As I reported to you last July, Eddie Tipton, the former security director of the Multi-State Lottery Association was convicted of electronically rigging the Iowa Hot Lotto game enabling him to buy the winning 16.5 million dollar ticket. The jury believed the evidence that indicated that Tipton used a portable USB drive to install malware on to the computer that picked the winning number. The computer is not accessible to the Internet in order to prevent tampering and only four people including Tipton had access to the room where the computer was housed. The closed circuit camera that recorded activity in the room had been wiped clean so there was no visual evidence of Tipton tampering with the computer. In addition, the sophisticated malware used by Tipton was self-deleting and left utterly no trace on the lottery computer. However, despite the lack of either visual evidence showing Tipton actually tampering with the computer or evidence of the precise malware used, after a week’s deliberations, the jury found Tipton guilty of two counts of fraud.
Now, almost a year later new evidence has been revealed by prosecutors against Tipton who is presently awaiting trial regarding additional lottery fraud in Colorado, Wisconsin, Oklahoma and Kansas. Where previously, only circumstantial evidence tied Tipton to charges that he rigged state lotteries, now, according to prosecutors, they have found the random number generator used by Tipton to rig a 2 million dollar Megabucks drawing in 2008. According to prosecutors, a forensic investigation found that the generator had code installed on the computer used to produce the winning Megabucks numbers after the computer had been audited and was used to make the computer not produce random numbers three times during the year leaving Tipton able to predict the winning numbers.
No computer system is foolproof, however this case does highlight vulnerabilities in the computer security systems used to protect the honesty of state sponsored lotteries. Hopefully, this case will lead to better security in the operation of state lotteries to insure that the public has faith in them as being operated honestly.