February 21st, 2017
As reported by Wired Magazine, it’s not just the American Presidential elections that the Russians have allegedly been hacking. Casinos the world over have caught on to a group of hackers traveling the world on behalf a Russian entity aimed at manipulating brick-and-mortar slot machines and stealing millions from the world's biggest casinos.
In 2014, the Lumiere Place Casino in St. Louis, Missouri suspected its slot machines were being manipulated to pay out more than the software running them should have allowed. This was just the tip of the iceberg as casinos all over the world began noticing the same patterns and ultimately realized they were all subject to a massive hacking operation.
The scandal centres around older machines designed by Australian firm Aristocrat Leisure, such as Star Drifter or Pelican Pete. The Lumiere security team observed the suspected hacker playing these particular games while holding his smartphone to the screen. He would then leave and return to the same machine, which would then pay out thousands of dollars.
The casino reported this incident to the Missouri Gaming Commission, who are in charge of regulation for the state. It found several other land-based casinos had experienced the same style of attack, and eventually identified one of the men involved as Russian national Murat Bliev.
It transpired that Bliev was employed by a St. Peterburg-based company as part of a casino cracking crew. These companies bought up a lot of slot machines in a fire sale when Russia outlawed gambling in 2009, in the hope of cracking the Random Number Generator (RNG) and learning how to anticipate it.
By 2011, it appeared that someone had managed to do so, at least with one particular brand of slot machines. Brick-and-mortar casinos in Europe discovered machines built by Austrian firm Novomatic were paying out improbable winnings. After an internal investigation, the company released a statement, stating that:
"Through targeted and prolonged observation of the individual game sequences as well as possibly recording individual games, it might be possible to allegedly identify a kind of ‘pattern’ in the game results."
How can someone preempt a slot win if it’s generated at random? The issue that both Novomatic and later Aristocrat Leisure faced, is that slot machines do not use True Random Number Generators (TRNGs), but instead rely on Pseudo-Random Number Generators (PRNGs).
TRNGs are based on random physical acts, such as static or radioactive decay, but because slot machine software is coded, it can be also be cracked. PRNGs are based on a seed number, which is then entered into a formula based on input factors of the slot machine.
Working out this mathematical equation would take some doing, but is made infinitely easier if you have access to a slot machine so that it can be taken apart and reverse-engineered. This is what the Missouri Gaming Commission came to believe had happened. However, knowing the formula and being able to manipulate it are two very different things.
After hearing about the Missouri Gaming Commission investigation, Darrin Hoke, the director of surveillance at a casino in Louisiana, decided to investigate further. He uncovered a deep web of operatives that had been scamming slot machines across the globe, from Romania to Macau.
However, this criminal enterprise made a fatal mistake by remaining in America. In 2014, Hoke was able to tie two men to Bliev himself, and discovered that these accomplices were staying at the Pechanga Resort and Casino in California. The California Department of Justice stepped in, and took $6,000 from the pair, as well as a number of mobile phone devices.
Darrin Hoke was not the only security consultant following the Russian gangs. One of his Las Vegas peers, Willy Allison, managed to work out how the crew were conning the land-based casinos for such large amounts of cash. They used the smart phones to record themselves playing the targeted slot machine.
This video footage was then sent to a technical team, most likely based back in St. Petersburg, who used computers and the reverse-engineered PRNG to calculate the seemingly random pattern. The team would then send their operative in America a list of timing markers that would pinpoint exactly when they should spin the slot reels.
Custom apps were found on the recovered phones that would vibrate 0.25 seconds before they needed to play. The timing is not random, as Allison notes, "the normal reaction time for a human is about a quarter of a second, which is why they do that."
Although the plan was not fool-proof, overall these slot machines were paying out to the Russians far more than anyone else. From the behaviour recorded at the Lumiere and other casinos, Allison believed that the Russians would quit one machine after winning $1,000 before moving on to the next, to try to avoid alerting the casino that something was wrong.
Even still, it’s estimated that each crew member was making around $10,000 per day. This meant that a team of four were potentially earning $250,000 a week. With that sort of temptation, it is little wonder that Bliev returned to the US.
After his stint in St. Louis, Murat Bliev returned to Russia, but since gambling was illegal in his native country, there were no slot machines to scam. He returned to America in 2014, specifically to Missouri.
With the state’s gaming commission having put all casinos on alert, it was not long before he and his cohorts Ivan Gudalov, Igor Larenov, and Yevgeniy Nazarov, were recognised.
Due to the international nature of the crime, he was swiftly arrested by federal authorities, who pinned him on conspiracy to commit fraud. With the exception of Nazarov, who helped the FBI, the others were imprisoned and then later deported.
After the arrest of one of its crew members, the elusive St. Petersburg organisation started taking more precautions. With advancements in technology, the con also mutated. Encrypted internet calling services meant that the Russian operatives no longer needed to hold their phone to the machine or step away to upload the video feed, making them harder to identify.
Yet the casinos and slot machine makers are almost powerless to stop them. Those targeted companies like Novomatic and Aristocrat Leisure use PRNGs like many other slot developers, although the more expensive and modern slots now encrypt the information contained inside. The older machines however still pass rigid regulations and technical tests, and casinos simply cannot afford to replace them.