High-rolling gambler uses casino's own surveillance system to scoop $32 million...

Filed Under: Featured, Security threats

A high-rolling gambler has allegedly won $32 million at a casino in Melbourne, Australia, thanks to a little network hackery carried out by accomplices.

Games like poker are much easier to win if you know some or all of your opponents' cards.

After all, it's hard to sustain a bluff if the person you're bluffing has actually seen your hand.

In this case, the un-named "whale" - casino argot for a player who wagers large amounts of money, often on giant-sized individual bets - is said to have relied on his accomplices to feed him information about what other players at his table were holding.

His accomplices were able to snoop on the other players because they had remote access to the casino's own surveillance system, giving them a bird's eye view from CCTV cameras right inside the high-rollers' room.

The $32 million was apparently scooped in the course of eight big-stakes hands.

To increase their chance of catching cheaters (and thereby, no doubt, to discourage gamblers from trying to cheat in the first place), casinos typically have substantial networks of cameras giving high-quality, real-time video feeds.

So, this is an excellent reminder that the modern trend towards "big data" - where you hoover up as much information as possible, in as much detail as you can manage, about as many of your customers as you can - cuts both ways.

"Big data" can not only help to uncover patterns that expose fraud and criminality, but also end up enabling it.

(Why would you need a miniature camera cunningly mounted on an ATM to skim PINs from unsuspecting users, if you could just hack into a shopping mall's CCTV system and let someone else's camera do the work?)

By the way, do you have video surveillance in your workplace?

If so, how well do you protect your own CCTV network, which may very well include proprietary software and equipment, from prying eyes?

It's not just your employees' privacy that's at stake, but possibly also (as the Melbourne casino found out) the financial health of your business...

, , , , , ,

You might like

10 Responses to High-rolling gambler uses casino's own surveillance system to scoop $32 million...

  1. So can all gamblers at the casino who have lost now sue the Casino? Who is to say that they did not lose due to the negligence or the Casino. Were there other times their Video Feeds were used to win at Poker Games?

  2. J16 · 935 days ago

    Well he was pretty much stealing from the other players, the casino doesn't care who wins a poker game, they take a rake from the pot every time regardless. If he didn't win 32mill someone else would have.

    • Paul Ducklin · 935 days ago

      Still cheating, though :-)

      I doubt the casino would be happy for its other "whales" to find out that they'd been cheated this way whilst using the casino's services...

  3. M30 · 935 days ago

    My understanding is that there was no actual "hack" of CCTV. Staff who already had access to the footage relaying information to player.

    • Paul Ducklin · 935 days ago

      The exact details aren't clear - the story I've seen so far implies some sort of insider help; whether that was a login password so the gambler could get his own guys to do the surveillance and reporting, or just information relayed from an already-logged-in user wasn't clear.

      Not sure which is worse in cyberdodginess terms; the end result is the same.

      But I agree that in respect of "hacking," it doesn't sound as though someone found and exploited a hole in networking/software side of the CCTV system that bypassed normal authentication. (In other words, to repeat the "hack" elsewhere, someone at the next venue would need to be suborned to help...

  4. F R · 934 days ago

    In the UK at least a few years ago, afaik, banks were legally required to place ATMs out of the line of sight of cameras. Do you know if that is still true today? Does this hold in other jurisdictions?

    I must confess, I tend to find myself looking up and around the ceiling in retail outlets before I type my pin when making a purchase with plastic. In fact I got into the habit of covering the pin-pad with my wallet while I type the pin.

    Habits - you're gonna have them, so make them work for you rather than against you.

  5. gregbacon · 934 days ago

    Who says crime doesn't pay?

    We need to teach our kids that if they want to get rich to either go into hacking or the more secure route to unlimited wealth; Go to work for a Wall Street bank, who are skimming trillions from customers around the world and if they get caught, all they get is a slap on the wrist.

    After all, they're too big to jail.

  6. Randy · 933 days ago

    Great plot for Ocean's 14

  7. Duke · 928 days ago

    Your story Paul is factually incorrect. The scam took place in the game of Baccarat! It is annoying when stories like yours emerge that asr tottally inaccurate. I hope you print this.

    • Paul Ducklin · 927 days ago

      Actually, my only reference to poker was to say "games like poker are much easier to win if you know some or all of your opponents' cards."

      It wasn't clear exactly what he cheated at, but it seemed clear to me that it wasn't a player-versus-casino game like Blackjack, where the players' cards are dealt face up anyway, but rather a player-versus-player game for which the casino was just the host.

      I chose poker as my example simply because it's the player-versus-player casino game most people are probably familiar with.

      So, if I might defend myself for a moment, calling the story "tottally inaccurate" is perhaps a *little* bit harsh (and there are only two Ts in totally).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog