The history of one bug in a video poker machine

Bugs in some programs go unnoticed for years. Others are quietly correcting themselves. But there are bugs that become the object of general attention and even legal proceedings. It is this story that happened with an error in the Game King Multi-Game slot machine. The player who discovered it did not inform the developers of the vulnerability found, but began to shoot jackpots in various casinos. An investigation by the FBI revealed that he had withdrawn more than $ 500 thousand from slot machines.
The first video poker machines appeared in American casinos in the 70s and were immediately expected to be very successful. The players liked that they can influence the result (choose cards), and not stupidly spin the drum. The holder of the International Game Technology patent held an IPO and entered the stock exchange in 1981.
The main trump card of IGT was the use of computer technology in slot machines. The company achieved the perfect formula in 1996 with the release of the Game King Multi-Game model, which offered several poker options. Casinos bought these machines, and the manufacturer sold them new firmware with new games. On September 25, 2002, the fifth firmware version was released - Game King 5.0.
As it turned out, an error crept into the Game King 5.0 code. More precisely, a number of small bugs in the program under the number G0001640. They managed to avoid detection during testing.
The bug went undetected for the next 7 years, passing to each new firmware version. As a result of copying the code, he entered 99 different programs on thousands of IGT slot machines. As far as we know, no one used it until April 2009, when it was accidentally discovered by John Kane (pictured).The bug appeared by chance. John Kane spent a lot of time playing the game. Once, in one of the slot machines near a Chinese diner on the outskirts of Las Vegas, he tried various poker options, but then decided to order a cashout and look for good luck in another machine. As soon as he pressed the “Cash Out” button, the screen suddenly locked, the machine blinked, rang and reported a jackpot of more than $ 1000. John did not even begin to play a new hand. He informed the approached employee about the glitch, but he considered it a joke and gave out a win.
John Kane called a friend Andre Nestor, they sat down at the machines together and began to test the gaming system, trying different games, limits and a sequence of actions.
The essence of the bug was that the machine allowed changing the size of the bet at low limits from 1 to 50 cents, while it erroneously allowed to change the size retroactively. That is, after winning at a rate of 1 cent, it was possible to change the face value to 50 cents and get a win 50 times more than what was supposed to.
After seven hours of testing, friends were able to establish the exact step-by-step sequence of actions to reproduce the bug.
Unfortunately, for some reason, the bug showed itself only in Game King machines installed in one small area of Las Vegas - in Fremont. Nevertheless, in 5 weeks of hard work, Kane managed to remove more than $ 100 thousand in this area.
Managers noticed something was wrong and turned off the function of doubling the Double Up rate on losing ATMs, after which everything stopped working. And here the “hackers" got an insight: after all, this function is disabled by default in all the machines that they tried it last time. Thus, they could go to any casino, ask to turn on the function - and get a jackpot. Friends agreed not to withdraw from the casino more than $ 20 thousand per day.
Moreover, over time it became clear that after receiving the jackpot, repeating a certain combination of actions allowed to repeat the jackpot with exactly the same cards. Actually, on this they, in the end, were caught.
After the next jackpot, the slot machines were sealed and sent for examination to the technical department of the Nevada Casino Regulatory Agency. The investigation was entrusted to 25-year-old John Lastusky, a recent graduate of the Department of Computer Science at the University of South Carolina. He studied the logs, then copied the contents of the EPROM and did not find signs of external interference and backdoors. Nevertheless, repeating the winning actions, in a few days Lastuski was still able to reproduce the desired sequence. He reported the find to the management, and soon the “Double Up” function was deactivated on all slot machines.
The prosecutor's office indicted Andre Nestor on 698 counts, from theft to criminal conspiracy. In 2011, the case was transferred to the Ministry of Justice, and the accused were charged with a new article on computer hacking (Computer Fraud and Abuse Act). But it ended with a happy ending. Friends refused to testify against each other, and the Ministry of Justice was forced to drop the charges, and in March 2014 the case was closed.
Nestor spent all the money on a lawyer, but Kane saved the winnings. Judging by the court records, they were not confiscated, so the former pianist now leads a quiet, quiet life, not working anywhere.
Andre Nestor has been barred from entering all of Pennsylvania's casinos and is now wasting time playing Candy Crush on his Android tablet. In two months, Nestor completed 515 levels using a cheat found on the Internet.