Exploiting Software Defects for Profit is Still Illegal

Saturday, January 15, 2011

Rafal Los

0a8cae998f9c51e3b3c0ccbaddf521aa

A story ran in the Pittsburgh Post-Gazette recently that triggered some interesting conversation.

"Moments before he was to stand trial for bilking The Meadows Racetrack and Casino out of nearly a half-million dollars in fraudulent jackpots, a Swissvale man was arrested Monday by federal authorities, who say he actually may have stolen as much as $1.4 million from casinos in the U.S. and abroad."

Wow.  The story gets better.  

Apparently through a combination of social engineering of casino floor workers, and "a software glitch" (affectionately referred to as a bug) this group of people was able to steal some very real money.  

The short of is that they were caught because they got greedy, as they always do.

"When the correct sequence of buttons was pushed, the machine displayed false double jackpots. No casino officials noticed because the bogus jackpots weren't being recorded in the machine's internal system."

So, am I the only one that reads this "glitch" as a potentially planted bug in the system?  I have to admit, if there was a bug that gave random winners then that would be a glitch, but a "glitch" that's triggered by a specific sequence of buttons and not logged is a planted bug, period.  

Someone needs to open an investigation into the company that makes that machine, and whether they're profiting from poor QA process!  Speaking of QA process integration (see my last post and others) wow... what kind of failure was this?

So I'm thinking that this smells a little funny to me.  Are casino machines really that software-glitchy?  Is there really such poor quality control (let's face it this isn't a security issue!) that these bugs make it out the door and onto the casino floor?  

I think I have more questions than answers here... for example - how did this group find out about these "software glitches"?

I don't know about you, readers, but I think there is more to this story than meets the eye or press - and the "villains" are being brought up on Federal charges to keep them from talking.  I suspect this story won't get properly investigated, and buried.

Thoughts?

Crossposted from Following the White Rabbit

Possibly Related Articles:
12923
Breaches
fraud Software Vulnerabilities Exploits QA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.