College of Engineering News • Iowa State University

Hot Lotto scandal prompts security changes

Lottery officials say they have made changes to make sure their games are secure and fair in connection with allegations that a former security director rigged a Hot Lotto winning ticket worth $14.3 million.

Eddie Raymond Tipton, 51, was scheduled to stand trial Monday on two counts of fraud, more than four years after prosecutors say he purchase the winning ticket at a Des Moines QuickTrip near Interstate 80 on Dec. 23, 2010. His trial was pushed back to July after the defense asked for more time.

Tipton was formerly the information security director at the Multi-State Lottery Association, and was barred under Iowa law from playing the lottery or trying to claim a winning ticket. The nonprofit association, headquartered in Urbandale, administers games including Hot Lotto and Powerball for the Iowa Lottery and 36 other member lotteries nationwide.

Assistant Iowa Attorney General Robert Sand in a filing last week introduced a theory that Tipton used a USB flash drive to install a self-deleting computer program that would manipulate the outcome of the Hot Lotto’s random number drawing.

The new theory highlights the need for more awareness about the physical security of computer systems, said Doug Jacobson, a computer engineering professor and director of Iowa State University’s Information Assurance Center.

“One of the things we don’t see much when we talk about computer security … is physical access to the machine by somebody intent on doing evil,” Jacobson said. “If you can physically gain access to a system, touch it as a person intent on doing evil, there’s very little that can be done to stop you.”

Iowa Lottery CEO Terry Rich on Monday released a statement expressing confidence in the Multi-State Lottery Association’s integrity, noting that the equipment and software used in Hot Lotto drawings was replaced after the nonprofit fired Tipton in January.

Security camera systems that monitor the “drawing room” have been replaced, and physical security procedures for the room were updated, the statement said.

“I have confidence that the games we offer today are fair,” Rich said. “Our lottery has strong layers of security in place to protect lottery players, lottery games and lottery prizes. Those procedures enabled us to seek information about the winning ticket in this case and not pay the prize until basic questions could be answered — and they never were.”

Additionally, the Iowa Lottery introduced additional separation of duties for its employees as a result of the investigation. That’s an important element of physical security, Jacobson said.

“The people in security, they’re the ones in essence with the keys to the kingdom,” he said.

Tipton was charged after the Iowa Division of Criminal Investigation in October released video of the ticket purchase in hopes of identifying the person behind the ticket. Days later, an out-of-state employee of the Multi-State Lottery Association told authorities he recognized Tipton as the man in the video.

Under the prosecution’s theory, Tipton could have installed a root kit — a computer system that can be installed quickly and self-destructs after finishing a task — while he was in the multi-state lottery’s “draw room” on Nov. 20, 2010, to change the time on the computers that randomly draw winning numbers. The computers are not connected to the Internet, so the time must be changed manually.

Former coworkers of Tipton are expected to testify at his trial that he was “obsessed” with root kits and had once given a presentation on the programs at a conference on lottery security, Sand wrote in his brief.

Evidence also suggests that one camera monitoring the draw room was tampered with; on the day Tipton was in the draw room a camera recorded only one second per minute, Sand said at a Monday hearing.

In a Sunday pretrial ruling, District Court Judge Jeffrey Farrell wrote that in 2010 the Multi-State Lottery did not have the ability to check for root kits installed in its system. That feature has been added as part of security updates, said Mary Neubauer, the vice president of external relations for the Iowa Lottery.

In a hearing before the trial was set to begin Monday, Farrell denied a motion from defense attorney Dean Stowers to bar the prosecution from presenting the “tampering” theory to jurors. There were at least two other people with Tipton inside the draw room Nov. 20, 2010, he said.

On Monday, Stowers also argued that prosecutors cannot prove that it was Tipton in the QuickTrip video of the ticket’s purchase. The man seen in the video has a full beard, while pictures from Nov. 24, 2010, and Jan. 1, 2011, show a clean-shaven Tipton, Stowers said.

Stowers asked to continue the trial after Farrell denied a motion to stop prosecutors from calling witnesses to testify about the QuickTrip video. The trial was rescheduled for July 13.

The bizarre case has snaked on since December 2011, when a New York attorney named Crawford Shaw tried to redeem the ticket on behalf of Hexham Investments Trust, a company incorporated in Belize. The ticket was turned in to lottery officials a year after its purchase, just hours before it was set to expire.

This story was originally written by Grant Rodgers of the Des Moines Register.