
Russians Engineer a Slot Machine Cheat and Casinos Have No Fix (2017) - lando2319
https://www.wired.com/2017/02/russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix/
======
lb1lf
I have a hard time deciding whether I really think this scheme qualifies as
fraud or not; after all, the machines are initially rigged to give the owner
an edge (obviously, otherwise slot machines would be few and far between!)

As long as the player is not manipulating the machine, only observing it and
exploiting a known weakness negating and then some the edge the owner had, I'd
say if slot machine operators cannot live with that, they need to upgrade
their machines, not expect The Law to help them out.

~~~
codingdave
I had the same thought, so looked up the laws - the difference between
counting cards and this trick is that they are using both external devices and
other people to help. If they could get the timing correct solely with their
own observation, it would be legal.

~~~
warent
I'd be curious to know where the line is drawn for something like cybernetic
implants

~~~
coldtea
If the casinos see you winning too much, they throw you out, no explanation
given.

~~~
dnautics
that's different from being arrested.

------
jacquesm
Weird how the police and the federal officers allow themselves to be used to
protect the business interests of the lowlifes that run casinos. If they can't
keep their stuff secure enough that it can't be scammed then maybe they should
simply shut those machines down?

After all, it's not as if a casino has a right to be profitable.

~~~
eesmith
There are a few responses I can think of. It may be that all of them are true.

The law protects what is legal. I may consider bar owners to be lowlifes
profiting on alcohol addicts, but the police will protect their business
interests and disregard my belief.

If they don't, then someone is going to step into that power vacuum. That's
how you get organized crime.

The state makes money off of casinos, and bars, and brothels (in NV), and
gambling, and other activities often called "lowlife." It's hard to cut off
that sweet, sweet money supply once it starts.

------
Rjevski
I am really disappointed that the law is against those people. If the casinos
are allowed to scam people by making it look like you are playing a fair game
while it's not (the machine is configured to give an advantage to the house),
it should be allowed for a skilled player (like someone who found a
vulnerability in the machine) to scam the casinos the same way.

~~~
gkoberger
Casino games are highly regulated, and nobody is forced to play. Everyone who
plays knows the odds are against them.

~~~
warent
Nobody is forced to play, but there's a lot of human psychology hacking that
the casino employs to get people to gamble more.

Takeaway: Hacking humans is legal. Hacking a casino algorithm? Stop right
there criminal scum.

~~~
gkoberger
Well, gambling isn't legal in many states. And both the way they're made and
way they're advertised is heavily regulated. I'd say it's a bit dramatic to
say "hacking humans is legal". (I mean, it is legal via ads, but even those
are regulated to a certain extent)

~~~
maxerickson
There's lotteries or live gaming everywhere but Utah and Hawaii.

------
Splines
I'm surprised to learn that pressing the "stop spin" button actually makes a
difference - I had assumed that your results are calculated and fixed when the
spin starts, and stopping it is just cosmetic. Why risk the house edge by
allowing users to pick when to stop your spin.

------
robbiet480
Previous submission:
[https://news.ycombinator.com/item?id=13579353](https://news.ycombinator.com/item?id=13579353)

------
lindig
The loophole is that the state of the pseudo random number generator is
observed (indirectly) and used for predictions. What if slot machines would
use a real source of randomness? I assume that this would cause difficulties
with the licensing process for these machines because the "fairness" of the
machines would be harder to prove.

~~~
bluepnume
I wouldn't think so. Whatever random result you get, you can bound it to make
sure the probability works in your favor a fixed proportion of the time,
right?

`if (pseudoRandom() < 0.57) houseWins()` gives the same payout as `if
(trueRandom() < 0.57) houseWins()` for all intents and purposes; the only
difference is the former is more predictable to people trying to game the
machine.

~~~
kbenson
I think the licensing requirements for these machines are strict enough that
they want reproducibility in the testing, which would be one reason to require
pseudo-random numbers instead of real random numbers.

I imagine they might just simulate a million transactions and test the
outcome. If it falls outside of expected probabilities, they can dive deeper,
and also have a pseudo-random seed to fall back on to figure out if it was
just randomness or something is broken or configured to do the wrong thing.

~~~
jacquesm
That's exactly the reason why they use PRNGs.

------
anotheryou
Why not seed a few more things in to the random numbers like temperature and
noise?

Both should be hard to measure exactly the same outside the casing, hard to
control and when done right should only add randomness.

Bringing heaters and timed, stealthy noise-generators should be difficult :)
Also past noise should influence the future randomness.

~~~
maxerickson
The phone is recovering the internal state of the PRNG, different
initialization wouldn't stop that.

~~~
LeoPanthera
This is certainly not my field of expertise, but I would guess that regularly
re-seeding the RNG with environmental information would prevent that attack.

------
acqq
The title on HN at the moment ("Engineer finds...") doesn't match the article,
and distorts the original. Should be fixed by the mods. Also (2017).

There's no "an engineer" who "finds" anything but "engineer" as a verb, the
title is: "Russians Engineer a Brilliant Slot Machine Cheat---And Casinos Have
No Fix" which means something like "Russians design a cheat" or "Russians
construct a cheat."

On the topic of "casinos have no fix", it seems that the casinos have FBI
protecting them and the other ways of control, which is obviously enough of a
fix for them.

~~~
Rjevski
This seems to only be a fix for the greedy people that keep coming back and
raise suspicion. A casual player that cheats once and cashes out would be
undetected.

~~~
acqq
> A casual player that cheats once

Obviously doesn't exist in the case like this: it is an organized effort
depending on specific steps and now that the technique is known, it's easy to
detect such attempts by the casinos. If the casinos would estimate that the
danger is too big to them they would have stopped using these models or
consider some kind of upgrade, so they are obviously OK.

------
Theodores
Wired's presentation of the article was wasted on me. I invested the time to
read but didn't get there in the end. If you are on article 1 of your 4 free
ones you expect better than adverts breaking up your reading flow all the
time. Also this style of writing is dated, if you are reading a book then a
chapter of setting the scene is okay but for the web you wonder if they are
ever going to get to the point or even tell you the story. I didn't bail out I
just got bored.

I can't imagine paying for more than the four free articles. I don't think the
subscription model is strictly broken but I can't see publications like Wired
lasting forever in an age where information wants to be free.

~~~
Jyaif
Wired is total garbage anyways.

~~~
dang
Maybe so, but please don't post unsubstantive comments to HN.

