18 Jul 2017
In 2009, Vladimir Putin shut down the Russian gambling industry. Not through high taxes or constricting regulations, but he actually made gambling illegal in Russia. The entire gambling industry disappeared overnight because of its ties to Georgian criminals who were thought to be running most casinos. But if you haven’t heard about Russia’s gambling ban already you probably don’t care, so why should you keep reading about it now? Every day it seems like there’s a new headline about Russian hacking. You’re probably thinking about election hacking, but casinos across America found out that Russian cybercrime isn’t solely focused on politics.
After the gambling ban took effect in Russia, all the ex-casino owners were looking to sell their old slot machines to the highest bidder. Cybercriminals took the low-price slot machines as a chance to discover vulnerabilities within the slot machine’s PSNG (Pseudo-random number generator) algorithms. If you can discover a pattern to a slot machine’s numbers, then you can cheat the game and easily win yourself thousands. But in 2014 American casinos had no idea that any of this was happening, so when they saw that slot machines at a few casinos were actually putting out more money than they were taking in, they were at a loss.
The only lead they had was a man who was winning big while holding his phone close to the slot machine screen. The Lumiere Place Casino in St. Louis found surveillance footage of a man approaching a machine and playing it without tampering or winning big. The only strange thing was that the man was holding his phone near the screen. A few minutes later the man would come back and hold his phone out again, but this time he would hit the button to stop the wheel sporadically and win thousands of dollars doing it. Clearly something was wrong, but there was no way to tell what.
The Lumiere Place casino reported its findings to the Missouri state gambling commission who found that more casinos were reporting the same cheats by different men and that the man originally identified was a Russian nationalist named Murat Bliev. They investigated Bliev and found he was traveling back and forth between America and St. Petersburg. They also examined rental car and hotel records and discovered that there were over 20 other Russian nationals all over America doing the same thing. Then there was a breakthrough thanks to a confiscated cell phone. Thanks to the phone, the gambling commission found that the Russians were recording the slot machine’s screen with their phones, sending the video back to their headquarters in Russia where the PRNG algorithms were busted, and then using a special app in their phone that told them when to press the button that stopped the wheel. Bliev and a few other cheaters were arrested soon afterward, but that’s not the end of this story. Now, investigators believe that Russian hackers are simply putting their phones in their shirt pockets and skyping the video back the Russia so that it’s harder to tell when they’re cheating. As if that wasn’t bad enough, casinos can’t replace all their slot machines or tell which ones are vulnerable, so there is no surefire way to stop the Russian hackers from stealing thousands.
Cybercriminals have no borders or restrictions. They attack who they want when they want, and no industry or person is completely foolproof to hacks. Even when people figure out how hackers do what they do, it’s only a matter of time before the hackers find a new way to cheat people out of their money and privacy. If you want to have a chance at being secure, stay up to date on every cyber happening.