HOW THEY DID IT —

Neutered random number generator let man rig million dollar lotteries

RNG bypass code allowed security chief to know winning numbers in advance.

Prosecutors say they have unearthed forensic evidence that shows how a former computer security official for a US state lottery association let him rig drawings worth millions of dollars across five states using unauthorized code that tampered with a random number generator used to pick winning tickets.

Eddie Raymond Tipton was charged last April and eventually convicted. Prosecutors said the man used his position as information security director of the Multi-State Lottery Association to access a room that housed the random number generator. But until recently, they weren't able to prove exactly how Tipton went about modifying the code so it produced predictable outputs that could be used to pick winning tickets.

According to an article published by the Associated Press, here's how it worked:

A forensic examination found that the generator had code that was installed after the machine had been audited by a security firm that directed the generator not to produce random numbers on three particular days of the year if two other conditions were met. Numbers on those days would be drawn by an algorithm that Tipton could predict, Iowa Division of Criminal Investigation agent Don Smith wrote in an affidavit.

All six prizes linked to Tipton were drawn on either Nov. 23 or Dec. 29 between 2005 and 2011.

Investigators were able to recreate the draws and produce "the very same 'winning numbers' from the program that was supposed to produce random numbers," Smith wrote.

In case that description isn't entirely clear, or lacks details some readers want, here's an explanation from a separate article from The Des Moines Register:

Examiners found out-of-place programs known as dynamic link libraries, or DLLs, that had been written onto the Wisconsin computer. The programs were designed to “redirect” a drawing if certain conditions were met, according to the complaint, helping orchestrate the outcome.

The drawing had to happen on three particular days of each year, two certain days of the week and at a certain time of day.

Then another program triggered the winning numbers to be drawn not at random, but using an algorithm Tipton could solve, according to the criminal complaint. The numbers could be predicted by anyone familiar with the random number generators, security procedures and the algorithm, Iowa Division of Criminal Investigation special agent Don Smith wrote in an affidavit.

The newly discovered evidence underscores the difficulty of maintaining trustworthy computer systems that do what they're intended to do. In this case, it took only one insider to defeat the auditing that the lottery system was required to undergo. It's not clear if officials have tightened the requirements to make future tampering harder.

Channel Ars Technica