http://www.canada.com/national/nationalpost/news/story.html?id=a42827a1-3f66-4512-805e-10b308498393 Tom Blackwell National Post July 12, 2004 Canada's gambling industry has never been so large. In a two-part series, Post writer Tom Blackwell examines who's playing at slots, who's winning -- and why. Today, experts reveal how they think some players effortlessly cheat the system. - - - As the middle-aged mother from Illinois plunked away at buttons on the electronic poker machine, something unusual happened. The machine, usually so adept at parting gamblers from their money, fell under the spell of the player. The woman had manipulated the video lottery terminal at an Edmonton casino into letting her win on command, recalls Zues Yaghi, a computer programmer and gaming machine expert who watched the scene. "She had been doing it for four years and had put her kids through university, was driving a Mercedes 500. She was all decked out," Mr. Yaghi recalled. "She thought she was the queen of the underground.... It's so easy, so easy to run 10 grand from these machines." Mr. Yaghi says the woman was tapping into what he and some other experts call an "easter egg": a line of digital code allegedly embedded on to the machine's computer chip by rogue programmers, allowing informed players to cheat the games out of their booty. Mr. Yaghi reported the problem to gaming authorities after discovering it himself. But four years later, rather than being hailed a hero, he is living a legal nightmare over the issue, facing a $10-million libel suit filed by the American maker of the machine on which he first found an easter egg. Meanwhile, he and other experts allege that some compromised machines are still out there today, raising questions about the fairness of a diversion on which Canadians spend billions of dollars a year. "It's like the guy in the saloon ... slipping aces out of his sleeve," he says. "You're looking at whole rows, whole sections [of VLTs] and you see how many people are sitting there pumping money into it and you're seeing how many of them are senior citizens, how many are widows and you think 'There is no integrity here. This is a major problem.' " He alleges that Illinois woman was just one among an entire subculture of gamblers who know about the glitches and use them to illicitly enrich themselves. He said he has witnessed more than 40 people seek out and exploit easter eggs in casinos and believes they frequent gaming venues across North America. Mr. Yaghi said he has found five separate easter eggs in a selection of gambling machines. Although he discovered them in 2000 and some of the problems have since been addressed by manufacturers and gambling operators, he is convinced some are still ripe for the picking today. Other experts say they have also found evidence of the phenomenon. But gambling operators say such glitches, if they exist, are simply programming anomalies, not deliberately planted cheating mechanisms, and far less widespread than Mr. Yaghi and a handful of other experts maintain. "At the end of the day, it is software put out by human hand," acknowledged Bill Hennessey of Hi-Tech Gaming, Canadian distributor of the most popular line of gaming machines. "But there are tons of checks and balances to ensure it's all random and that you have just as much chance of winning as the person who comes after you ... There isn't much buzz about [easter eggs] in the industry at all." In Canada's largest gambling jurisdiction, Ontario's regulator and operator of slot machines both said they have found no such anomalies. Yet when Mr. Yaghi alerted gaming authorities in Alberta about the first easter egg, it touched off a flurry of activity. The province replaced 200 machines of the model affected, at the manufacturer's expense, while authorities in Michigan, Iowa and Illinois took similar action. At a casino in Detroit, a team manipulated a glitch like the one discovered by Mr. Yaghi, making away with a "very large" sum. "They were loaded for bear," Patrick Leen of the Michigan Gaming Control Board said at the time. Roger Horbay, a problem gambling and slot machine expert in Ontario, said he has noticed during visits to Ontario casinos the kind of anomaly -- such as buttons lit up on machines when they should not be -- that could indicate games equipped with easter eggs. Mr. Horbay, the owner of consulting company Game Planit Interactive Inc., has even had discussions with U.S. government officials about the potential security threat posed by the anomalies. A terrorist in the know could conceivably fund operations by cheating slot machines and leave behind no money trail, he said. Bob Haase, whose former company in London, Ont., produced electronic slot machines in the 1990s, said he has proof easter eggs do exist: He has created them. Mr. Haase had his own programmers install hidden codes in products he sold to a casino in the Caribbean as a special feature the casino operator could activate for the amusement of valued customers. "I said [to the casino owner], 'Don't tell anybody the sequence, for goodness sake, it's only for you, it's only for a special occasion. You're not cheating anybody, you're actually giving them four or five hundred bucks to keep playing.' " Whether slot machines are secretly programmed to cheat or not, the idea of programmers hiding features in software is nothing new. Many non-gambling video games have cheat codes that players trade among themselves or post on Web sites. Most major computer programs contain hidden bits of usually innocuous software, often touting the programmer's name, says Kevin Harrigan, a computer science professor at the University of Waterloo. There is even a Web site, called www.eeggs.com, that lists easter eggs found in everything from cellphones to electric coffee makers. "Would someone program them intentionally into a slot machine so, under a sequence of events that only they knew about, they would make money?" Prof. Harrigan asks. "I would say it's fairly reasonable to think that might happen." Mr. Yaghi said he became intrigued with the issue after an aborted attempt to develop an Internet casino. During testing of his online gambling software, he discovered one of his programmers had inserted an easter egg that would have let someone cheat. He later tried using similar manipulations on slot machines in Alberta and made his surprising discovery. Mr. Yaghi demonstrated the problem to the Alberta Gaming and Liquor Commission, starting with a machine loaded with 250 tokens. "It took me a minute and a half to empty it," he recalls. "So they pick another one and I empty that one in a matter of minutes. It worked out to $600." He proposed hiring himself out to examine all of the province's machines, and envisaged becoming a consultant to North America's many gambling operators. But he failed to come to terms with Alberta, and posted some angry messages on an Internet chatroom about the manufacturer of one machine he said was infested with an easter egg. The company responded with the lawsuit. He, in turn, has also sued Alberta Gaming and Liquor Commission and countersued the manufacturer. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Tue Jul 13 2004 - 03:25:08 PDT