Feeds

Vegas vid-poker hackjackpot bonanza duo face charges

One-arm-bandit bandits plundered backdoor for $100ks

Reducing security risks from open source software

A duo who used a software bug in video poker machines to milk thousands in unearned jackpots have been charged with computer hacking and conspiracy offences.

John Kane, 52, of Las Vegas, allegedly learned that a glitch in the software that meant it was possible to change the stake and multiplier of payouts after first obtaining a low-value winning hand on video poker machines, The Las Vegas Review-Journal reports. A special button sequence on the Draw Poker machine manufactured by International Game Technology reportedly allowed access to previous winning hands and the payout of a jackpot.

It's unclear how Kane might have come across the ruse.

What is known is that Kane apparently passed on his find to a friend, Andre Nestor, 39, of western Pennsylvania, before the duo conspired to fleece Las Vegas casinos for hundreds of thousands in the spring of 2009. Nestor is separately accused of raking in $400K in ill-gotten funds after pulling the same trick at Pennsylvania casinos.

Kane and Nestor posed as high-rollers in Vegas, cajoling staff into enabling the "Double Up" option on targeted machines, a necessary prerequisite for the reported hack, Wired adds.

Nestor was about to stand trial on the Pennsylvania charges on Monday when he was indicted in the Nevada case. Nestor compared what he had done to counting cards in blackjack during a brief but compelling interview with WTAE-TV, obtained while he was in the process of being led away from court by the feds, presumably towards inter-state extradition.

“I’m being arrested for winning on a slot machine,” Nestor said. ""Let everybody see the surveillance tapes. I pressed buttons on the machine on the casino. That's all I did."

"Now winning is apparently illegal."

Nestor had filed tax returns on 700 jackpots, admitting winning in excess of $200K. He admitting exploiting an edge against the house in his gambling, which he compared to card counting, and denied any wrongdoing, blaming instead casinos for running "machines not set up to take money". Nestor outlined his likely defence.

"If a casino puts a machine on the floor that pays out what is normally expected and a person figures it out and takes advantage of it as long as they don't use devices or counterfeit money of any kind then there is nothing illegal. It is a matter between the casino and the manufacturer of that machine.

"I had an advantage over the casino. It's just like card counting."

"It's not my fault that their programming allowed a player to win at will," he added. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
L33t haxxors compete to p0wn popular home routers
EFF-endorsed SOHOpelessly Broken challenge will air routers' dirty zero day laundry
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.