[ISN] 'Easter egg' cheats cracking casinos?

From: InfoSec News (isn@private)
Date: Tue Jul 13 2004 - 01:28:27 PDT


Tom Blackwell 
National Post 
July 12, 2004

Canada's gambling industry has never been so large. In a two-part
series, Post writer Tom Blackwell examines who's playing at slots,
who's winning -- and why. Today, experts reveal how they think some
players effortlessly cheat the system.

- - -

As the middle-aged mother from Illinois plunked away at buttons on the
electronic poker machine, something unusual happened. The machine,
usually so adept at parting gamblers from their money, fell under the
spell of the player.

The woman had manipulated the video lottery terminal at an Edmonton
casino into letting her win on command, recalls Zues Yaghi, a computer
programmer and gaming machine expert who watched the scene.

"She had been doing it for four years and had put her kids through
university, was driving a Mercedes 500. She was all decked out," Mr.  
Yaghi recalled.

"She thought she was the queen of the underground.... It's so easy, so
easy to run 10 grand from these machines."

Mr. Yaghi says the woman was tapping into what he and some other
experts call an "easter egg": a line of digital code allegedly
embedded on to the machine's computer chip by rogue programmers,
allowing informed players to cheat the games out of their booty.

Mr. Yaghi reported the problem to gaming authorities after discovering
it himself. But four years later, rather than being hailed a hero, he
is living a legal nightmare over the issue, facing a $10-million libel
suit filed by the American maker of the machine on which he first
found an easter egg.

Meanwhile, he and other experts allege that some compromised machines
are still out there today, raising questions about the fairness of a
diversion on which Canadians spend billions of dollars a year.

"It's like the guy in the saloon ... slipping aces out of his sleeve,"  
he says.

"You're looking at whole rows, whole sections [of VLTs] and you see
how many people are sitting there pumping money into it and you're
seeing how many of them are senior citizens, how many are widows and
you think 'There is no integrity here. This is a major problem.' "

He alleges that Illinois woman was just one among an entire subculture
of gamblers who know about the glitches and use them to illicitly
enrich themselves. He said he has witnessed more than 40 people seek
out and exploit easter eggs in casinos and believes they frequent
gaming venues across North America.

Mr. Yaghi said he has found five separate easter eggs in a selection
of gambling machines. Although he discovered them in 2000 and some of
the problems have since been addressed by manufacturers and gambling
operators, he is convinced some are still ripe for the picking today.

Other experts say they have also found evidence of the phenomenon.

But gambling operators say such glitches, if they exist, are simply
programming anomalies, not deliberately planted cheating mechanisms,
and far less widespread than Mr. Yaghi and a handful of other experts

"At the end of the day, it is software put out by human hand,"  
acknowledged Bill Hennessey of Hi-Tech Gaming, Canadian distributor of
the most popular line of gaming machines. "But there are tons of
checks and balances to ensure it's all random and that you have just
as much chance of winning as the person who comes after you ... There
isn't much buzz about [easter eggs] in the industry at all."

In Canada's largest gambling jurisdiction, Ontario's regulator and
operator of slot machines both said they have found no such anomalies.

Yet when Mr. Yaghi alerted gaming authorities in Alberta about the
first easter egg, it touched off a flurry of activity. The province
replaced 200 machines of the model affected, at the manufacturer's
expense, while authorities in Michigan, Iowa and Illinois took similar

At a casino in Detroit, a team manipulated a glitch like the one
discovered by Mr. Yaghi, making away with a "very large" sum. "They
were loaded for bear," Patrick Leen of the Michigan Gaming Control
Board said at the time.

Roger Horbay, a problem gambling and slot machine expert in Ontario,
said he has noticed during visits to Ontario casinos the kind of
anomaly -- such as buttons lit up on machines when they should not be
-- that could indicate games equipped with easter eggs.

Mr. Horbay, the owner of consulting company Game Planit Interactive
Inc., has even had discussions with U.S. government officials about
the potential security threat posed by the anomalies. A terrorist in
the know could conceivably fund operations by cheating slot machines
and leave behind no money trail, he said.

Bob Haase, whose former company in London, Ont., produced electronic
slot machines in the 1990s, said he has proof easter eggs do exist: He
has created them. Mr. Haase had his own programmers install hidden
codes in products he sold to a casino in the Caribbean as a special
feature the casino operator could activate for the amusement of valued

"I said [to the casino owner], 'Don't tell anybody the sequence, for
goodness sake, it's only for you, it's only for a special occasion.  
You're not cheating anybody, you're actually giving them four or five
hundred bucks to keep playing.' "

Whether slot machines are secretly programmed to cheat or not, the
idea of programmers hiding features in software is nothing new. Many
non-gambling video games have cheat codes that players trade among
themselves or post on Web sites.

Most major computer programs contain hidden bits of usually innocuous
software, often touting the programmer's name, says Kevin Harrigan, a
computer science professor at the University of Waterloo.

There is even a Web site, called www.eeggs.com, that lists easter eggs
found in everything from cellphones to electric coffee makers.

"Would someone program them intentionally into a slot machine so,
under a sequence of events that only they knew about, they would make
money?" Prof. Harrigan asks. "I would say it's fairly reasonable to
think that might happen."

Mr. Yaghi said he became intrigued with the issue after an aborted
attempt to develop an Internet casino. During testing of his online
gambling software, he discovered one of his programmers had inserted
an easter egg that would have let someone cheat.

He later tried using similar manipulations on slot machines in Alberta
and made his surprising discovery. Mr. Yaghi demonstrated the problem
to the Alberta Gaming and Liquor Commission, starting with a machine
loaded with 250 tokens. "It took me a minute and a half to empty it,"  
he recalls. "So they pick another one and I empty that one in a matter
of minutes. It worked out to $600."

He proposed hiring himself out to examine all of the province's
machines, and envisaged becoming a consultant to North America's many
gambling operators. But he failed to come to terms with Alberta, and
posted some angry messages on an Internet chatroom about the
manufacturer of one machine he said was infested with an easter egg.  
The company responded with the lawsuit. He, in turn, has also sued
Alberta Gaming and Liquor Commission and countersued the manufacturer.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Tue Jul 13 2004 - 03:25:08 PDT