Technologies of crime: the cyber-attacks on electronic gambling machines.

• Author: McMullan, John L.

Introduction

Electronic gambling is a recent phenomenon in Canada (Azmier, Kelley, and Todosichuk 2001; Campbell and Smith 1998; Marshall 1996a, 1996b, 1998; Smith and Azmier 1997; Vaillancourt 1999). Statistics show that the gross wager on provincial gambling is now over CAN$18 billion, the gross profit (i.e., the amount left over after players' prizes have been paid out but before expenses have been covered) is approximately $9 billion, and the net revenue (i.e., the amount left over after expenses and commissions have been paid out) is about $5.5 billion. Indeed, gambling is now the leader in producing "vice-tax revenues" for all provinces and falls just short of the $5.9 billion that Canadian provinces gain from the sales of alcohol and tobacco combined (Azmier 2001: 3-4). The main contributor to this growth has been electronic gambling (casinos and video lottery terminals). (1) By the year 2000, 69,789 electronic gambling machines (1 machine for every 329 Canadians) were generating approximately $1.8 billion in net revenues for the provinces (an average "tax" of $78.15 per adult). Of these gambling machines, 38,252 were video lottery terminals, of which 3,234 were located in Nova Scotia (Azmier 2001: 8).

The proliferation of these new gambling technologies has certainly created an exciting, popular recreational activity (Dickerson 1996; Eadington 1996; Goodman 1995a, 1995b; McMillan 1996). But it has produced as well an underground economy in the supply and demand of gambling machines and innovative forms of gambling-related electronic fraud. (2) In this paper we analyze how one criminal group deployed hacking, cracking, and sleeper programs to defraud video lottery (VL) machines by (1) disassembling computer codes and predicting winning outcomes; (2) altering computer memory and storage devices to increase profits for winning combinations; and (3) manipulating computer RAM and ROM to disconnect terminals and exploit them without the knowledge of industry regulators.

Our paper is organized as follows. First, we present our perspective on criminal organization. Second, we discuss research sources and present our case-study approach. Third, we provide a detailed examination of the cyber-attacks on electronic gambling machines that occurred in the province of Nova Scotia from 1994 to 1998. We emphasize how computers were the principal tools in a series of sophisticated fraud scams. Finally, we conclude our paper by comparing and contrasting computer crime in the gambling industry with computer crime in other financial services.

Criminal organization

Criminologists, sociologists, and legal scholars have often treated crime as an individual deviation from group norms or laws. They typically wonder why some people stray from the straight and narrow path. Some researchers emphasize the study of individual traits and personality characteristics; others study the individual's social position, subculture, relations with family and peer groups, absence of self-control, group conflict, official labelling by police, courts, and corrections, and so on. In effect, these approaches do not usually treat illegal or criminal activities as subjects in themselves but rather pursue the question, How do these activities determine individual behaviour?

In the approach adopted here, computer crimes are treated as activities that are rationally geared to the conduct of the illegal behaviour in question. That is, the main elements explaining VL crimes and their organization may be found within the illegal activity itself and the problems confronted there. This explanatory approach emphasizes that at a given stage of technological development, a given illegal act presents certain technical and social problems that must be resolved for its successful completion; that we can identify the most efficient types of organizations for managing those problems; and that the existence of these kinds of organizations are explained in terms of their technical efficiency in the situation at hand (Best and Luckenbill 1982; Cressey 1972; McIntosh 1975).

Two works that deal systematically with variations in organization and that deploy organizational ideas are Donald Cressey's Criminal Organization and Mary McIntosh's The Organization of Crime. (3) Cressey (1975) categorizes six varieties of criminal organization by identifying key positions that involve increasingly complex responsibilities as the organization becomes more rational. Thus, at the top end, variety A is distinguished by having positions for commissioners who meet to coordinate the illegal activities of a cartel of multiple sub-units, while at the bottom end of the scale, variety F has only a task force guide in the immediate act of committing a crime. Cressey accounts for different kinds of criminal organization, such as those for extortion and long-term fraud, and for specific criminal interventions, such as bank robberies, cheque-forgeries, and automobile thefts. His theory assumes that the most developed form of rational criminal organization can conduct any kind of profitable criminal activity and that lower organizational forms may be subsystem parts of a more complex rational structure.

McIntosh (1975) questions the evolutionary character of Cressey's theory and suggests that the dynamics of organizational growth and change are more diffuse and context-bound. While Cressey sees ignorance or short-sightedness on the part of criminals, or ineffective law enforcement by the police and other regulators, to be impediments to the evolution of rational criminal organization, McIntosh insists that there is no progressive tendency towards rational centralization. It is normal and routine for crime networks to be diverse and specific because "in different social contexts the problems confronted by criminal groups, and therefore the appropriate organizational solutions will vary" (17). She identifies four varieties of criminal organization: picaresque, craft, project, and business.

Each of these is a type of organization for groups of criminals engaged in a specific range of criminal activities in a specific type of society. For her, the business organization, typical of racketeers who supply illegal goods and services and who have gained some degree of immunity from legal control, is the largest in scale and the most permanent and advanced in her typology. A business organization is composed of a hierarchy of agents who engage in relatively specialized activities and who are either paid by their superiors or offered a share of the profits in a particular market sector. Business criminal organizations, however, are more difficult to delineate than other criminal types. The division of labour is the most complex, and business organizations need both to neutralize state control through systems of corruption and acquire legitimacy by engaging in legal business ventures, such as transportation, currency exchange, real estate, food and beverage, entertainment, and the like (McIntosh 1975: 50-58). The boundaries of the organization are, therefore, often in flux, and methods such as loyalties to criminal norms, violence, control over law-enforcement regimes, and efficacious and profitable racket management are central in controlling competitors, subordinates, and customers. As McIntosh puts it, a criminal business organization "depends, in a way that no other organizational system does, on relationships with non-criminal sections of the society that are built up interactively over time" (58).

Cressey's and McIntosh's approaches share the same logic as ours: treating the rationality of an organizational form as an explanation for its existence. Many criminologists see social control as a reaction to deviance. They are chiefly concerned to explain why people become deviant or else to investigate the effectiveness of social control institutions. From our perspective, deviance does not exist without social control, nor crime without law. Because we are concerned with the pattern of relationships among individuals and not with individual conduct per se, we deploy organizational concepts that can be combined and recombined to explore the internal organization of computer-fraud teams in terms of their criminal technologies and their division of labour, as these relate to the legitimate gambling market milieu.

In attempting to analyze cyber-attacks on electronic gambling machines we ask, What types of technical problems had to be overcome and solved for a successful criminal outcome? What criminal division of labour was needed to accomplish the illegal activity and how did it handle problems of opportunity, access and work safety, property protection, site surveillance and detection, and relations with site owners, other customers, and victims? and What do our findings contribute to the study of computer crime?

Research sources and case study

This paper does not claim to provide a comprehensive analysis of computer-related gambling crime. Rather it examines one specific case study. We adopt Orum, Feagin, and Sjoberg's (1991) definition of a case study as "an in-depth, multifaceted investigation using qualitative research methods of a single social phenomenon" (2). Our objective was to study the hows and whys of these cyber-attacks, by documenting a continuous picture of the social techniques of computer crime and its social organization over time that included the subjects' own descriptions of their experiences and their relations with others (Denzin 1970; Orum, Feagin, and Sjoberg).

Our case study pieces together a complex picture of computer hacking and "ghost" programming for illegal gains. It documents the size of the criminal group, its division of labour, the economic value of the cyber-attacks, and the criminal organization's modus vivendi with the gambling industry. Compared to a quantitative method that describes behaviour in statistical terms, our approach emphasizes the social...