weather icon Cloudy

MGM hackers could have tried to get slots to spit out money

The financial damage involving slot machines on the fritz at MGM Resorts International properties could have been much worse, but the company shut down machines quickly themselves to avoid further damage, a gaming industry expert says.

MGM’s networked slot machines are just one of the company’s computerized systems under attack by hackers since Sept. 10.

While some machines currently are dark or have error messages on their video screens saying they’re offline, play continues on the company’s casino floors, which have now been disrupted nine days.

MGM employees with clipboards have been circulating around casino floors, hand-paying slot winnings during the time MGM systems have been under attack by groups believed to be based in Russia but with tentacles around the world.

Acres explains TITO system

John Acres, an expert with knowledge of slot machine ticket in-ticket out systems says safeguards are built into the system but quick action by the company likely prevented greater chaos that could have occurred.

A small company, Five Star Solutions, is credited with inventing the ticket in-ticket out system, known as TITO. The concept was acquired by the old MGM Corp. and slot machine giant IGT negotiated the patents from MGM to perfect the modern slot machine-player transaction.

Over the years, the system has been enhanced by companies like Las Vegas-based Acres Technology, whose founder, John Acres, is a member of the American Gaming Association’s Gaming Hall of Fame.

Acres, who said he has no inside information about the attack on MGM and sympathizes with the workers dealing with the attack’s fallout, said one of the big advancements in TITO technology occurred after slot machines evolved from being fed just coins to the installation of bill validators. Those enabled players to insert dollar bills of different denominations into a machine for play. In early stages, winners still received coins when they won.

“And that was a huge problem across the casinos,” Acres said in a telephone interview, “because they had to keep the coins in inventory. They had to collect them and count them and anything that has moving parts that could spin little metal cylinders is just prone to failure.”

The idea of distributing dollar bills of different denominations was dismissed as too challenging.

That’s when the idea to print out the balance at cash-out occurred. Under the existing TITO system, when a player cashes out, a ticket with a bar code is printed. Those tickets can either be cashed out at the casino cage or kiosk or reinserted into another machine for continued play.

But the new system introduced a new problem — the potential of tickets being duplicated by anyone trying to cash in one ticket twice or more.

“If you printed on a piece of paper that it’s good for $153.42, that piece of paper could be copied or replicated or falsely generated and so you had to have a simple computer system that keeps track on all of the TITO tickets issued and all of them redeemed because one of the first things you don’t want people to do is to go make a photocopy of their TITO ticket, cut it out and try to use it twice, right?”

Self shutdown

Once MGM’s system was hacked, the concern was that the hackers would alter programming to create bogus TITO tickets and the corresponding secondary checking system. Acres suspects at the point the hack was discovered, MGM chose to shut the system down to prevent that from happening.

“This is purely speculation, that MGM saw the penetration, saw the threat, and started disconnecting systems so that they could not be penetrated,” he said.

Some observers believed the hackers were attempting to create havoc by programming the slot machines to spit out bogus TITO tickets that could later be cashed in. But in an unusual communication believed to be from the hackers in a dark web post last week, they said such an action, reminiscent of the plot of the movie “Oceans Thirteen,” wasn’t their objective.

Brett Callow, a threat analyst for Emsisoft, an anti-malware software company, has been monitoring dark-web posts from ALPHV, one of the shadowy hacker gangs believed to be attacking MGM.

One of the messages from ALPHV said, “We did not attempt to tamper with MGM’s slot machines to spit out money because doing so would not be to our benefit and would decrease the chances of any sort of deal.” The organization’s goal instead is to extort MGM with ransomware, not create chaos in the casino.

The Las Vegas field office of the FBI acknowledged last week that it is investigating the cyberattack.

Meanwhile, Reuters on Monday reported four other companies, including Caesars Entertainment Inc., were attacked in separate incidents in August.

Okta assists

David Bradbury, chief security officer of the San Francisco-based identity management company Okta, said five of the company’s clients had fallen victim to hacking groups known as ALPHV and Scattered Spider since August.

In an interview with Reuters, Bradbury didn’t name the other companies attacked, which he said were in the manufacturing, retail and technology space, but said Okta was cooperating with official investigations into the breaches.

The Las Vegas Review-Journal is among Okta’s 17,000 customers.

“We saw this happened in such a small period of time and we thought we should be coming forward to the industry at large and explaining what’s happening here,” Bradbury said.

This is a developing story. Check back for updates.

Contact Richard N. Velotta at rvelotta@reviewjournal.com or 702-477-3893. Follow @RickVelotta on X.

Don't miss the big stories. Like us on Facebook.