Aussie pokie manufacturer Aristocrat has been offered an ultimatum by a major Russian hacking outfit that’s reportedly capable of stripping machines of $315,000-a-week.
According to a recent article by Wired, a hacker has been using his knowledge of coding to mastermind an international attack on vulnerable pokies.
Speaking directly to the hacker, known only as Alex, Wired’s Brendan I. Koerner learned that he employed a team of computer experts to uncover flaws in slots around the world.
A Complex Process with a Simple Strategy
Outlining the process, Alex explained that members of his team record live pokies in action and send the video back to a base in Russia. Analysts then review the video to determine when a cycle in is likely to occur.
The analysts then convert this into “timing data” which they then send to the agent’s phones via a specially designed app. Once the player’s app has received the timing information, it will vibrate the phone a split second before the spin button has to be pressed.
With the correct timing, players are able to catch the pokie as it’s entering a win cycle and receive a return on their investment. Alex claims that his system isn’t illegal because he’s not hacking the machines.
Instead, what he says he’s doing is using his knowledge of odds, mathematics and computer software to exploit flawed pseudo random number generators (PRNGs).
Not So Random Results Make Pokies Vulnerable
Behind every live and online pokie is a piece of software known as a PRNG. The PRNG generates sequences of numbers that determine the outcome of a spin and, moreover, control the payout percentage of a pokie.
Most pokies have a payout percentage somewhere around the 90 percent mark. Alex claims that his system is able to exploit machines where the PRNG has coding flaws that make it more predictable.
Although there is some suggestion in the article that it may be an elaborate ploy by the Russian in order to dupe pokie operators, Aristocrat did confirm that it had been the subject of an extortion attempt.
When question about the allegations in the Wired article, the gaming company told Business Daily that a hacker had demanded $10 million in return for information about its RNG vulnerabilities.
If the claims made by Alex are true, it could force pokie manufacturers to completely rethink the way they code their games. Indeed, there is a suggestion by Wired that Aristocrat may have based the code for one of its PRNG on a 36-year-old piece of software that now freely available to coders.
While that may not be the case, there is clearly a scope for a review of how operators and regulators in Australia hand technology in today’s market.