http://www.lasvegassun.com/sunbin/stories/sun/2007/dec/06/566653097.html By Liz Benston Las Vegas Sun December 06, 2007 High-tech thieves have discovered a new way to rip off slot machines - stealing more than $1 million from the Orleans before management shut down their computer-assisted heist. Gaming regulators say the crime - one of the largest in years - shows a vulnerability in casino security that could lead to new surveillance standards. The theft began in September 2006 and allegedly involved three slot workers who, over several months, manipulated software that prints slot machine payout tickets. They allegedly worked with two accomplices who posed as customers and cashed the tickets. One defendant, slot technician Seferino Romero, pleaded guilty last month and will be sentenced in Clark County District Court on Jan. 24. Felony theft carries a maximum 10-year prison term. His attorney, Jeffrey Segal, said his client didn't mastermind the heist and has agreed to pay restitution of $100,000. "I think that his actions subsequent to the conduct indicate that this is a person of good character who got caught up in something and realizes it was a mistake," Segal said. The Orleans incident shows that other casinos are similarly vulnerable to inside jobs by casino workers, security experts say. Employee theft - sometimes as simple as pocketing cash or chips - is a recurring problem in the cash-rich industry, which can corrupt the most trusted employees. Most crimes are not publicized by casinos and regulators are reluctant to discuss them for fear of tipping hieves to new techniques. Boyd Gaming Corp., which owns the Orleans, declined to discuss the particulars of this case, which is still in progress. "It could compromise the investigation" and assist other cheats, spokesman Rob Stillwell said. Four other defendants are awaiting arraignment next year on felony theft charges. The Gaming Control Board's enforcement chief says the Orleans incident was a new one to him, although it had a familiar ring to security experts. In this case, Orleans workers printed winning tickets on test machines in a back room, using software allowing the machines to mimic machines on the slot floor that had been turned off, investigators told the Sun. The tickets were for relatively small amounts - a few hundred dollars each - to escape the notice of casino bosses. Stealing from cashless machines is a new challenge for thieves. Casinos have turned from coin slot machines to ticket machines because they are easily played and maintained and had been considered more secure than old-generation coin slots, which skilled thieves could quickly compromise using mechanical tools such as magnets and metal wands. These newer thefts typically involve casino employees with access to sensitive areas of a casino's nerve center. And therein lies the problem - and the solution - for casinos. The slot technicians involved in the Orleans theft had appropriate access to the slot testing room but probably shouldn't have been allowed to tinker with the slot system that communicates with the machines on the floor without some interaction with other departments or higher-ups, said Jerry Markling, chief of the Gaming Control Board's enforcement division. The good news for casinos is that "these are no longer easy scams" and can mostly be defeated with "strong internal controls," Markling said. Michael Crump, a Fresno-based slot security consultant, said the Orleans case is typical of an emerging scam that is foiling casinos nationwide. Many casinos rely on manufacturers to create security clearances for casino employees to access their slot tracking software, said Crump, a former executive with Boyd Gaming in Las Vegas. But those casinos may lose track of what clearances those employees have, allowing them to exploit the system later on, he said. Typically, employees who steal have stumbled upon access they shouldn't have, he said. What's especially troubling for casinos is that some employees can cover their tracks by erasing transactions or signals that could red-flag auditors, he said. The theft came to light during last month's Gaming Control Board meeting, when regulators discussed and approved a request by the South Point to put slot machines in a relatively remote part of its casino. Regulators worried about surveillance and the casino offered to post either a security guard or a slot technician at the machines. At the meeting, board member Randy Sayre said ticket machines may not be as secure as industry executives would like to believe. "It's not just a matter of, we have got the room, we have the people to watch it, let's put (slots) out there," he said. "Technology is moving forward on us and the bad guys are getting smarter." Regulators are loath to discuss details of how slot machines can be exploited, but indicated that, in a general sense, surveillance of the slots is important. Regulators generally require surveillance cameras on remote machines, though regulations specify dedicated cameras only for big jackpot machines. Some casinos don't train cameras on machines that have been shut down. Cameras may not stop an actual theft but they can be used to watch employees who might be breaking some procedure by, say, not being on the floor when they should, Crump said. Still, security clearances, rather than surveillance, are the real culprit in this case, he said. Sayre says his concern isn't with the distance of any particular slot machine from the main casino floor but the possibility that with the spread of slot machines into remote areas, a casino's security staff could be spread too thin. He says a standard policy for surveillance of remote machines would help casinos and regulators combat crooks. Sayre wonders whether manning the machines with a gaming employee would be preferable to a guard, who is trained to spot underage gamblers but perhaps not as familiar with the technical aspects of the games and how they can be compromised by cheats. Casinos lose an estimated 6 percent of revenue to internal theft, which is chalked up as a cost of doing business, Crump said. Many thieves prefer to ply their trade at smaller casinos outside of Nevada with cruder security mechanisms, he said. But Las Vegas eventually attracts the most accomplished and polished criminals, who try their hand here "to prove they can get away with it." The Orleans scam was hardly the perfect crime, Markling said. "It was only a matter of time" before the thieves were caught because the casino's high-tech slot monitoring systems can detect deviations from the expected payout of any particular slot machine, he said. All contents copyright 2005 Las Vegas SUN, Inc. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Thu Dec 06 2007 - 23:35:01 PST