Russian Hackers Find a Way To Beat RNG Slots

Generally the gambling community considers slot machines to be unbeatable. This is because the game outcomes are determined by a random number generator, which is considered completely unpredictable. But a group of Russian hackers have been able to exploit a flaw in a widespread type of random number generator. With the broad range of new slots at internet casinos, the online gambling community has a renewed interest in slots. You can see a list of new slot sites if you’re looking for new places to play.

The affected machines are manufactured by an Australian company named Aristocrat, who are one of the world’s largest suppliers. So the matter is not trivial, and casinos are reporting some enormous losses from the affected machines. As far as we know, slots at online casinos are not affected. But this case may give clues on how to beat slot machines.

So how is this possible if the random number generators are truly random? The answer is they are not random. But before continuing, first let’s explain the two main types of random number generators.

Psuedo RNG vs True RNG

RNG stands for “random number generator”. But there are two main types of random number generators. The most common is Pseudo RNG, which is simply a mathematical algorithm that determines casino game outcomes. It is the technology used in all modern slot machines.

The other type of RNGs typically use sources of radiation to randomise number generation. Such types are mostly hardware, and are called true random number generators. It’s not unlike pointing a radiation meter such as a Geiger counter at the stars, and the interval of the clicks will randomly vary. To be more specific, the clicks are not random. In fact nothing is random. It’s more a matter of whether or not they can be predicted. There is no known way to predict the exact radiation level at an exact time, which makes these types of random number generators reliable and unpredictable.

The Weakness of Pseudo Random Number Generators

Finding patterns in just a few spins of a slot machine is almost impossible. Likewise, short-term data doesn’t realistically tell you anything useful. Therefore the Russian hackers purchased a modern slot machine to study in depth. Ultimately they found and exploited a flaw through data crunching.

This involves reviewing tens of thousands of game outcomes, then meticulously checking data for anomalies. A common anomaly is an outcome that occurs more often than it would if the games were truly random. For example, if there were one hundred possible outcomes, normally we can expect each outcome to occur as often as others. But over short-term data, certain outcomes are likely to repeat an inordinate number of times. This is useless short-term data. Analysis of long-term data reveals the true story.

Putting it into perspective of roulette, there are thirty-seven numbers or pockets on the European wheel. After ten thousand spins, we can expect each number to appear around about the same number of times. But if number zero appears significantly above the expected amount of times, we may conclude that the wheel is biased. This is a simple analogy, and not exactly what the slot machine hackers have likely done.

One particularly common flaw in pseudorandom generators is that particular sequences of game outcomes are more likely to appear. The most common sequence is a string of repeated numbers or outcomes. Again in the context of roulette, we may find a pseudorandom generator repeats the same numbers for a brief moment of time. This is often known as a convergence. It is not particularly easy to see by looking at raw logs of game outcomes alone. However, it is relatively easy to see if the game outcomes are placed onto an image. One notoriously unreliable random number generator is from Microsoft Excel. If you use the random function in Excel, you will find patches of the data where the numbers repeat an inordinate number of times.

Aristocrats response to the flaw

Only Aristocrat the company knows how many machines are affected, but it is believed to be hundreds of thousands throughout the world. Gaming insiders have stated that the machines are not likely to be replaced, because the cost to replace them may well run into the millions of dollars. Aristocrat has issued a software update for the machines, but this is unlikely to have fixed the root cause of the problem. In fact the hackers specifically stated the flaw still exists. Aristocrat have dismissed this as a possibility, although they probably would have beforehand.

How the hackers changed the odds

The player sits at the slot machine wearing a hidden camera. The live video feed of the slot machine is streamed to a server, which analyses slot machine behavior. Then at the required time, the play is instructed to press a specific button on the machine. This in turn increases the likelihood of a payout.

Whether or not the approach works on online slot machines remains to be seen. But certainly a low quality pseudorandom generator is likely to generate game outcomes with statistical anomalies. It’s more a question of data crunching, and obtaining enough data. Because realistically you need over ten thousand spins.

One thing to consider is if one of the world’s largest and most reputable slot machine company can make a mistake, so can the many smaller suppliers of psuedo random number generators. This means there is in fact hope to beat slot machines, or any game that uses psuedo random number generators. It’s more a question of obtaining enough data, and finding a usable exploit.

Sorry, comments are closed for this post.