Feeds

Vegas vid-poker hackjackpot bonanza duo face charges

One-arm-bandit bandits plundered backdoor for $100ks

Internet Security Threat Report 2014

A duo who used a software bug in video poker machines to milk thousands in unearned jackpots have been charged with computer hacking and conspiracy offences.

John Kane, 52, of Las Vegas, allegedly learned that a glitch in the software that meant it was possible to change the stake and multiplier of payouts after first obtaining a low-value winning hand on video poker machines, The Las Vegas Review-Journal reports. A special button sequence on the Draw Poker machine manufactured by International Game Technology reportedly allowed access to previous winning hands and the payout of a jackpot.

It's unclear how Kane might have come across the ruse.

What is known is that Kane apparently passed on his find to a friend, Andre Nestor, 39, of western Pennsylvania, before the duo conspired to fleece Las Vegas casinos for hundreds of thousands in the spring of 2009. Nestor is separately accused of raking in $400K in ill-gotten funds after pulling the same trick at Pennsylvania casinos.

Kane and Nestor posed as high-rollers in Vegas, cajoling staff into enabling the "Double Up" option on targeted machines, a necessary prerequisite for the reported hack, Wired adds.

Nestor was about to stand trial on the Pennsylvania charges on Monday when he was indicted in the Nevada case. Nestor compared what he had done to counting cards in blackjack during a brief but compelling interview with WTAE-TV, obtained while he was in the process of being led away from court by the feds, presumably towards inter-state extradition.

“I’m being arrested for winning on a slot machine,” Nestor said. ""Let everybody see the surveillance tapes. I pressed buttons on the machine on the casino. That's all I did."

"Now winning is apparently illegal."

Nestor had filed tax returns on 700 jackpots, admitting winning in excess of $200K. He admitting exploiting an edge against the house in his gambling, which he compared to card counting, and denied any wrongdoing, blaming instead casinos for running "machines not set up to take money". Nestor outlined his likely defence.

"If a casino puts a machine on the floor that pays out what is normally expected and a person figures it out and takes advantage of it as long as they don't use devices or counterfeit money of any kind then there is nothing illegal. It is a matter between the casino and the manufacturer of that machine.

"I had an advantage over the casino. It's just like card counting."

"It's not my fault that their programming allowed a player to win at will," he added. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.