14 DAY TRIAL // New details have surfaced in a case from last year, revealing how the boss of a US lottery used malicious DLLs to manipulate and predict winning ticket numbers on special days of the year, The Des Moines Register reports.
The case first came into the public's eye in April 2015, when authorities started the trial of Eddie Tipton, 53, a former information security director for Iowa's Multi-State Lottery Association (MSLA).
In July of the same year, a judge convicted Tipton of two fraud charges, for fixing a Hot Lotto lottery drawing that produced a winning ticket worth $14.3 million (€12.65 million).
Prosecutors didn't prove how Tipton manipulated the lottery drawing that generated the fraudulent ticket, but that he enlisted the help of Robert Clark Rhodes II, 46, of Sugarland, Texas, to cash out the winnings.
Tipton's scheme was unmasked and also showed that he also manipulated lottery drawings in other states. He was later sentenced to ten years in prison in September.
Tipton used malicious DLLs to hijack the lottery's RNG algorithm
Right after the incidents, the MSLA started security audits of their computers in an attempt to find out how Tipton manipulated their system. Nothing ever turned out. On the other hand, police kept looking and eventually found a fishy DLL on one of the computers responsible for generating random numbers to be used for selecting the winning tickets.
This DLL was identical to the original one, except two blocks of code. These two sections were added by Tipton and used a different random generator algorithm to produce the winning numbers.
The fishy DLL hijacked the standard random number generator (RNG) on three days of the year, on two particular days of the week, and after a certain time of day.
If a draw was scheduled and complied with all three conditions, Tipton would be able to deduce the winning numbers. Since Tipton was responsible for programming these computers in all MSLA divisions across the country, the fishy DLL made its way into the systems used by the organization in other states.
Authorities also charged Tipton's brother
Prosecutors say they've found evidence of rigged lottery draws in Iowa, Kansas, Oklahoma, Colorado, and Wisconsin. The initial detection of this tricky malicious DLL was made difficult by the fact that the file was scheduled to self-delete after a period of time.
Based on this new evidence, prosecutors have filed a new criminal complaint against Tipton (embedded below), but also against Tipton's brother, Tommie Tipton of Texas.
Police suspect Tommie Tipton, a former police officer himself, of being involved in securing partnerships for him and his brother in order to withdraw the winnings of lottery tickets in Wisconsin, Colorado, and Oklahoma.
In total, investigators say that the two brothers rigged six lottery draws between 2005 and 2011, totaling over $16.5 million (€14.6 million).
UPDATE: The article was updated to correct the states where investigators said they found rigged lottery draws. The first version of the article listed Texas instead of Kansas.