

US lottery security boss charged with fixing draw - goodcanadian
http://www.bbc.com/news/technology-32301117

======
matheweis
This is a duplicate of:
[https://news.ycombinator.com/item?id=9371517](https://news.ycombinator.com/item?id=9371517)

------
tptacek
The defense here has their work cut out for them:

* Employees of the Multi-State Lottery Commission are not allowed to play the lotto _at all_.

* This guy runs infosec for the Multi-State Lottery Commission.

* He is on camera buying what turns out to be a $14MM winning ticket.

* The prize for that ticket was claimed by a Belize-registered company the day before the ticket was to expire.

* The defendant was more or less caught modifying the camera settings for the safe room for the lotto-generating computer systems _specifically for the day he was in that safe room_.

The rest of the stuff about "rootkits" and "USB drives" and other theories of
the crime seem like a red herring. The winning ticket is a smoking gun. Even
if, in violation of the rules of his job, he'd played the lotto _every day of
his life_ , it would still be so statistically overwhelmingly likely that the
ticket was bogus that no reasonable person could acquit. But I'm guessing it's
going to turn out that this is one of the only times since he got the job that
he played lotto.

------
gameshot911
I'd be curious how the state picked up on it. Sure there'd be evidence of the
crime...if you knew to look. If not, it's just another win, and seemingly
normal offline PC, and a few abnormal bytes of video storage out of the
thousands and thousands of otherwise benign hours of footage. There must have
been a tip off, or some other abnormality.

I highly doubt that info is forthcoming though, unless the state is forced to
disclose it at trial. Gov probably doesn't want to give away its secrets.

Also, can't help but wonder if the guy would have gotten away with it had
recruited someone else. Buying the ticket himself was a stupid idea if true,
since the ticket can be traced to the machine it was purchased on and at what
instant, so it's trivial to ask for the store surveillance footage. And having
a company incorporated Belize claim the ticket at the last second would also
raise eyebrows. But if he had recruited a trustworthy accomplice with no
immediate connections, it would have been just another person claiming a
prize.

~~~
dmix
This type of behaviour would set off alarm bells at the lottery company for
sure:

> The ticket Tipton has been accused of buying went unclaimed for almost a
> year, until Hexham Investments Trust, a mysterious company incorporated in
> Belize, tried to claim the prize through Crawford Shaw, a New York attorney,
> hours before the ticket was set to expire in 2011.

> Lottery officials refused to release the prize because those behind the
> trust declined to give their identities, which is required under Iowa law.
> Shaw asked officials whether Hexham Investments could claim the money and
> then turn it over to the state to be given out for charity. Lottery
> officials rejected the offer and said the prize winner must accept and
> distribute the funds.

> Shaw withdrew the claim to the prize in January 2012. At that time, Iowa
> Lottery officials asked the Iowa Attorney General's Office and Iowa DCI to
> investigate.

They don't hand $14m out without making sure the buyer is legit - - and an
attorney claiming it on a behalf of a foreign company is definitely worthy of
investigation.

~~~
exelius
See, all of this makes me wonder how smart this guy actually is. It feels like
he had a half-baked plan, but being a security chief for the lottery, he
should have known all of the checks they have to go through before someone can
claim a prize.

It seems like this type of scheme is really, really hard to pull off because
of financial records retention requirements. No matter what you do, the money
trail will catch up with you. Unless you're a drug cartel laundering billions
through HSBC. Then you get away with it because the scale is so audacious, the
justice system doesn't have any way to deal with it without taking down the
global financial system.

~~~
tptacek
I think we can all safely come to the conclusion that he is not very smart.

------
vonklaus
> If found guilty of the two charges of fraud, Mr Tipton faces up to five
> years in jail and a fine of up to $7,500.

5 years is certainly non-trivial, but that is the maximum sentence. If you
could only serve half of the maximum sentence, 2.5 years in prison and $7,500
does not seem like a steep penalty for a $14 million fraud.

~~~
ianlevesque
That penalty seems surprisingly just to me actually. Sure, the amount would've
been large if he had escaped with it, but this doesn't sound like a criminal
that we should lock up for many years to remove him from society. He could go
on to live a long productive life even with this stupid crime in his past.

------
leot
Good thing nothing like this could have happened with electronic vote
tabulators.

------
ufo
I wonder if there is a way to make a more transparent RNG system that can be
verified to be fair by the public. Maybe something involving clever crypto
like zero-knowledge-proofs?

~~~
imglorp
There are some bitcoin lotteries if you search around. One simple method is
players all propose a number, and then at choosing time, compare to the hash
of the last blockchain transaction. They might be able to automate the
wagering and payout parts too.

~~~
ufo
Isn't that liable for manipulation by bitcoin miners? Why not use some other
public source of randomness instead?

------
pjsullivan3
This is only the start of the corruption thats going on in the lottery. I'm
the CEO of Jackpocket which is a mobile lottery app that we've been building
pretty quietly. We're trying to bring the lottery into 2015, but a big part of
our mission is bringing more transparency to the lottery and holding states
more accountable to where to funds flow. I'm sure a bunch of you have seen the
John Oliver video. The lottery has had a lot of dirty stories behind it.
Really needs to be cleaned up because at the end of the day a lot of states
need the revenue for social services.

Shameless promotion: If anyone is interested in giving our beta a try you can
go to [http://get.jackpocket.com](http://get.jackpocket.com) for iOS or go to
www.jackpocket.com on your Android device to download the APK

