
Use a Software Bug to Win Video Poker? That’s a Federal Hacking Case - bcn
http://www.wired.com/threatlevel/2013/05/game-king/
======
tzs
> But the casino had been suspicious, and Kane didn’t collect the last win

Bad move!

This reminds me of Louis Colavecchio. He made quite a lot of money off
Atlantic City casinos using counterfeit slot machine tokens. The casinos
_KNEW_ they were being ripped off by a counterfeiter, because their token
counts at the end of the day were coming in consistently high, but they were
stymied because they could not tell which tokens were counterfeit. That made
it hard to even get started tracking their origin. Even the token
manufacturers were not able to determine which of a set of tokens were
authentic and which were counterfeit. [1]

Colavecchio's downfall came one day when he was playing a machine, and it
jammed, eating his token. He simply moved to the next machine, and continued
playing. That caught the attention of the guard watching that row of machines
on the security camera. These machines were something like $10 or $25 per play
machines. When a legitimate gambler has a token of that value eaten by a
machine, they don't just let it go and move on to another machine. They report
it and make a fuss until they get their money back. The guard realized that
one person who would just move on would be the counterfeiter--he would not
want to draw attention to himself by making a fuss, and psychologically would
think of his tokens as only worth a few cents and so would not be upset at
losing one.

With that lead, they were able to watch Colavecchio and get enough evidence to
nail him.

[1] Years after Colavecchio was caught and convicted, his counterfeit tokens
remained in circulation in Atlantic City casinos, because they never did
figure out a way to tell which were real and which were Colavecchio's.

~~~
rurounijones
Wow, while this may be acting on stereotypes but I am surprised and have to
hand it to the security guard who worked through that train of logic on the
fly.

~~~
veidr
I happened to know several security guards and bouncers when I was young -- a
lot of them really are gifted when it comes to noticing anomalies in
individual and crowd behavior.

Bartenders, too.

------
lifeformed
This is like watching game speedrunners exploit glitches in the game to get a
better time, and then hearing laypeople complain about it not being a "real"
run. If it's all done within the context of the system, then it's fair.

In game speedruns, the context is: "Beat this game as fast as possible with
the following restrictions (no cheats, 100% completion not necessary, etc)
using the provided input system."

If I go to a casino, the context of playing a slot machine is: "Put real money
into this machine and press buttons on it until you run out of money or
leave." There aren't any implicit rules like, "some combination of button
presses are not allowed".

Let the player have his money, patch the bug and move on.

~~~
gfodor
The catch with this case is that the game involved is overtly a simulation of
a physical game, and the only purpose of the simulation is to increase the
efficiency for the casino to let more players play a known physical game more
quickly, not to change the nature of the game itself. You can make the case
that places where the simulation diverges from the physical game were clearly
unintended and should be obvious to players to be bugs, not part of the rules
of the game, and hence unfair for gamers (or, likewise, casinos) to exploit
since they were stepping beyond the bounds of fair play.

I'm not sure how strong this argument is but it's clearly different than just
saying it's like a speedrun. Just because the medium is virtual doesn't mean
you aren't entering into a implicit contract to play by the rules of poker.

~~~
caf
This kind of single player "video poker" has nothing to do with the rules of
actual poker.

~~~
gfodor
Can you elaborate what you mean by "nothing?" Why do they call it video poker?

The point is that insofar as the game replicates poker one can basically use
that as a way to identify the difference between a "bug" and a "odd game
rule."

~~~
pommefrites
Well, for one thing the "double up" option is not a part of standard poker.
More conspicuously, physical poker involves a high degree of
observation/manipulation/etc of human opponents and that is not a part of
video poker.

~~~
gfodor
I understand but this is less than "nothing."

Yes you remove the human element and change some betting rules but at its core
video poker is a simulation of physical poker. The parent doesn't have much of
a point other than being overly hyperbolic to discount the reality that there
is certainly an argument that this was a bug and hack since the exploit sits
clearly outside the realm of the game of poker.

------
dugmartin
He didn't use the bug to win but rather change the payout. If it was a logic
bug causing him to win against the machine I would say he was fine, however
this bug allowed him to change the payout amount, which is fraud. It is really
no different than if the machine printed out the amount on a ticket and he
forged a different amount on it before he turned it in.

~~~
LanceH
Flip the scenario:

I bet on the Giants -3.5. Oh, the casino has taken advantage of my
misunderstanding of -3.5. They have escalated access to my money based upon my
mistake. Have they committed fraud? Do I get my money back? Do I get to change
my bet after the fact? Of course not.

They put out a machine which was giving away money. The guy did nothing other
than put money in the machine and push the buttons.

If Vegas had to return all the money to the gamblers who made mistakes, it
would just be a desert again.

~~~
mmanfrin

        I bet on the Giants -3.5. Oh, the casino has taken advantage of my misunderstanding of -3.5. 
    

False equivalency. This isn't the casino saying 'hey, we don't know what 820-1
means', this is the guy saying to the casino 'hey, you thought that was a 2-1
win but it was _really_ a 820-1 win' when it wasn't.

To fix your analogy, it would be if the Casino had -3.5, but when it came time
to collect, they told you it was actually -350. That would also be fraud.

~~~
jerf
This is another one of those places where analogies hurt more than they help.
You can come up with an analogy to mean whatever you want here, so that's not
helpful, and it's not like anybody's confused about what happened.

(It's like I was in a car, and I was betting I could make the jump over the
bridge, but while I was in midair the police moved the bridge...)

------
hughw
If you discover a reproducible flaw in a blackjack game -- the card shuffler
at a certain table isn't random -- is there a penalty for that? Because just
having a computer in the mix doesn't seem like it really changes the moral
equation.

~~~
format
Blackjack already has a reproducible flaw, it is called card counting. It is
not illegal, but casinos frown upon it and often ban people who are suspected
of card counting. I would argue that noticing and exploiting a flaw in the
blackjack card shuffler falls along the same lines. You are using meta-
knowledge to reduce the house edge. But this is not what Kane did, he didn't
alter his chances of winning, he altered the payout.

The real argument is not if pushing the buttons in the right order is
cheating, but is it hacking? That issue seems to come down to whether or not
there was an escalation of access. Did those button presses give him
unauthorized access to data? He exploited a flaw to alter the payout of the
game, and that is at the very least fraud. If we are using your blackjack
analogy this is like he somehow Jedi mind tricked the dealer to change the
payout for a 21. If I used a software exploit to get a bank computer to double
my money I have no doubt that would be seen as hacking. So how is the gambling
machine different?

~~~
9999
This reads like fraud to me.

From the article:

"Now when Kane returned to Triple Double Bonus Poker, he’d find his previous
$820 win was still showing. He could press the cash-out button from this
screen, and the machine would re-award the jackpot. Better yet, it would re-
calculate the win at the new denomination level, giving him a hand-payout of
$8,200."

To me it seems analogous to placing a $1 bet on a table game, then swapping
the $1 bet for a $10 bet if your wager paid out. That kind of cheating/fraud
is fairly commonplace (and dealers are trained to prevent it).

~~~
tantalor
Fraud implies deception. You can't defraud a machine because it can't be
deceived.

~~~
adamio
The jackpot is hand paid, so I think its defrauding the casino staff that
verifies the payout?

~~~
tantalor
I agree, now that I think about it. Claiming the reward is based on winning
the game, but the payout is due to a bug (which the casino is not aware of)
and not a win, so it is a deception (fraud).

When I was a teenager, an ATM once reported my checking account balance had a
few extra thousand dollars in it. Withdrawing that money would be fraud, even
though it was a computer error. Luckily I was not a stupid teenager and I left
it alone. The next day it was back to the correct value.

------
vinhboy
My goodness. This is such baloney. How are you going to get charged with
hacking for something like this.

If anything, you can blame the guy for not being moral and telling the casino
about their mistake, but he is definitely not required to.

It's the casino's fault, or the game creator, for putting out a buggy game.
They should be happy to have discovered the problem and just fix it.

Should I be allowed to sue vending machine owners every time my candy doesn't
drop?

~~~
spinlock
re: the morality of the situation. this guy lost a million dollars in one year
playing video poker. That's an addiction and it is certainly amoral to allow
someone with a gambling addiction to play in your casino. In my opinion, any
moral obligation goes away when the other side is taking advantage of your
addiction.

~~~
danielweber
Although I do think that this guy crossed a legal line, there's no doubt that
the casino would love to have him right up against that line as hard as
possible.

------
danielweber
I have this feeling that the other shoe is about to drop, and we're going to
find out something big is missing from the reporting, they they had a friend
working at the company.

Also, this logic:

 _“All these guys did is simply push a sequence of buttons that they were
legally entitled to push.”_

is very annoying. You can describe any illegal action as innocuous. I'm not
saying this case deserves to be hacking (IMHO if you learn, say, that the
sequence of cards resets every 256th turn through, more power to you), but
this is a weak argument.

~~~
smsm42
Not that weak. Imagine you had computer chess instead of computer poker, and
imagine you discovered that if you play black and choose some special kind of
Sicilian defense, the computer plays very weakly because of the bug in the
algorithm and your chances of winning are greater. Is that illegal now? Would
it be illegal if you played chess with human (for a wager) and knew he's weak
at certain positions and specifically played for those? Using opponent's
weakness in the specific area of the game to win is a very common thing in
sports, not making it illegal in casino setting is a very strong argument IMO.

Doing something like magnets is different of course because it violates
implicit assumption of the playing on the machines, but just pressing buttons
is not.

~~~
danielweber
If he outsmarted the poker-logic, I'd say great for him. If the game always
shuffled two aces next to each other, that would be fine knowledge for him to
use.

He didn't use something like that, though. The payout was supposed to be $820
and by messing with the denominations he got it to be $8,200.

~~~
sneak
No, by the very rules of the game (the code), the payout was supposed to be
$8200, and the machine dispensed it accordingly.

To impose criminal liability upon someone because they didn't make the
assumption that the programmer/casino/manufacturer really meant for something
else to happen instead is an exceptionally dangerous state of affairs.

Weev is doing 41 months right now for conspiracy to commit unauthorized access
and identity fraud (possession of a list of email addresses) because his team
spidered a website run by AT&T. AT&T themselves said that there was no crime
and no damages, and said in court that they (AT&T) were the ones who published
the data on the web.

The US Attorney felt differently, and now he's in federal prison for a few
years while we try to sort out his appeal.

This is what happens when you make someone who requests data or a system state
change criminally liable for that independent, autonomous system responding
with data or changing to that state by its own software's defined operation.
It's a blatant misapplication of responsibility.

~~~
evandijk70
The rules of the game are not in the code. If the bug would be the other way
around, where it would suddenly payout 82$ if you'd press this sequence of
buttons, the casino would definitely return the money.

~~~
pbhjpbhj
> _the casino would definitely return the money_ //

It's different. The casino provided the game.

It's like giving money to strangers. If you surprise them by giving them money
that's OK, it's your money. If you surprise them by stealing from them, that's
not OK.

So a game that surprises you by giving more winnings than expected is fine; a
game that suddenly reduces the winnings by taking some of the money you've won
is not fine.

Or another way: Sometimes I feel generous and forgo a customer the decimal
part of their bill to save them trying to find the money or if they haven't
enough, that's fine, it's my "game". I can't decide to take their change
though.

When the giving more is built in to the game, so you play it a a particular
way and the you win more, that's just a game that you're winning.

------
mrb
Fascinating. This reminds of the true story of a group of friends who won
nearly a million dollars by reverse-engineering video poker machines and
finding flaws in the pseudo-random number generators used to select random
cards. These people have given anonymous interviews and an entire description
of their adventure to Kevin Mitnick for his book The Art of Intrusion. They
also claim to have never been caught, thanks in part to the fact they stopped
exploiting it after they won "enough" money! [http://www.amazon.com/Art-
Intrusion-Exploits-Intruders-Decei...](http://www.amazon.com/Art-Intrusion-
Exploits-Intruders-Deceivers/dp/0471782661)

------
thehigherlife
Here is an interesting anecdote. From the author of the article's wikipedia
page.

His best-appreciated hack was a takeover of all of the telephone lines for Los
Angeles radio station KIIS-FM, guaranteeing that he would be the 102nd caller
and win the prize of a Porsche 944 S2.

When the Federal Bureau of Investigation started pursuing Poulsen, he went
underground as a fugitive. When he was featured on NBC's Unsolved Mysteries,
the show's 1-800 telephone lines mysteriously crashed

<http://en.wikipedia.org/wiki/Kevin_Poulsen>

~~~
apawloski
For future reference, footnote-style notation [1] can significantly improve
the clarity of your comments on sites that don't use markdown.

[1] <http://www.google.com>

~~~
thehigherlife
I updated the post to strip some of the unnecessary links, thanks for the
heads up.

------
eykanal
This is going to be tough to argue from a hacking standpoint. IANAL, but a
quick perusal of some of the hacking-related legislation shows that almost all
federal definitions of "hacking" involve "without or exceeding authorization
"(See sections (1)(a), (1)(b), and (1)(c) in the Computer Fraud & Abuse Act
(CFAA) [1]). A definition of that phrase is provided at length in this
pamphlet [2] put out by the Department of Justice Cybercrime division.
Specifically, from the first document (section (e)(6)):

> the term "exceeds authorized access" means to access a computer with
> authorization and to use such access to obtain or alter information in the
> computer that the accesser is not entitled so to obtain or alter

and from the second (section A.2):

> The term “without authorization” is not defined by the CFAA. The term
> “exceeds authorized access” means “to access a computer with authorization
> and to use such access to obtain or alter information in the computer that
> the accesser is not entitled so to obtain or alter.”

Later in the same section, it states:

> Prosecutors rarely argue that a defendant accessed a computer “without
> authorization” when the defendant had some authority to access that
> computer. However, several civil cases have held that defendants lost their
> authorization to access computers when they breached a duty of loyalty to
> the authorizing parties, even if the authorizing parties were unaware of the
> breach. [...] Some of these cases further suggest that such a breach can
> occur when the user decides to access the computer for a purpose that is
> contrary to the interests of the authorizing party. See, e.g., Citrin, 440
> F.3d at 420 (defendant’s authorization to access computer terminated when he
> resolved to destroy employer’s files); ViChip Corp. v. Lee, 438 F. Supp. 2d
> 1087, 1100 (N.D. Cal. 2006) (same); NCMIC Finance Corp. v. Artino, 638 F.
> Supp. 2d 1042, 1057 (S.D. Iowa 2009) (“[T]he determinative question is
> whether Artino breached his duty of loyalty to NCMIC when Artino obtained
> information from NCMIC’s computers.”).

Not sure what to make of that, as again, IANAL. Still, this is definitely not
hacking in the traditional legal sense.

[1]:
[http://energy.gov/sites/prod/files/cioprod/documents/Compute...](http://energy.gov/sites/prod/files/cioprod/documents/ComputerFraud-
AbuseAct.pdf)

[2]: <http://www.justice.gov/criminal/cybercrime/docs/ccmanual.pdf>

~~~
ChuckMcM
Understand that the Justice department pamphlet is how they would _like_ it to
be interpreted but how it is _actually_ interpreted is based on case law. And
they provide the case law that supports their interpretation.

It will be interesting if that language gets stricken from the CFAA because it
will significantly blunt this particular tool in the governments toolbox.

That said, I expect that this case will find for the defendant on the grounds
that the Casinos put those machines in, they agreed to pay out any winnings.
That there was a bug was IGT's issue. So the casinos will then have their
losses covered by IGT's errors and omissions insurance.

------
jjjeffrey
I really don't like trying to judge this case with analogies to non-electronic
gambling. It's not a terrible way to start thinking about the issue, but taken
too far it allows someone to come up with almost arbitrary conclusions.

Rather, I think it's best to judge this by what a certain outcome would do to
the greater picture.

(And now to argue for my own interpretation, which happens to use the above
argument.)

I was in the middle of writing what I thought was a pretty interesting
argument, when I realized...

Why the hell is the federal government even getting involved in this? I mean,
I know why, but it has nothing to do with them. This is (or should be) a case
about what constitutes fair play at a casino. Jumping into this and flexing
the CFAA just seems beyond ridiculous.

~~~
205guy
I like this argument. When looking at the other analogies (ATM giving you too
much cash, cashier giving you wrong change, etc), the missing detail is that a
casino is sort of a morality-free zone for money when you think about it. The
casino is given a license by the state to offer losing odds to customers, thus
guaranteeing the casino a (statistical) advantage (and the gov't a cut of the
profits). In other words, the casino is allowed to exploit people's greed and
credulity that they can beat the odds.

And so, if there is no money-morality at a casino, I don't see why casino
patrons shouldn't be allowed any exploit of whatever games the casino offers
(card counting, bug exploits, etc)--barring of course any threats or injury to
people. If the dealer doesn't shuffle the cards or the game has a bug, up to
the gambler to take advantage of it until the casion fixes it.

So by this reasoning, creating counterfit tokens at a casino would be
considered fair-play. I actually don't see that as a problem--it does not
affect legal money supplies so why should the feds or states prosecute it. Up
to the casino to protect itself and develop secure tokens. I don't see why the
feds were involved in that case either (of course, I understand under the
current laws).

In my hypothetical world, he only thing the government should be regulating
are the taxes (on winnings by both sides) and the non-money aspects of
casinos, such as ensuring personal safety. It's not allowed for the patron or
the casino to threaten or hurt anyone based on any money transactions. Casinos
can exclude patrons by refusing to allow them to play, but they can't
physically interfere with them.

------
DanBC
> _Much of the cheating the Technology Division deals with comes from
> professionals, who will buy a used game machine, put it in their garage and
> plumb it for vulnerabilities._

> _“They are looking to explore how they can exploit the machine from a
> mechanical standpoint,” says Jim Barbee, chief of the division. That means
> physical hacks aimed at the coin hopper or the bill reader. Software
> vulnerabilities like Kane’s are nearly unheard of._

Someone should sell them a fuzzing suite.

------
caf
It's fun to speculate how this bug might have come about.

My suspicions are that each sub-game maintains separate state about the last
game played, but that the wager amount and "has the win been paid" flag
variables are global, shared between all games. When the double-or-nothing
option is disabled, wins are paid immediately; but when it's enabled, that
flag doesn't get set until the user either declines to double up or the result
of doubling-up is determined. This leaves a window for the user to switch
games, changing the wager in the process, and have the payout recalculated
because the win has not been paid yet.

------
ssharp
I'd expect that there would be some some central database of these machines
that track their incoming and outgoing money that all the casinos feed their
data into. It would seem crazy that this type of activity would go undetected
to the tune of several hundred thousand. Even if payouts were tracked locally,
it should have been a huge red flag. Unless the tracking that is sent over (or
compared locally against baselines) is based off of in-play data and the
amount exploited in the bug was never properly reported.

------
jmharvey
IANAL, but I have thought a lot about what constitutes cheating at gambling,
as opposed to legal advantage play, and I think this is cheating. The key
distinction, for me, is that the machine is not a game in and of itself, but
an interface for offering multiple games.

(For those who didn't read the article, the scheme basically involves playing
game A at the minimum wager until you get a big win, then switching to game B
at a higher wager until the game B reaches a certain state, and then switching
back to game A, at which point the machine would re-calculate your earlier win
in game A based on your (higher) wager in game B.)

The nearest analog I can think of is switching roulette table chips between
tables of different denominations. When you buy roulette chips, the croupier
notes the value of a stack of 20 chips, usually $20, $100, or $500 a stack, by
placing a token near the wheel. Looking at a single chip, it's impossible to
tell whether the chip is worth $1, $5, or $25. And a given color chip at one
table may be worth $1, while at a neighboring table it's worth $25. Table
chips are marked with a letter on their face indicating which table they
belong to, but croupiers don't always examine the letters, so if you slip
chips between tables, you might be able to wager a low-denomination chip and
be paid off in high-denomination chips. That's definitely cheating, even if
the casino doesn't immediately stop you from slipping chips between games.

My general rule of thumb is that anything that happens within a game is fair
play. If the exploit had been that a particular sequence of wagers would cause
the random number generator to behave in a predictable way, then I'd be fine
with it. But I wouldn't consider the game-selection interface to be part of
the game.

------
BHSPitMonkey
This is obviously (at least it _should_ be obvious) a business matter between
the casino and the game vendor, not the user. The way this should have played
out is 1) the casino notices the pattern, 2) the casino pulls the machine and
scolds the vendor for shipping a bug that hurt their business, and 3) the
vendor loses future contracts or resolves the issue in a way that satisfies
the casino.

------
sehugg
If you apply this same logic to coin-operated arcade games, you are breaking
the law if you use the Tetris PRNG hack mentioned today
(<https://news.ycombinator.com/item?id=5640893>) or even Pac-Man patterns
(<http://www.math.montana.edu/~hyde/pacman/>) to "exceed your legal access"
and extend your play time, thus stealing valuable quarters that would
otherwise be spent by non-exploiting players.

You might even be able to apply this to games with IAP. Better not get _too_
good at playing Super Monster Candy Time 2, buddy!

------
mixmastamyk
> In June, Nestor returned to Pennsylvania, and began working the exploit with
> a crew.

I was rooting for the guy until that sentence. Book'em Danno.

------
klodolph
> “These guys kind of kept it a secret,” says Leavitt. “If this had got out…
> this would have been a bad thing for the casinos.”

I'm sure they would have pulled all the games pretty quickly if it had gotten
out. Casinos take analytics seriously.

------
jacoblyles
That's impossible. Gambling software is carefully regulated and approved by
state gaming control boards, so there cannot be bugs.

~~~
derleth
Yes, because the only solution to state regulation failing to meet every
single one of its goals is to end all regulation of everything, everywhere.

~~~
pyre
I think the point is "there cannot be bugs, so _obviously_ he hacked it!"

~~~
nitrogen
Of course, hacking is evidence of a bug: the ability to be hacked.

~~~
pyre
Think of this from the point of view of people that don't know anything about
computers. "bug == defect" and "hacking == magic"

------
reillyse
This case would be laughable if not for the fact that we all know the gambling
associations are going to use their wealth & power to make his life hell.

------
nathantotten
I wonder what would happen if the situation were reversed. What if a machine
was found to have been paying out less money on winnings than the stated
rules. My guess is this would be a non-issue or at worse the casino would face
a small fine.

------
zupa-hu
This is a feature, not a bug.

Certainly, the Casino didn't know about it. Imagine you sign a legal document
you don't 100% understand (you miss sg). Who cares? You are bound to it. The
Casino didn't fully understand the "contract of the machine". Who cares?

------
sivanmz
The entire casino business model relies on bugs in the human mind.

------
AjithAntony
> It takes a lot of video poker play to stumble upon a bug like > that. And
> Kane, according to his lawyer, played a lot of video > poker. “He’s played
> more than anyone else in the United > States,” claims Leavitt. “I’m not
> exaggerating or embellishing. > … In one year he played 12 million dollars
> worth of video > poker” and lost about a million, he says. “It’s an
> addiction.”

You gotta admire this guy's commitment to quality assurance!

------
habosa
That's crazy. Am I "hacking" a vending machine if it gives me two candy bars
instead of one? What if he had just closed his eyes and slammed the buttons
and this happened? Would he be the world's foremost blind hacker? Both sides
are engaged in taking as much of the other's money as possible within a set of
rules, and he won.

~~~
twoodfin
_What if he had just closed his eyes and slammed the buttons and this
happened? Would he be the world's foremost blind hacker?_

That's not a very good argument. Intent matters. This guy obviously knew he
had uncovered a bug, and repeatedly exploited it while attempting to hide the
fact that he was doing so.

I can't speak to whether the CFAA actually will or should be interpreted to
treat his actions as a crime, but it would not be an unreasonable law that
did.

~~~
snarfy
It's not obvious it's a bug, not at all, and it's a slippery slope to say
otherwise.

Intent matters on both sides. Did the programmer intent for this bug to
happen?

~~~
twoodfin
Huh? Through a specially designed switch back and forth between games, he
manages to multiply a preexisting payout by a factor of 10. It is absurdly
obvious that this was a bug.

------
adamio
There are signs on these machines that read malfunction voids pay. This
ultimately is a malfunction, and is the casino's responsibility is to verify
before payout. Exploiting a malfunction to increase payout on an already
negotiated win might be fraud, but hacking?

------
AliAdams
If I am a cashier and occasionally accidentally give out more change than I
should, surely that is wholly my own problem (a fault of my own process) and
not that of the person who takes the money I gave them.

------
gcb0
I don't read wired (tired of their lengthy narratives that always culminate
with the subject cast in a holier than thou light) so i will assume this is
about someone exploiting a bug left by the cassino on their own systems.

Anyone who understand law care to explain how this is different than sitting
at a black jack table and the croupier just dealing up all the cards face up?

------
spinlock
so, if it is considered "hacking" to do this, what about the first time he
found the exploit? He didn't intend to do that he just jumped the gun to get
back to playing. Was that mistake a crime?

~~~
o_nate
Is it stealing if a cashier gives you too much change back and you don't say
anything?

~~~
format
Is it stealing if you cash checks on an account you know is overdrawn but
don't say anything? They gave you the money, it is up to them to verify the
balance on the account, right?

------
likeclockwork
Shared mutable state strikes again.

------
yoster
I guess it's OK to steal billions of dollars from tourists, but when the
tables are turned, it becomes a crime.

