It’s December 2014. Four Russian nationals are indicted by the U.S. federal government for using electronic devices to cheat slot machines. According to the indictment, the defendants engaged in a conspiracy to cheat at least 10 casinos in Missouri, California and Illinois using the mysterious devices.
The story broke without much fanfare. No big deal. Nothing to worry about. Everything is under control.
It might just be that this is the scam of the century. The start of a new wave of casino cheating that most of us never imagined and none of us are prepared for. It’s so new that it doesn’t have a name, so I’m going to call it “whacking”—hacking with a W (for win) in front of it. I guess it was only a matter of time before hackers took their attention away from stealing Target shoppers’ identities or selfies of naked celebrities.
The information available on the details of the scam is limited to the public, which in this day and age is par for course when it comes to big casino cheating cases. The FBI is not saying much, the casinos are not saying much and of course, the manufacturers are not saying much. To the defense of some, the devil in the detail has not been released yet, quite simply because how the devices work is not exactly clear.
This is what we publicly know. According to information on the FBI website, the devices were used to predict the behavior of certain slot machines from several major slot manufacturers. By communicating with a foreign server, the devices allowed the defendants to predict the behavior of the vulnerable games and obtain winnings from the games that far exceeded what would be expected from fair play.
OK, can I buy a word on this explanation? “How” would be good. I’m no Xbox guy. I’m more of an Atari guy. How does a device predict the behavior of a slot machine? Can computers get to know other computers and then get them to do things they don’t normally do?
The question of how these mysterious devices work is the hot topic of the day in the world of casino game protection. Actually, it’s been the question of the day for about four years now, since casinos around the world started suspecting and observing strange activity by players using devices in their slot machine areas. Little snippets have been coming out of Europe and South America about how groups were winning on slot machines while at the same time spending a lot of time on their cell phones.
It just didn’t look right, but the crooks were smart. They kept their winnings to smaller amounts to avoid any management or regulatory scrutiny as they went from casino to casino searching for the vulnerable machines, the way lions look for weak antelope.
What We Do Know
Casinos around the world have been hit by this scam for at least four years. Estimations for losses are in the millions. A group of more than 20 suspects has been identified to be involved in the scam.
The devices look like normal cell phones. The crooks stand next to particular machines for a period of time appearing to be recording the machine. The crooks leave the casino, then return to play the machines. They win constantly. Small amounts. Large frequency.
In some cases, surveillance video has revealed that the cash-out button on the machine would flash very rapidly during odd times (not consistent with normal operations). One property reported seeing the cash-out button flash rapidly as the suspect approached the machine.
On average, the crooks cash out a ticket every 20 minutes. Financial examination of machines hit can show a daily hold percentage variance of between 50 percent and 400 percent.
A theory floating around is that their consistent use of a cell phone coupled with the fact that none of the suspects were observed manipulating the games directly by touching them could indicate the use of wireless technology. If this is the case, we are in deep doo-doo.
It’s Under Investigation
The indictments of the four Russians is the start of a process in which we, the casino industry, will continue to monitor to learn more about the potential threats to slot machines in the future. It should also be pointed out that the arrests of the crooks were the result of great casino surveillance work and a combined effort from law enforcement agencies in the U.S. But this is only the beginning. The investigation is ongoing.
Due to obvious sensitivity, it is best that we tread cautiously when reaching conclusions on this threat. I do not wish to jeopardize the investigation, so some information has been withheld from this article. Instead, I will be co-facilitating an open industry discussion on the threat of high-tech slot cheating devices at this year’s 10th Annual World Game Protection Conference (March 2-4 at the M Resort in Las Vegas).
The question of how these crooks are using technology to cheat our technology needs to be answered and disseminated to the casino industry as quickly as possible. Over the last 10 years, we in the business of protecting casino games have learned that when organized groups of crooks get together with passports, a bankroll and a new scam, they can steamroll casinos around the world and make a lot of money before the industry, regulators and law enforcement agencies can get all their ducks in a row.
An example of this is the “Tran Organization” false shuffle scam, the largest organized cheating scam in U.S. history. More than 29 casinos across the country were hit by a group of over 40 cheats. It took five years before an arrest was made, even though the scam was detected by casinos within the first year after its conception. It’s estimated that casinos across the U.S. lost over $50 million while authorities dotted their i’s and crossed their t’s.
What makes this scam even more scary is that if wireless technology is being used to cheat casinos, our slot machines are sitting ducks. Most casinos have hundreds of them, if not thousands. Admittedly, they don’t get the same attention as table games. For years game protection efforts have focused more on table games because of the human aspect.
Slot machines have largely been monitored electronically through a networked real-time alert system. Surveillance departments select slot machine activity that warrants attention, like invalid entries and jackpots, and one person will monitor the system, reacting accordingly if an alert goes off. Generally, regardless of whether a casino has 100 machines or 5,000 machines, surveillance often only has one person dedicated to responding to machine alarms.
In essence, slot machines have traditionally been self-monitoring, unless a surveillance operator happens to be scanning the area.
The other factor that makes a wireless attack against our slot machines so scary is the “no-hands” factor. We’re taught to watch players’ hands. Has anyone in gaming ever seen a player cheat without his hands? If surveillance does happen to be looking in the slot machine areas for people using devices, they’re looking for suspicious hands. If wireless technology is being used, cheats can simply put their devices in their pockets and stand around drinking the casino’s complimentary beverages.
The final factor that puts this scam over the top is unlike other multimillion-dollar casino scams of the last decade. This one doesn’t require collusion with staff from the inside. Imagine the potential if staff did collude.
I may have mentioned previously that I’m not exactly a Wozniak when it comes to computers and what their potential is. But who is? When researching this story, I find most of the so-called experts or people I thought are into this stuff are on the fence when it comes to the potential of wireless technology being able to manipulate computers.
I have heard stories of similar technology being used to exploit ATMs. If remote controls can change my channel, open my garage door and progress my Powerpoint slides, why couldn’t a device be used to change the meter on a slot machine? Am I being paranoid here? Slot machine manufacturers: Please tell me, could this happen?
What Should We Do?
My intention is not to be unnecessarily alarming or overdramatic, but to raise awareness within the industry. This scam is a reminder if not a wake-up call to what may lay ahead.
Last year, Las Vegas Sands casinos fell victim to hackers because they didn’t like what Sheldon Adelson said. The hack cost the giant casino organization millions, and all the bad guys made was a statement. Imagine what a group of highly motivated, technically skilled individuals could do if they wanted to make cold, hard cash.
Regardless of how these mysterious devices work, we can’t ignore the threat. We don’t have enough time to get our whats, wheres, whos, hows, whens and whys together. We have to be proactive and acknowledge that casinos are getting whacked by a well-organized, well-funded group of criminals that have found a way to beat our slot machines without lifting a finger.
It goes without saying that the first thing we need to do is increase surveillance of slot machine areas. The obvious tells are frequent cash-outs, little or no actual play and standing near machines for extended periods of time with hands in pockets. Watch the credit meters. Are they incrementing without reason?
Study the numbers. Check the financial records of the slot machines on a regular basis. Look for abnormal hold percentages, especially on the the vulnerable machines.
If you are a surveillance director and you haven’t already, make sure you are a member of a credible online international surveillance network. Whenever there’s an opportunity to attend a forum of surveillance professionals sharing information, do it. It is important to understand that a lot of cheating devices are manufactured and developed in Europe and Asia. Often, those markets are test beds for cheating devices, so tapping into international intelligence networks is essential if you are to stay one step ahead of high-tech cheating teams that may pay a visit to your property.
Until we know the truth on these devices (maybe we won’t?), we should be conducting our own research and investigations into the threat of wireless technology in gaming. It’s not hard to come to the conclusion that if this type of device can exploit particular machines, then this type of technology could probably be developed to exploit other types of slot machines.
What about the hybrid electronic machines? What about the electronic equipment on our tables like shuffle machines or intelligent shoes? What about our player marketing databases?
Gaming machines or equipment are an important part of our business. Like our customers and employees, we should be analyzing their weaknesses as well as their strengths.
This is a wake-up call for all gaming and surveillance managers. Technology and products are being moved on and off the gaming floor more frequently nowadays. It’s just the upgrade-every-year world we live in. Think about the volume of slot machines that are bought and sold every year. Think about where your equipment came from and who made all the parts.
Think about how it is difficult and probably impossible to test for every possible threat. Think about how busy and understaffed you are. Now think about all those unemployed people with computer programming degrees. Maybe we should hire them.