Reverse Engineering Lottery Scratch Tickets For Profit (But Not Fame)
from the scratch-and-sniff dept
Jonah Lehrer has a fantastically entertaining article in Wired about cracking scratch card lottery tickets. It kicks off with a story about Mohan Srivastava, a statistician in Toronto who quickly realized that the scratch tickets couldn’t actually be random, even if they try to give off that impression. Since the lotteries want to control how often people win, the numbers have be chosen by a careful algorithm — and if that’s the case, there’s almost always ways to reverse engineer the algorithm. With the first game he tried it on, Srivastava was able to increase his odds to the point that he could pick a “winning” card 90% of the time. He ended up alerting the Ontario Lottery and Gaming Corporation — though, he admits that he did so not for moral reasons, but because he quickly calculated that he probably wouldn’t make that much money just by gaming the system:
His next thought was utterly predictable: “I remember thinking, I’m gonna be rich! I’m gonna plunder the lottery!” he says. However, these grandiose dreams soon gave way to more practical concerns. “Once I worked out how much money I could make if this was my full-time job, I got a lot less excited,” Srivastava says. “I’d have to travel from store to store and spend 45 seconds cracking each card. I estimated that I could expect to make about $600 a day. That’s not bad. But to be honest, I make more as a consultant, and I find consulting to be a lot more interesting than scratch lottery tickets.”
Instead of secretly plundering the game, he decided to go to the Ontario Lottery and Gaming Corporation. Srivastava thought its top officials might want to know about his discovery. Who knows, maybe they’d even hire him to give them statistical advice. “People often assume that I must be some extremely moral person because I didn’t take advantage of the lottery,” he says. “I can assure you that that’s not the case. I’d simply done the math and concluded that beating the game wasn’t worth my time.”
At first the Ontario Lottery ignored him. Apparently, lots of crackpots claim to have beaten the lottery, but haven’t. So, instead, he sent a guy on the Ontario Lottery security team a package of unscratched cards, and sorted them into piles he thought were winners and losers. Apparently, he was pretty accurate, because they called him quickly after that and then pulled the game.
Of course, as often happens in these situations, the Lottery insisted that this was just a one-off error, and the rest of their games were secure. Srivastava correctly noted that was unlikely, as the chances that the ticket he’d randomly been given was the only one with a flaw seemed remote. And, even if he didn’t think it was worth his time to game the system, that’s not true for others. In fact, Srivastava notes that there are ways to profitably game the system:
I then ask Srivastava how a criminal organization might plunder the lottery. He lays out a surprisingly practical plan for what he would do: “At first glance, the whole problem with plundering is one of scale,” he says. “I probably couldn’t sort enough tickets while standing at the counter of the mini-mart. So I’d probably want to invent some sort of scanning device that could quickly sort the tickets for me.” Of course, Srivastava might look a little suspicious if he started bringing a scanner and his laptop into corner stores. But that may not be an insurmountable problem. “Lots of people buy lottery tickets in bulk to give away as prizes for contests,” he says. He asked several Toronto retailers if they would object to him buying tickets and then exchanging the unused, unscratched tickets. “Everybody said that would be totally fine. Nobody was even a tiny bit suspicious,” he says. “Why not? Because they all assumed the games are unbreakable. So what I would try to do is buy up lots of tickets, run them through my scanning machine, and then try to return the unscratched losers. Of course, you could also just find a retailer willing to cooperate or take a bribe. That might be easier.” The scam would involve getting access to opened but unsold books of tickets. A potential plunderer would need to sort through these tickets and selectively pick the winners. The losers would be sold to unwitting customers–or returned to the lottery after the game was taken off the market.
Lehrer then goes on to point out that there is statistical evidence that, at the very least, suggests that some gaming of the system has been done in various places.
Consider a series of reports by the Massachusetts state auditor. The reports describe a long list of troubling findings, such as the fact that one person cashed in 1,588 winning tickets between 2002 and 2004 for a grand total of $2.84 million. (The report does not provide the name of the lucky winner.) A 1999 audit found that another person cashed in 149 tickets worth $237,000, while the top 10 multiple-prize winners had won 842 times for a total of $1.8 million. Since only six out of every 100,000 tickets yield a prize between $1,000 and $5,000, the auditor dryly observed that these “fortunate” players would have needed to buy “hundreds of thousands to millions of tickets.” (The report also noted that the auditor’s team found that full and partial ticket books were being abandoned at lottery headquarters in plastic bags.)
Then there’s the example of a woman in Texas, Joan Ginther, who has apparently won more than $1 million from the Texas lottery four separate times. There are also some indications that organized crime groups have regularly used such lottery tickets as a way to launder money — and if they can crack the code, that makes the laundering process a lot more profitable.
Finally, the article notes that the Lottery industry around the world seems to more or less be in denial about the whole thing, frequently insisting that the new games are perfectly secure, and not even being all that aware of previous cracks and problems. The whole thing is well worth reading.
Filed Under: lottery, random, scratch cards
Comments on “Reverse Engineering Lottery Scratch Tickets For Profit (But Not Fame)”
Usually these things are an error. Most scratch lotteries do not reveal serial numbers or other identification in the open, they are usually covered by the “scratch coat” as well. If that scratch coat is already removed, the ticket isn’t valid for redemption.
If they put an identifiable number or code in an open place, it’s an error.
Arrested
Next we’ll hear how he is being arrested…
Re:
“Usually these things are an error. Most scratch lotteries do not reveal serial numbers or other identification in the open, they are usually covered by the “scratch coat” as well.”
Did you read the article at all? The man can predict if a ticket will be a winner (with a very high probability apparently) without any more information than the average player can get.
It is not an error in the cards themselves. It’s an error in the way the lotteries were designed.
Re:
Look at the pictures of the cards. The left side that says “your numbers” can be covered completely with latex. Problem solved, unless someone invents a way to see through the latex without scratching it off.
Re:
All lottery scratch cards are, at a minimum, numbered. Every time they run off scratch cards, the entire run is numbered from 1 to however-many-they-run.
Try harder.
Re:
I have not read the article I am about to discuss. That will not, however, stop me from firing up the comment sheet and tossing out some unfounded assertions that have nothing to do with the story in question. As a member of the general internet populace, I see no problem with this.
Fixed that for you.
Re:
No, the error is in providing too much information to work from.
If the numbers on each “card” were covered, he would not be able to make such a choice ahead of time. By leaving all the numbers exposed, they showed a large part of the game play.
If 8 of the 9 squares on each were covered (needed to be scratched before use), his method would not apply.
Basically, they put too much information out there. Usually it’s an error in exposing a serial number (as you can see the serial numbers are exposed on the bottom), but in this case, it was just exposing too much of the card to the public before they buy it.
Re: Re:
really? its a tic tac toe game, as in, there are numbers, visible, on a tic tac toe board. then you get call numbers, which are hidden until scratched. he uses the visible numbers on the tic tac toe board to crack them.
“People often assume that I must be some extremely moral person because I didn’t take advantage of the lottery,”
He could be extremely short-sighted. This particular game might not have been worth his while, but another game with higher payouts and a similar flaw might have been in the future.
But what I don’t get is how you’re supposed to be able to examine scratchoff tickets to figure out which ones would pay off. They’re usually behind the counter in big rolls and I don’t think they’d let you go through them all looking for a winner.
Re: Re:
I wanna know what kinda money this guy makes consulting that $600/day isn’t worth his time. I’m lucky to make that a week lol!
I think that people are missing the point.
He doesn’t use anything about the numbering of the tickets. He doesn’t use any other identifying information. He uses the MECHANIC of the ticket and information that you can glean from MECHANIC. The mechanic of the game was such that any time numbers appeared a single time on a card and that those singles appeared in a row/column, the card was substantially more likely to be a winner than not.
Re: Re:
incorrect. he is using the card barcode. he has reveresed the algorithm that generates each serial (barcode). thus he can say whether a card is a winner
Re:
Chris, can you stick your “fixes” somewhere else? You aren’t funny, just an annoying jackwagon.
Re:
If you were an unscrupulous person, you could buy them in bulk and resell the duds, which would be especially viable for an organization with resources, like the mob.
Re:
Yes, and the lottery company made a mistake by revealing too much information “pre-buy”. If those boxes had 8 of 9 numbers covered, exposing only the center on each card, it wouldn’t have changed anything, but would have revealed less.
By putting that much information out there (72 numbers, and 64 combinations) they provided way too much information, more than enough for people to be able to determine patterns.
Yes, it is ALSO a failing in their methods for encoding the cards, but the real error was in giving the buyer too much information before purchase.
Re:
Usually you can see the sequential number of at least one ticket for that pack. Depending on the how the dispenser is set up this is either the next to be sold or has one or two to be sold before it.
Knowing this you can have a general idea where in the sequence of that pack. When I worked at a convenience store in high school the more frequent players would pick up on patterns and wouldn’t buy cards in certain ranges. I’m pretty sure these players weren’t using math to determine this (cause they could easily do the math and realize they were spending more then they were winning) but rather by noticing trends.
As for the original article, I can’t imagine anyone would accept the return of lottery tickets after a sale especially out of order.
Re:
Things may have changed in the ~10 years since I worked as a clerk, but I doubt it. Scratch offs had a bar code on the back that was used to redeem the tickets. Even though that barcode was unique to each ticket and psuedo-random, it would not be impossible to crack.
The key to beating any gambling game is not to win all the time (that just generates attention), but more than your ‘fair’ share.
Let's do this.
So where can I find out how to do this? 600 dollars a day might be chump change to him, but I could do this while I sat at home, take bong hits and play World of Warcraft.
Re:
How dare you point out my stupidity! Being a part of the teeming masses of the ignorant, anonymous internet horde, I am justifiably outraged at your characterization of my useless posting habits. You have left me no option but to attempt a lame insult, thereby also announcing my intention to fail to learn from my mistakes, and to take absolutely no action to correct my glaring intellectual shortcomings.
Keep ’em coming.
The ticket they showed in the article is very unlike any tickets I have seen here in NY. They cover both sets of numbers so you don’t see the grid or you numbers until you scratch them
Check out he following for examples
http://www.fatwallet.com/static/attachments/26304_ccf01222010_00000.jpg
http://farm1.static.flickr.com/111/300572201_8ad9375543.jpg
I thought they were 'real' random.
You start your article with the claim that a statistician realized the random numbers were not really random, but generated by an algorithm. I have also been thinking about this and came to the conclusioon that the smartest thing one could was to use http://random.org/, which samples noise and generates random numbers like that. Then it becomes much more difficulty to track/seed the sequence of pseudorandom numbers.
Let's do this.
I with you, hell we can even split it and ill bring the kb. 600/day x 30 = 18K/mo, not bad for doing nothing.
I wonder if what he is doing is illegal. He isn’t modifying the card. He is simply reading information observable to anyone. Heck he doesn’t even need to touch the card to pick a winner.
It would be hard to find a law to charge him for breaking. “You have to close your eyes when you pick a card!”
Re:
Ok but if the pattern is cracked a store or employees of the store could easily get access to the pad of tickets and pull the plums from the pile.
They need to hash the barcodes in such a way that they appear random or at least follow no pattern.
Re:
“Chris, can you stick your “fixes” somewhere else?”
Wait, were you suggesting that he take note of your annoyance and specifically adjust his behavior when replying to you, but with anyone else he should feel free to comment however he wishes?
Damned decent of you! I’m writing your name down to remember this one for my future comments as well. Thank you indeed, er, Anonymous Coward!
FAIL.
Re:
I wonder if what he is doing is illegal. He isn’t modifying the card. He is simply reading information observable to anyone. Heck he doesn’t even need to touch the card to pick a winner.
Yeah, I think this falls into “counting cards in a casino” territory. He’s not cheating or using anything other than his brainpower to determine the odds, so it’s not illegal.
Time frequency counting rocks LoL
Bings 1000 points of data revealed!
http://en.wikipedia.org/wiki/List_of_search_engines
Nice twist ;0
Wonder if any writer &/or producer for Numb3rs reads TD 🙂
Lottery
I agree with the Lehrer article in Wired. Fascinating.
If this type of thing interests you, I’d recommend a novel
by David Baldacci called “The Winner”, which describes an interesting ploy to produce winning numbers. Good read!
Nice twist ;0
That one’s easy: “No.”
And yes, I’ve watched the show a few times. Enough to know that they’re making it up as they go along. Nobody on earth is as expert as that curly-haired dweed is. Pick any three shows, and nobody is as expert in those 3 fields as he is, much less all of them.
I thought they were 'real' random.
The algorithm they’re using isn’t failing at creating random numbers, as all computers do, it’s succeeding at creating the illusion of random numbers.
They cannot use a truly random number generator because they must control how many win and how many lose. If they used one then they can output tickets that win more money then lost. There’s also the chance that none of the tickets win and everyone gets pissed off and you don’t sell any more. They must create a happy medium to keep people coming back.
That’s where the problem lies. Any computer controlled random number generator can be cracked. There is a pattern even if we don’t see it. That’s what this guy did, he cracked the pattern. And from the statistics posted here, it seems others may have in the US as well.
I thought they were 'real' random.
>> Any computer controlled random number generator can be cracked. There is a pattern even if we don’t see it.
To clarify, the problem was not in generating pseudo-random numbers. The generators can be made to be very good. The problem was in the higher level rules used to generate the game pieces. Having perfectly random numbers to work with would not have saved the day because the flaw was in not using the random stream of numbers sufficiently.
An example of a high level rule that stinks is: pick the upper row on the first board to win for all the winning tickets. Also, make sure these numbers are 1,2, and 3 (and of course appear within the 24 hidden ones). Note that no randomness was used here.
Now, even if you do everything else right (other numbers look random, you have exactly the number of winners you want, etc), at some point quickly “someone” is going to realize that all the winning tickets have exactly 1 2 3 on the very top of the first tic-tac-toe game.
This is a major flaw that is trivially exploitable once you see the (obvious) pattern. The pattern would be suggest to probably almost anyone by merely looking carefully at 2 winning cards side by side.
Note, how this major flaw had nothing to do with the PRNG. It was a flaw in the compromise the designers struck between using PRNG on the one hand and making non-random decisions on the other (in their attempt to create predictability of total winnings).
That is what happened with the 2003 tic-tac-toe. The flaw was not that obvious, but it was a design flaw of the game generation algorithm and not a PRNG flaw.
Re:
>> Yes, it is ALSO a failing in their methods for encoding the cards, but the real error was in giving the buyer too much information before purchase.
Well, not exactly because the designers wanted to tease the players. They want to reveal all of that information.
The game could have very likely been created correctly by revealing lots of information, maintaining the winning ratio desired, yet not having the design flaw it had.
Re:
No, the left side is covered with latex when you buy it.
The flaw is that in order to add predictability, the designers probably removed too much randomness by trading off randomness for predictability and fast generation time. Apparently a pattern came out and the researcher guessed it.
It may very well be possible to reveal 72 numbers without revealing any pattern. No one can know for sure if that is true without a good mathematical analysis; however, even if it is possible to create such cards without patterns, it might not be feasible to create them economically or even to have the algorithms finish running during our lifetimes. This means that in practice the designers will take short-cuts (just like game designers take short-cuts in designing 3D games so that they perform well in real-time). It is in these short-cuts that likely patterns snuck in.
Re:
I doubt they label most cards publicly starting from 1.
It’s rather easy to attach a random numerical id to each ticket so that only those with the central computer mapping can know if the tic-tac-toe or other game pieces on that physical card with a given id matches what corresponds to that id on the central computer.
Re:
t’s rather easy to attach a random numerical id to each ticket so that only those with the central computer mapping can know if the tic-tac-toe or other game pieces on that physical card with a given id matches what corresponds to that id on the central computer.
Easy yes – but amazingly these organisations rarely bother!
Re:
Basically, they put too much information out there. Usually it’s an error in exposing a serial number (as you can see the serial numbers are exposed on the bottom), but in this case, it was just exposing too much of the card to the public before they buy it.
If you read the article you would discover that there is a reason why they expose too much information. It is marketing. The public prefers cards with some exposed information. There is no problem with exposing information if you do it right. However for some reason these companies don’t bother. It may be because the companies are lazy but it is more likely to be a compromise between security and making the game attractive to play. From the companies point of view it doesn’t really matter if a few individuals game the system – all they are doing is taking a little more money from the other players (who are onto a loser anyway). The companies control exactly how many winning tickets are printed so it doesn’t affect their finances directly at all.
Re:
I think what AC meant was that if you also covered ‘right’ side in latex and made people scratch those off before buying, then you can’t predict the game in the manner described because you don’t know the frequency of occurrences on the right side.
Re:
err, “made people scratch those off *after* buying” ….
Re:
but the real error was in giving the buyer too much information before purchase.
It wasn’t an error.
Cards with more information sell better – and neither the lottery company nor the store loses from people gaming the system. From the company’s point of view the extra sales are a win – and the losses from people gaming the system are born by someone else. (The other players – who are basically paying a stupidity task anyway.)
So from the companies point of view this is all fine provided it doesn’t get too much media attention.
Re:
whoops – at stupidity tax
I thought they were 'real' random.
They want more than just predictability of total winnings.
There are cryptographically secure PRNGs that will do that for you easily enough,
They want tickets that give people the illusion that they are about to win every time. This sucks them in to buying more tickets- which is the lottery companies main aim.
Doing that whilst remaining secure is much harder – and as I commented above – security doesn’t matter too much to the company (provided they can avoid bad publicity).
Nice twist ;0
Well they do have credible consultants so I wouldn’t dismiss them that glibly.
Nice twist ;0
nobody is as expert in those 3 fields as he is, much less all of them.
except maybe this guy who is a consultant for the show.
I agree with Richard
By exposing some of the information (numbers), the marks (the poor losers) think they have a chance of winning. They are involved in the process.
Having the word LOSER (or similar) covered in latex, ends the experience a lot faster, and thus there is not enough fantasy (read: addiction) involved.
My sister buys 20 lottery tickets a week; she says it’s fun (thrilling) to get near-misses because it makes her heart race. Oh sure, she’s one $600 – $900 before, but after several months worth of buying tickets at a cost of $1 to $2 each. [Do the math] Break Even.
In conclusion, it’s a scam. The lottery is stacked against the player.
NY Tix
Those are just like mine. But try to see if NY has any bingo style games. Those games are more addictive. I’ll do the same and report later.
Casinos
You mean counting cards in a casino is NOT illegal? Why do they say that it is on the rules?
Re: Casinos
Actually it isn’t counting cards that is illegal – it is winning…
I thought they were 'real' random.
What a heap of bullocks. I have 1’000’000’000 tickets printed and I need 50 winners. I thus need only 50 random numbers between 1 and 1’000’000’000. If they are created based on thermal noise there is very little you can do to predict those 50 numbers.
Clearly they didn’t use such an algorithm but that is not because the technology exists but rather stupidity from their side.
Re:
Read the Wired article. The method did not require looking at any serial numbers or scratching anything.
i liked allthe comments.the whole worlds got phds
Re:
Reel ’em in!!
Let's do this.
I’m on my way over with the skunk!!
Lotto Alert | New York (NY) Lottery results | Feeding Lottery Results Daily
Get your custom alerts to your smartphone. Manage your lottery tickets, daily numbers, quick picks, and more. Don’t miss a Jackpot again. Buy your tickets online or through your phone.
What if you could scan your lottery ticket into your mobile phone?!
We’ll you can using the Lott Alert mobile app.
Scan it, store it, and set the alert system to let you know when you win, didn’t win. It can alert you to the next drawing and jackpot amounts. You can even get an Alert when the Powerball or Mega Millions goes over super large amounts.
visit lottoAlert.me for more information.
Lotto Alert is an App for your iPhone, iPad or Android phone to store your Lottery ticket and provide alerts when you win and remind you of drawings before it’s too late.
texas lottery
Hello
A lottery is a form of gambling which involves the drawing of lots for a prize.Lottery is outlawed by some governments, while others endorse it to the extent of organizing a national or state lottery. It is common to find some degree of regulation of lottery by governments. At the beginning of the 20th century, most forms of gambling, including lotteries and sweepstakes, were illegal in many countries, including the U.S.A. and most of Europe.
the lottery results
Reverse Engineering gag
Where I formerly worked (a mfg.co.) we had barcode scanners to produce and read our labels. One day I heard a co-worker approaching, I grabbed some scratch off lottery tickets and scanned the bar code. The reader beeped and displayed a number on the screen. She took one look and said “What are you up to?” I said “Nothing”. “I want to know exactly what you are doing or I’ll have you reported to the police” Needless to say, she looked pretty dumb with her accusations. She wanted a piece of the alledged action.
Re:Tarded
I realize this is a 3 year old article (if you can call it an article.) But.. all you have done is use an entire page to summarize another article on another website.. and then suggest that “its a worthwhile read.” To which I say, I already fu?king read it, and was looking for more information on the topic, learn to fu?king stop failing at succeeding at creating, d0uchebag
Re:
I think he probably weighed the risk vs. gain ad realized that a potential job offer looked better than potential jail time.