween Jack at 1:02 PM on February 7 [4 favorites]


Yeah, I don't really see the case for fraud here since they aren't tampering or anything like that. If a state had a specific statute banning any sort of technological aid, that would make more sense to me.
posted by wierdo at 1:02 PM on February 7 [1 favorite]


Halloween Jack: The article states that at least four people pled guilty to federal fraud charges.
posted by wierdo at 1:03 PM on February 7 [2 favorites]


It looks like the case is USA v. Bliev et al. in the Eastern District of Missouri, Case No. 4:14-mj-00224 if anyone wants to look up what the actual charges were. I know I'm curious.
posted by Copronymus at 1:05 PM on February 7 [1 favorite]


Yeah, I just read that far into it. I haven't been in a casino for many years, and I have no real idea of how the laws regarding use of cellphones work.
posted by Halloween Jack at 1:06 PM on February 7


I mean, really, if the casinos can have you charged with fraud for predicting the output of their insufficiently-random PRNG, why bother with the charade of randomness at all? At that point they might as well dispense with all of the fancy software designed to hit a specific payoff percentage while appearing random and just have some dead-simple payout rule, like you always win if you pull the handle on the hour, and then just arrest anybody with the temerity to take advantage of it.
posted by enn at 1:07 PM on February 7 [14 favorites]


"How is this fraud if counting cards isn't?"

One: they didn't do it through skill, but through technological enhancement. Counting cards is something that requires skill. Using a computer to count the cards for you does not. Getting good at timing button presses requires skill. A phone letting you know when to press does not.

Two: Under normal circumstances, they could be ejected from the casino and their name passed to other casinos on a blacklist (which is not always easy to enforce). In this case, however, by doing the actions across state lines, the feds were able to enter the picture.
posted by mystyk at 1:08 PM on February 7 [2 favorites]


The article states that at least four people pled guilty to federal fraud charges.

It's important to note that pleading guilty to charges doesn't mean the fraud charges would have flown in court or resulted in convictions.

I'm not a lawyer and don't know what constitutes fraud, but it seems to me like there's a difference between card counting and using computer aids.
posted by edeezy at 1:10 PM on February 7 [2 favorites]


I feel like if figuring out how slot machines work to make them pay out more if you're lucky at how you hit a button is fraud, then the way slot machines actually work, where they're set to pay out less than they take in is really, really fraud. I don't see how one side of this is legit and the other side is not.
posted by jacquilynne at 1:10 PM on February 7 [18 favorites]


All casinos have to do is put up signs saying any photography/video of the machines or tables is forbidden, right? Then, remove anyone caught doing so. Those places have cameras everywhere, so I can't imagine it would be all that difficult to catch.
posted by Thorzdad at 1:10 PM on February 7 [1 favorite]


“What they’ll do now is they’ll put the cell phone in their shirt’s chest pocket, behind a little piece of mesh,” says Allison. “So they don’t have to hold it in their hand while they record.” And Darrin Hoke, the security expert, says he has received reports that scammers may be streaming video back to Russia via Skype, so they no longer need to step away from a slot machine to upload their footage.
posted by griphus at 1:15 PM on February 7 [3 favorites]


Oh, here's the FBI press release on this. It sure seems like they just take it as self-evident that this is cheating, although the only specific charges they give are for international and interstate conspiracy. I guess since they pled guilty no one had to actually test the extent to which this is fraud vs. playing with additional information.
posted by Copronymus at 1:16 PM on February 7 [3 favorites]


They talk in the article about how people are now skyping in their colleagues which having their phones film out of their pockets, so getting better at being hard to detect with the cameras in casinos.

Also, having someone help you win by using computers seems obviously like cheating, and maybe there's a rule that cheating at casinos is fraud?
posted by ldthomps at 1:16 PM on February 7


Some casinos already have signs that indicate photography is forbidden. Related reading: The Eudaemonic Pie, Michael Larson.
posted by user92371 at 1:18 PM on February 7 [2 favorites]


Since slot machines (and casinos) are licenses to steal often from people who have gambling problems, I don't really have problem with card counting or this kind of shenanigans. I'd prefer all casinos go out of business.
posted by haiku warrior at 1:34 PM on February 7 [28 favorites]


Count me with those saying the real scam is the slot machines. This is a malignant technology that hijacks the neurobiological reward systems of susceptible individuals. It's ridiculous that our legal system should be serving as a protection service for this racket. Good for the hackers; I hope they can bleed the slot machine companies dry.
posted by biogeo at 1:37 PM on February 7 [39 favorites]


If a pseudo random number generator is a problem, you'd think this would be a fairly easy fix unless it's somehow hardware based/hardwired.

It would have to be reapproved by the regulators for one (I don't know about Aristocrat but our PRNGs were in software.) For an older title, especially one that I believe has a "Deluxe" edition recently out, it's cheaper to just pull them from the floor. I doubt Aristocrat is liable to the casinos but I could be wrong.

(I love Pelican Pete so much. Locked wilds with retrigger.)
posted by PMdixon at 1:41 PM on February 7 [2 favorites]


One: they didn't do it through skill, but through technological enhancement. Counting cards is something that requires skill. Using a computer to count the cards for you does not. Getting good at timing button presses requires skill. A phone letting you know when to press does not.

I'd argue that building a system to find and reverse engineer the patterns in the system and then allow you to press the button at just the right time takes a decent amount of skill. But how is using a computer more of a cheat than finding a way to do this without a computer like the Press Your Luck pattern memorization or card counting?

Casinos want you to think the machines aren't random - that there are 'hot machines' or some trick to beating the system. The same goes for cards. It's beneficial to the casinos for people to think that you can beat the house if you're good enough at the games. As soon as someone finds a way to make that come true the casinos go after them. I have less of a problem with a casino kicking out someone for trying this because they're trying to stay a step ahead, but I don't understand why it would be considered illegal as long as the machine itself wasn't altered or unlawfully entered somehow (like copying the code for analysis).
posted by Clinging to the Wreckage at 1:51 PM on February 7 [4 favorites]


This thread is interesting because it feels like straightforward cheating to me. If we're still defining slot machines as a game then in most games you're not allowed to send what you're looking at back to a central computer and then have the computer tell you when to hit the button. That's not to say I'm shedding many tears over the poor casino operators. But I also thought casinos should be outlawed until I read in that article that Putin outlawed all gambling which now feels incredibly creepy to me. I thought it was interesting how the effect of banning gambling was the re-routing of that energy into screwing up gambling around the world.
posted by bleep at 2:11 PM on February 7 [1 favorite]


If a pseudo random number generator is a problem, you'd think this would be a fairly easy fix unless it's somehow hardware based/hardwired. How odd.
posted by 2N2222 at 4:02 PM on February 7 [+] [!]


Speaking of 2N2222's ... I can think of a ~$0.39 fix that uses one.
posted by ZenMasterThis at 2:12 PM on February 7 [2 favorites]


having someone help you win by using computers seems obviously like cheating
It's only 'cheating' if you're not the casino.

If you are the casino, it's called "business"…
posted by Pinback at 2:14 PM on February 7 [6 favorites]


The slot machine is a mechanical aid to money extraction. It isn't a human dealing cards, which really ARE random. It's tough luck for the casinos that the other side has caught up with them in the mechanical arms race. Maybe they should go back to real games of chance and skill instead of mechanical money extraction.

It's hard to lose money by owning a casino. No matter how many "card counters" there are playing blackjack, they are far outnumbered by rubes and suckers losing everywhere else.

I just spent a week in Las Vegas at a trade show. The place repels me. I do not gamble even a nickel, because what they are doing to make money is so tawdry that I do everything I can not to support it. I have never even bought a lottery ticket, another scam.
posted by Repack Rider at 2:23 PM on February 7 [3 favorites]


Maybe the Russians going after casino profits will finally make Trump see the light on Putin.
posted by spitbull at 2:24 PM on February 7 [1 favorite]


It's hard to lose money by owning a casino.

And yet Trump did!
posted by spitbull at 2:24 PM on February 7 [16 favorites]


Why is it cheating for me to use a computer to play a game against a computer? If I was fast enough to hit the pattern just with my hands and eyes would it be ok or still cheating? I guess I don't see the difference.

What if I found out that the 19th scratch off lottery ticket in a roll of a certain kind always pays out and then I bought the 19th ticket every time? That's similar to the same kind of vulnerability and didn't require a computer to figure out so is it cheating or does it just mean they should get better at their randomization?
posted by Clinging to the Wreckage at 2:31 PM on February 7 [2 favorites]


You might not agree with the logic, but there are statutes specifically about using an external device to gain an edge. If you're counting cards in your head, they can kick you out. But if you're counting with a computer aid, they can arrest you.
posted by hwyengr at 2:40 PM on February 7 [3 favorites]


If a state had a specific statute banning any sort of technological aid, that would make more sense to me.

You mean, like Missouri Revised Statutes, section 313.830?
4. A person commits a class E felony ... if the person: ...
(3) Uses a device to assist in any of the following:

(a) In projecting the outcome of the game;

(b) In keeping track of the cards played;

(c) In analyzing the probability of the occurrence of an event relating to the gambling game; or

(d) In analyzing the strategy for playing or betting to be used in the game, except as permitted by the commission;
posted by DevilsAdvocate at 3:06 PM on February 7 [2 favorites]


If we're still defining slot machines as a game

Ah, perhaps that's the point of difference.
posted by biogeo at 3:38 PM on February 7 [1 favorite]


4. A person commits a class E felony ... if the person: ...
(3) Uses a device to assist in any of the following:
(a) In projecting the outcome of the game;
(b) In keeping track of the cards played;
(c) In analyzing the probability of the occurrence of an event relating to the gambling game; or
(d) In analyzing the strategy for playing or betting to be used in the game, except as permitted by the commission;


Isn't the casino using slot machine devices to do most (if not all) of those?
posted by imelcapitan at 3:47 PM on February 7 [3 favorites]


The government isn't protecting casinos -- they ARE the casinos. Most casinos' profits are dwarfed by the taxes (on the handle, hold, wages of workers, food and beverage sales tax, room tax and pre-tax income) they generate. Indian casinos, which often have lower tax rates, reduce tribal unemployment and direct their surplus into tribal and reservation services that would otherwise increase government spending.
posted by MattD at 3:56 PM on February 7 [1 favorite]


Maybe the Russians going after casino profits will finally make Trump see the light on Putin.

Keep in mind that casinos are ideal places to launder money.


It's hard to lose money by owning a casino.

And yet Trump did!

And that a casino which is laundering a lot of money has some extra challenges when it comes to earning a profit which it can show.
posted by jamjam at 4:31 PM on February 7 [2 favorites]


How is this fraud if counting cards isn't? They're not sabotaging the machines, they're not defeating any locks, they're simply playing the games better than their developers anticipated was possible.

It's cheating because it's not possible to conduct the scheme without using devices -- a computer and timers. You can count cards with nothing but your brain. You're allowed to try to outthink the machine your own biological self, but nearly all gambling jurisdictions have specific laws like the Missouri statute cited upthread forbidding the use of mechanical assistance with the game. And yes, these statutes would also make the Roulette predictors in The Eudanomic Pie illegal too.

When I was casino hounding I actually considered this exact scheme, but another thing about it is that it requires completely reverse engineering the machine's firmware -- not just the RNG but the scheme by which RNG outcomes are mapped to reel results. It is pretty much impossible unless you have taken apart an identical machine and spent a fair amount of effort analysing it. In the US you can't just order a slot machine from eBay. Katrina offered what might have been an interesting opportunity with all that hardware scattered around the Gulf Coast landscape, but by then I was well past the temptation to break laws to show the casino a taste of its own medicine.

Given a few results, which are actually snapshots of the RNG state as it cycles say 1,000 times a second (not personal knowledge, but several authors have written that this is a standard way of doing it in the industry) bearing in mind that you don't have precise control over the timing of the sample-taking, it would require some pretty good computing power (well it would have been pretty good in the 1990's when I was thinking this through) to use those samples to work out exactly where the machine is in its RNG cycle. Then you have to conduct the well timed spins. All of this requires not just a computer but most likely communication with an outside team doing the analysis and timing.

All of that is way different from card counting, which involves no hardware other than your eyes and hands. It is actually not trivial to prove someone is counting cards; the usual way of detecting it is to look for bet spreading, since to make money you have to bet high when the count is good and back off when it's unfavorable. But lots of superstitious losers also vary their bets, and the only way to verify that someone is varying their bets based on the count is to be able to count yourself, something most casino organizations strongly discourage their employees from learning.

On the other hand, if you're wearing a bunch of concealed computers and data relays when they pat you down, it's pretty cut and dry.

All that said, a part of me is glad that someone did this, because I always thought it would be possible and a few people thought I was a bit nuts when I outlined how the scheme would work. It's nice to be vindicated without having to go to a bunch of illegal effort to do it.
posted by Bringer Tom at 4:46 PM on February 7 [9 favorites]


This is a malignant technology that hijacks the neurobiological reward systems of susceptible individuals.

This describes the majority of consumer products.
posted by lazycomputerkids at 5:00 PM on February 7 [3 favorites]


From TFA: At the same time, most casinos can’t afford to invest in the newest slot machines, whose PRNGs use encryption to protect mathematical secrets

Well this is some bullshit. The dividing line isn't encryption, it's that newer machines use 64-bit RNG's. That substantially elevates the computational requirements. At 1,000 samples per second a 32-bit RNG goes through its entire cycle in about 50 days. (This means that a typical 90's era huge-jackpot machine like Megabucks would be ready to spill the big jackpot for one millisecond every month and a half.) But a 64-bit machine would take 500 million years to repeat its cycle, and if you're using that 64-bit number to determine a relatively small result space on each spin the number of samples you'd need to determine your place in the cycle would be similarly astronomical.
posted by Bringer Tom at 5:04 PM on February 7 [7 favorites]


Came to mention The Eudaemonic Pie as a prior example of a similar technique but see it's already been mentioned multiple times. So, uh, go read it if you haven't; it's a good book with a decent tale to tell.
posted by mosk at 5:13 PM on February 7


In case anyone is wondering, card counting isn't the only completely legal advantage play technique; the next most common (which is to say not very commonly done with success, but possible) is roulette "clocking." In this case you sit at the roulette wheel and write down all the results, which is a thing a lot of obsessive-compulsive players do anyway, but you take the results home and crunch them looking for anomalies. It's possible for roulette wheels to become flawed; for example the "fret" the ball lands on for a number might be loose so that it absorbs energy, and the ball is a little more likely to stay there if it lands there than it is on other numbers. Of course wheels are well maintained in most places for good reasons, and it takes days of data to determine whether a wheel has a flaw. So you might spend months or years looking for an opportunity.

Back in the day I did hear of one guy who spent years clocking the roulette wheels on the Gulf Coast, and when he finally hit gold they allowed him to play for an entire shift before shutting the wheel down and rigorously servicing it. I think he made a couple of hundred thousand dollars that night. But it took him years of observation and analysis to identify the opportunity, and of course by exploiting it he alerted the casino to the problem. That dynamic is one reason casinos don't mind roulette clockers even though the method has been known since well before Ed Thorpe figured out how to beat blackjack.
posted by Bringer Tom at 5:15 PM on February 7 [5 favorites]


A precedent for "clocking" is treated in Mlodinow's The Drunkard's Walk if you're interested. Great posts. You hacked Tomy's Blip's single player option as a kid, didn'cha?
posted by lazycomputerkids at 5:20 PM on February 7


The dividing line isn't encryption, it's that newer machines use 64-bit RNG's. That substantially elevates the computational requirements.

I think "encryption" here a hand-wavey reference to the use of cryptographically secure RNGs, which would indeed be the best defense against this kind of attack.
posted by We had a deal, Kyle at 5:35 PM on February 7 [2 favorites]


Given a few results, which are actually snapshots of the RNG state as it cycles say 1,000 times a second (not personal knowledge, but several authors have written that this is a standard way of doing it in the industry) bearing in mind that you don't have precise control over the timing of the sample-taking, it would require some pretty good computing power (well it would have been pretty good in the 1990's when I was thinking this through) to use those samples to work out exactly where the machine is in its RNG cycle.
Great background - thanks.

I'd love to see a detailed writeup on how modern slot machine actually work. As someone who knows a tiny bit about probability theory and nothing at all about gaming, I'd have naively imagined that they'd do away with timing entirely and just generate, or draw from a list of, random numbers with each pull that map directly onto outcomes. It seems like a lot of work to do some complicated timing-based selection thing when you know everything about the statistics of the result anyway and could just draw a single random number for each outcome. Or is there some rule that enforces the importance of the player's specific action in pressing a button? (In this specific case, I suppose it makes the attack much easier, unless you use that spare computation and person-effort to do other more sophisticated things to the RNG output.)
posted by eotvos at 5:48 PM on February 7


The interesting thing to me in this article is that Putin outlawed slot machines. If anyone visited Russia in the early 2000s they'd have seen flimsy, temporary "casinos" around every metro station in Moscow, and in public spaces generally in Russian towns.

It seemed to me that many of the common spaces in Russia had been designed by Communist planners without the expectation that there would be shops, stalls, kiosks etc, so when market forces were unleashed, the kind of real estate that would have been very expensive in the west (lots of foot traffic, near transport) was completely unprepared for commerce, and as a result, there were a lot of second rate buildings built. The casinos were a big part of this (along with kebab shops, kiosks that sold mainly beer).

For all his misdeeds, in banning the slot machines Putin has removed one of the blights on Russian society.
posted by claudius at 5:51 PM on February 7 [1 favorite]


Well this is some bullshit. The dividing line isn't encryption, it's that newer machines use 64-bit RNG's.

There's a bit more to it than that, since a pseudo random number generator can have a very long period and yet be easy to predict. A 64-bit LCG will have a huge period and yet be vulnerable to a number of attacks that will allow the prediction of future values. (LCGs are also not very good statistically, but even statistically better generators like the Mersenne Twister can be easy to predict).

But, simple to implement cryptographically secure random number generators have existed for a long time (see chacha20 for a good modern example-- it can be implemented in about 80 lines of C). It's worrisome that the machine makers do not actually say what PRNGs they're using: if they were using cryptographically secure ones there would be no need to hide it.

Like, lets say they had implemented RC4 as their random number generator: at one time (prior to 1995) this would have been considered secure. These days RC4 is considered broken, but the latest 2015 attack against it still needs on the order of a billion observations (9*2^27) and takes 75 hours. Based on the Wired article, the slot machine hackers need only a few minutes of observing a slot machine, and a fraction of an hour of computation.

Together, these suggest that the manufacturers did not consider the security of their PRNG at all, and just used an LCG or Mersenne Twister.
posted by Pyry at 7:19 PM on February 7 [3 favorites]


4. A person commits a class E felony ... if the person: ...
(3) Uses a device to assist in any of the following:

(d) In analyzing the strategy for playing or betting to be used in the game, except as permitted by the commission;


So if I use a blackjack strategy card that was generated by a computer doing a Monte Carlo simulation to determine expected value of each play, has that been permitted by the commission or am I breaking the law in Missouri?
posted by fedward at 7:40 PM on February 7 [1 favorite]


You're allowed to try to outthink the machine your own biological self, but nearly all gambling jurisdictions have specific laws like the Missouri statute cited upthread forbidding the use of mechanical assistance with the game.
The fact that the goverment wants to draw this distinction is going to be a problem in the long term. I don't have a computer in my head, but the computer close to my head is essentially a part of my own self already at this point. This comes up more often in contexts like requiring passwords to unlock personal data when crossing borders, so it's interesting to see it in the context of gambling. There's all kinds of complex policy tradeoffs with border security; gambling is much more simple.

Anyway, the actual best solution to the technical problem here is a hardware random number generator. They come standard in pretty much every Intel CPU these days, or one can be built from a few cents of parts using an open design like this one. http://chaoskey.org/.
posted by joeyh at 7:52 PM on February 7 [1 favorite]


I hope they turn this into an app.
posted by turbid dahlia at 8:33 PM on February 7 [1 favorite]


Together, these suggest that the manufacturers did not consider the security of their PRNG at all, and just used an LCG or Mersenne Twister.

It somewhat amuses me that the possibility exists that I take more trouble setting up an SSH key for an hour's remote work. Don't worry guys/gals/others on the dev team, it's not like the PRNG in this is a mission critical bit of kit or anything.

I do wonder if specific machines are being targeted due to hw/sw design flaws though, and of course if they are nobody is going to be mentioning that to the press. In particular, if there is actually some model of HRNG that is flawed, or sw that was non-obviously flawed when combined with somehow surprisingly predictable seeds. Even Debian ran into that issue, although the Debian patch was a little more WTF.
posted by jaduncan at 2:47 AM on February 8


Neat! This reminds me of the guy who beat Press Your Luck by memorizing the patterns, apparently a gentleman named Michael Larson.
posted by Mrs. Pterodactyl at 7:14 AM on February 8


Oh hell he was mentioned already, I did read that thread before commenting but I didn't know the name I just knew him as the Press Your Luck guy so sorry about that.
posted by Mrs. Pterodactyl at 7:14 AM on February 8


  Anyway, the actual best solution to the technical problem here is a hardware random number generator

Although I suspect the real reason they don't is that slot machines have to be auditable by the various gaming boards in order to guarantee percentage payouts. HWRNGs can't produce the repeatable results, by design. I suspect gaming boards might even prefer shorter period PRNGs so that real tests could be used in certification rather than simulations.
posted by scruss at 8:34 AM on February 8


Thorzdad: "All casinos have to do is put up signs saying any photography/video of the machines or tables is forbidden, right?"

Completely unenforceable. There are way to many ways to hide a lense.
posted by Mitheral at 9:40 AM on February 8


« Older 1. g4 d5 2. f3 e5 3. d3 Qh4 4. Kd2 h5 5. h3 hxg4...   |   Doesn't this make you the real Nazi? Newer »


This thread has been archived and is closed to new comments