An international syndicate of Russian hackers that cashed out millions from slots in U.S. casinos over the years is focusing its efforts on South America and Europe after busts in Missouri and Singapore.
The Russian syndicate most recently struck in Peru, a security consultant to slot-makers told a group of U.S. regulators at a Las Vegas conference Thursday at the Luxor organized by Gaming Laboratories International. Wired magazine first reported the story about the syndicate last month.
The existence of the Russian group, which might have been operating for as long as a decade, was first spotted in Missouri in May 2014. The FBI made its first arrests later that year. Singapore police caught syndicate members cheating in May 2016.
Details about the group are still emerging. It might consist of between 40 and 70 individuals with a headquarters in St. Petersburg, Russia.
“It took us 10 years to finally spot these guys,” consultant Rex Carlson said. “It is so insidious; it is really hard to see. We are finally arriving at a complete story now.”
The syndicate figured out some of the inputs of the random number generator, or RNG, of certain machines and manufacturers. That enabled the hackers to better determine when to hit the button to win.
The syndicate used an elaborate scheme with plenty of computer firepower, Carlson said. So-called scouts would initially troll the casino floor and send back video of slot machines the headquarters was familiar with. Hackers would then put the video on their computers and reverse engineer aspects of the machine’s RNG over the course of several weeks.
Next, foot soldiers would be sent back to play the machines. They would be armed with two phones, one in their shirt pocket that took video of the slot screen and one in their pants pocket. The phones had four applications representing four manufacturers, including Aristocrat Leisure Ltd. The pants pocket phone would buzz when it was time to hit the slot button.
“At first look, it would seem like an RNG that is really hard to beat. But these guys managed to do it. They have a lot of computer resources available to them,” Carlson told the group.
The group focused on machines that were used in casinos around the world so it could continuously move from state to state and country to country. It also kept its winning average low so as not to attract attention. The group used secured communications, rented large servers around the world and paid footmen in bitcoin to avoid detection.
An Aristocrat company spokesperson said it is aware of only a handful of reports of suspicious activity on a legacy installed base of over 100,000 Mk VI machines around the world, most of which are outside the United States. Aristocrat has received no reports of suspicious activity from the USA since 2014, the spokesperson added.
“Computing has moved along so fast that we now have bad, smart guys that can create algorithms to beat RNG if they aren’t complex enough,” Willy Allison, casino game protection consultant and owner of World Game Protection Inc., told the crowd. He and Carlson said so-called cryptographic-secured RNGs would help prevent such hacks.
Allison said many U.S. casinos aren’t well-prepared to deal with the new generation of cheats, with some still using techniques “photocopied” from Atlantic City and Las Vegas 25 years ago.
Casinos need to hire more technology-savvy security professionals, Allison told the crowd.