Alex was working as a freelance programmer and hacker when a Russian casino hired him to manipulate the RTP of some Novomatic slot machines. To do the job, Alex had to learn in detail about how these machines work internally. He also learned about PRNG (Pseudo Random Number Generators), how they work and how they are used in slot machines. The breakthrough happened when he had spotted that slot machines were using an insecure PRNG algorithm that might be predictable.
The true RNG uses electromagnetic noise to generate completely random and completely unpredictable values. The PRNG works in a different way. It starts with a predefined value and then mashes it with some other inputs to generate an infinite series of values. The output values of PRNG seem completely random and impossible to predict at first glance. However, if the PRNG uses a weak algorithm and you know exactly which one, then you may be able to predict the next random number.
Over the next few years, Alex was able to lay the foundations of what would become a very sophisticated operation:
- He reverse-engineered several popular slot games.
- He developed an algorithm that calculated the current PRNG parameters and predicted the results of future rotations based on two dozen rotations of a slot.
- He developed an iPhone application which used the predicted outcomes to tell the player when exactly to press the spin button to win.
- He hired tens of on-floor agents, who were tasked with milking casinos around the world for the following 6-7 years.
Alex estimates that during that time he and his team managed to make millions of dollars. The system he used, however, would not work in today’s casinos and online games, as they use true RNG systems to generate truly random results.
Was Alex’s system legal and morally acceptable?
Alex’s developed technique does not include any prohibited slot machine manipulations. His strategy was based on pure mathematics from his own observations, and thus can be considered a valid and clean “how to beat slots” strategy.
Many gambling experts consider his actions totally legal and morally acceptable. His strategy can be compared to card counting in blackjack, bonus hunting or advantage betting. Casinos are voluntarily putting slot machines in the field, and it is their problem if someone smart enough comes along that can predict the results and take advantage of it.
This strategy would not technically be illegal in many jurisdictions. So even if the casino security guards managed to catch one of their agents, they would just confiscate his winnings and ban him from further access to the casino.
However, casinos are huge businesses with plenty of money, and strong connections to local authorities. When the casinos discovered that there was an organized group using their slot machines as cash withdrawal machines, they no doubt pulled some strings.The authorities and casino lawyers were eventually able to find a crime that matched what this group was doing: “conspiracy to commit fraud”. Which resulted in the arrest of 4 Alex agents in Missouri in 2015 (who were later charged and sentenced to 2 years in federal prison).
This was the breaking point in the story, and one that led some agents to speak openly about the details of this scheme. The group probably eventually became known to most casino security officers around the world, and another arrest in Singapore followed.
- Alex’s attempt to work with slot manufacturers
Alex, recognizing that was becoming too risky for his agents to continue using this system, decided to make last attempt to use his know-how to make money. He contacted Aristocrat – the manufacturer of the slot machines he managed to compromise – directly. Hoping for an 8-digit reward, he offered his services in improving the PRNG (Pseudo Random Number Generator) algorithms and fixing all of the security issues. At the same time he threatened that if Aristocrat didn’t accept his offer, he would sell this sensitive information to their competitors. However, Aristocrat has refused to play his game, despite the fact that he has provided them with all the mathematical details about their vulnerability.
When Aristocrat turned down the offer, he decided to give it another go, and went a bit further by publishing the details of his story. He contacted a journalist who had already covered known facts about his story, and agreed to continue it, by publishing another article with new details.
There is quite a lot of evidence that Alex has managed to successfully apply his strategy on an outdated Aristocrat MK IV slot machine. Aristocrat itself recommends their customers now replace these machines. Despite that, there are still thousands of these machines in many casinos around the world. However, most casinos shouldn’t have any problem replacing them when necessary.
Alex claims (and there are some signals supporting his claim) that in 2009, he started to decipher the PRNGs (Pseudo Random Number Generators) of some older Novomatic cabinets. However, it is very likely that Novomatic managed to remove this vulnerability with a security update in 2011. Maybe this Novomatic patent for System and Method of Centralized Random Number Generator Processing from 2013 also had something to do with that.
He also claims that he managed to do the same with some machines made by Atronic.
By far the strongest claim from Alex is that he found a similar vulnerability for the Aristocrat Helix cabinet. Helix is one of their current models, so if Alex wasn’t bluffing, then Aristocrat may have an even bigger problem – especially if it is not possible to fix with a security update or minor chip replacement.
Anyway, even if Alex decides to publish more details about his algorithms, casinos will very likely turn off all affected slot machines before ordinary people have a chance to use this to their own advantage.
- Alex, a true story, or an urban legend?
There is a lot of indirect evidence that the story as described by Alex is true. Authorities wouldn’t have arrested and sentenced his agents in 2 countries if it wasn’t true. Novomatic wouldn’t have investigated slot machine manipulation, and wouldn’t have released security updates if it wasn’t true.
But don’t slot manufacturers have dedicated security specialists? How could these huge companies overlook such a vulnerability?
Unfortunately, security threats can be easily overlooked. This is even more likely for new and unknown types of attacks like this one. Even if there was some security manager in charge at the time, he was trained to mitigate only the threats that were known to him at the time. If the development team didn’t have a true expert on board who would be able to predict new vulnerabilities and raise his hand, then this PRNG (Pseudo Random Number Generators) threat could have been easily overlooked.
The regulators only required PRNG to generate a uniform distribution of generated numbers. This is what even simple PRNGs do. The unpredictability (cryptographic security) doesn’t have to be tested at all.
The PRNG concept sounds like something alien to most “business people”. They only care about a few things. They are satisfied when a slot machine:
- doesn’t crash,
- is liked by players,
- makes money.
Also, the software in slot machines often survives several generations of cabinets with just minor updates. And why change something that has worked without problems for the last 15 years, right? Therefore, it is quite possible that even many modern machines use parts of code from the early 90’s.