What is u00e2u20acu0153randomu00e2u20acu009d?
In this briefing we will take a look at recently reported casino hacks to cover the different meanings of randomness.
Background
As Wired reported this week, a number of international casinos were targeted by an organized crime syndicate which had found a way to greatly increase their payout chances at slot machines. No alteration or manipulation of the machines themselves was taking place. The attackers merely seemed to know when exactly to press the stop button to lead to advantageous spin outcomes.
Statistically Random vs Cryptographically Random
Humans have a very rough every-day definition of randomness. Any event that cannot be predicted by an individual is considered random.
From a technical perspective however, we have to distinguish between statistical randomness and cryptographic randomness.
Take a standard 6-sided dice for example. When rolling it, the outcome cannot be determined by a human as too many factors such as table friction, hand speed, dice weight, uneven surfaces and air resistance play a role. If a “random” dice is rolled 6000 times, each side will come up more or less 1000 times. So if a software were to simulate dice rolls and each of the 6 sides came up the same number of times over a large number of tests, the dice-software would be considered “statistically random”.
However the software may simulate dice rolls resulting in the following outcomes:
1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 …
The outcome would still be statistically random. But to any human observer, it would be instantly obvious that the sequence is not in fact “random”. The next number can be easily predicted. A large part of cryptography deals with numbers that can’t be predicted or guessed by an attacker. The sequence above would thus be “statistically random” but not “cryptographically random”.
Computers and Randomness
True randomness is incredibly hard for computers specifically because they are built to be deterministic. A computer can only act upon its programming and use data it possesses. The only way to allow computers to use truly random numbers is to attach a peripheral that measures random natural events such as the decay of a radioactive substance. This approach is indeed used in some extreme settings.
In more traditional computing (read: any server, desktop, laptop, embedded device or phone people use daily) computers instead rely on so-called Pseudo Random Number Generators (PRNGs).
PRNGs are not truly cryptographically random but merely create a sequence of numbers that is difficult to predict. The degree of this difficulty may range from simple PRNGs which merely aim to seem random to human observers to very complex PRNGs that aim to provide random numbers sufficient for cryptographic purposes.
Furthermore, PRNGs are usually seeded with bits of semi-random information, such as the current time (in microsecond resolution) or the temperature of the CPU.
However, they still only pretend to produce random output. If an observer knows both the algorithm used by the PRNG and the parameters it was seeded with, all future generated numbers can be predicted with perfect precision. Using complex mathematics, the original seed values can also often be deduced by observing a sufficiently long sequence of generated numbers.
Tying it together
This is precisely what happened in the incident we looked at above. The crime syndicate was able to acquire a used slot machine from a defunct casino. Its IT experts thereupon reverse engineered the machine’s code to determine what PRNG was used in and linked the slot wheel outcomes to the raw generated numbers.
From there they developed a mathematical model that allowed them to crack the PRNG using about 15 minutes of spin outcomes.
Operatives would go into casinos, record footage of the spinning wheels and send it back to the IT department which thereupon cracked the PRNG. They then calculated at what times the machine’s “stop” button would have to be pressed so that the game would result in a payout. The operatives’ phones would thereupon buzz shortly before the perfect time to prompt them to press buttons.
While this is an extreme example, weak PRNGs are one of the most common vulnerabilities in modern software. Organizations are advised to verify that their developers understand the concept of a PRNG and associated security risks.