As the saying goes, “The lottery is a tax on people who are bad at math.” That’s because the odds of winning one of those huge advertised jackpots are insanely, laughably slim. It’s fun to dream about winning the lottery, but dreaming is about as much as most of us can do — it comes down to the luck of the draw. You can’t practice, train, or strategize to win one of those enormous jackpots. Some, however, cheat.
Case 1: Rigging the machine
A curious case has come to light after 10 years of investigation. Back in 2006, US law enforcement discovered that Tommy Tipton, a Texas justice of the peace, had $500,000 in consecutive, marked bills.
To justify his possession of the cash, Tipton explained that he had won the lottery but paid a friend 10% of the winnings to cash the ticket for him. He had devised the trick, Tipton explained, to hide the money from his wife while the couple was considering divorce. The court accepted Tipton’s explanation and closed the investigation.
However, something had gone unnoticed. The lucky winner’s brother, Eddie Tipton, was at that time employed by the Multi-State Lottery Association, which you may not have heard of, but you’ve certainly seen some of its games, which include Powerball and Mega Millions. Eddie Tipton was responsible for information security and was one of the developers who programmed a random number generator (RNG) machine for the lottery.
But that fact was brought to light much later, when lottery associations in several states registered that many winners were sending surrogates to cash in their winnings. In 2011, the jackpot winner said his ticket was given to him by a relative who, in turn, got it from the aforementioned Tommy Tipton, who had promised to pay a commission for claiming the jackpot in his stead. The reason? A soon-to-be-ex-wife. The winning number? Generated by the system Eddie Tipton designed.
— New York Post (@nypost) September 10, 2015
There was one more related case, also in 2011: A Canadian citizen claimed a jackpot of $16.5 million as the representative of an unnamed winner. As part of the investigation, the lottery association asked the community to view surveillance video footage to identify the person who purchased the winning ticket. Several people immediately recognized Eddie Tipton’s voice. The investigators analyzed phone calls and untangled the connection between Eddie and his accomplices.
The evidence was used to press felony charges against Eddie Tipton. In 2015, he was convicted and sentenced to 10 years in prison; however, he was released on bond for the appeal period.
Ultimately, the investigation uncovered six cases of fraud in multiple states, with the scammers purloining hundreds of thousands of dollars.
The most interesting piece of the puzzle is the technical method of the fraud. The investigation showed Eddie Tipton had modified the RNG he designed so that it yielded predictable, not random, numbers. An essential part of the scam was to use lottery tickets on which the buyer filled in the numbers.
The scheme worked when the draw occurred on three particular days of the year, two particular days of the week, and after a certain time of day. Eddie
Tipton had developed a .dll file that was embedded in the system after the daily security audit was completed.
The willful misconduct was hard to prove because the malicious component deleted itself after running. However, the forensics team managed to get a working sample of the code that was used in one of the draws.
In a very unusual crime reenactment, the forensics team used the modified RNG to recreate the last draw (by setting the time to the right moment), ultimately obtaining the same winning combination.
In addition to creating a sophisticated program to tamper with the RNG, Eddie Tipton took precautions to bypass the video surveillance system in the stores where the tickets were sold. And that was where his hacking skills failed him for the first time — he was not able to fool the system with so many variables. He recruited a relative into the process, talked to accomplices on a cell phone, and after all purchased a winning ticket himself, ultimately ruining what seemed to be a perfect scam.
— Kaspersky Lab (@kaspersky) April 7, 2015
It’s hard to evade tracking these days. The prosecution, for example, used the evidence of Tipton’s geolocation at the time of ticket purchase. Another piece of evidence was a LinkedIn post by one of accomplices: “Always ready to work with Eddie.”
How do you protect a system from the very people who are supposed to make it secure? As soon as the fraud was uncovered, the Iowa lottery association replaced its equipment and software, checked the new software for modifications, installed newer video surveillance systems, and distributed functions among more employees to make such scams harder to carry out.
Case 2: Jamming the machine
In another story, this one in Connecticut, 2015, the fraudsters also used their jobs to hack the lottery. Unlike Eddie Tipton, they did not have access to the RNG system; they worked at the points of sale where lottery ticket machines were installed.
These crooks found a way to make machines print extra tickets for the 5 Card Cash lottery. For example, one of the compromised machines printed batches with 67% winning tickets, whereas the average proportion of winning tickets in a batch is 24%.
As a result, 5 Card Cash was suspended on a state level in November 2015, and it has not been held since. The organizers announced a software update to make the machines tamper-resistant.
According to the Hartford Courant, the technique that the criminals used for the compromise involved a few fairly simple steps. They intentionally slowed down the machine, for example by sending multiple requests for reports, and then initiated the printing process. Technical peculiarities caused the software to lag under the extra load, allowing the operator to see whether the next ticket would be a winning one. If it was not the crooks would call off the purchase and repeat the procedure.
— Ars Technica (@arstechnica) March 25, 2016
Old school: Messing with the balls
Of course, cheating is not new in the lottery world. Easy money holds universal appeal. Back in 1980, a host of the TV lottery in Pennsylvania replaced the balls in the drawing machine with copies that weighed more, resulting in draws of only fours and sixes. After the rather unlikely 666 was drawn, organizers noticed that someone had started a massive hunt for all tickets that had combinations of only fours and sixes, which was fishy enough to start an investigation.
It might seem easier to get away with fraud in the digital age. But whether criminals are replacing ping-pong balls or slipping bad code into a computer, they also invariably make mistakes. A lottery jackpot seems like a great prize, but we recommend that you keep dreaming, because no cunning plan is foolproof — they are all felonies.