Last week, Eddie Tipton, the former security director of the Multi-State Lottery Association was convicted of electronically rigging the Iowa Hot Lotto game enabling him to buy the winning 16.5 million dollar ticket. The jury believed the evidence that indicated that Tipton used a portable USB drive to install malware on to the computer that picked the winning number. The computer is not accessible to the Internet in order to prevent tampering and only four people including Tipton had access to the room where the computer was housed. The closed circuit camera that recorded activity in the room had been wiped clean. In addition, the sophisticated malware used by Tipton was self-deleting and left utterly no trace on the lottery computer. However, despite the lack of either photographic evidence showing Tipton actually tampering with the computer or evidence of the precise malware used, after a week’s deliberations, the jury found Tipton guilty of two counts of fraud and he is facing a potential prison sentence of ten years.
No computer system is foolproof, however this case does highlight vulnerabilities in the computer security systems used to protect the honesty of state sponsored lotteries. Hopefully, not just Iowa, but other states using similar systems will revisit their own security systems to make sure that they are as strong as they can be.