A man in Iowa stole more than $14 million from the lottery company he worked for using malware. Hermann/Pixabay

A former employee of a popular lottery operator has plead guilty to scamming his own lottery out of more than $14 million using malware to generate winning numbers.

Eddie Raymond Tipton, the one-time security director of the Multi-State Lottery Association (MUSL), along with his brother Tommy Tipton and Robert Clark Rhodes II, were caught running a multimillion-dollar lottery rigging scheme that involved seven winning tickets in five states.

Read: Fireball Malware: Cyberattack Infects 250 Million Devices, 20 Percent Of Corporate Computer Networks

Through his role as security director, Eddie Tipton was responsible for the software and technology used to randomly generate numbers and select lottery winners. His role provided him access to the inner-workings of lottery games, including one called Hot Lotto that was available in 16 states.

Tipton used his access to these computers to carry out his scam. He created a piece of self-deleting malware—which he stored on a thumb drive—to manipulate the results of the lottery game, turning the game of chance into one that produced a predictable outcome.

The malware worked in a very particular way, and the changes it made to the lottery software was nearly undetectable. The only tweak Tipton’s malicious code made was to hijack the random number generator algorithm under several specific conditions.

For the malware to work, a lottery draw had to meet the follow conditions: take place May 27, November 22 or December 29; have the draw fall on a Wednesday or Saturday; and take place after 10pm local time. If those conditions were met, the malware would produce predictable numbers rather than random ones, allowing anyone who knew those numbers to claim the jackpot.

Read: Chipotle Hacked: Credit Card Breach, Malware Hit 'Most' Locations, Restaurant Reports

Tipton’s scheme allowed he and his partners to claim lottery wins in Iowa, Wisconsin, Colorado, Oklahoma, Texas and Kansas. His win streak included a $783,000 jackpot in Wisconsin, for which he was charged and pleaded guilty to fraud and a computer crime charge.

The largest payday for Tipton and his associates was a $14.3 million win in Iowa. A number of people attempted to redeem the ticket on Tipton’s behalf but none were able to do so successfully, and the activity tipped off authorities to the scam.

Tipton was later pinpointed as the person behind the fraud attempt when a surveillance camera at a QuickTrip caught him on video and he was identified by another employee of the MUSL he worked for. Tipton had avoided detection on the security footage in place within the operating room of the lottery’s computers by tampering with the cameras.

Structure Security
Newsweek is hosting a Structure Security event Sept. 26-27 in San Francisco. Newsweek Media Group

A judge has ordered Tipton to pay $1.4 million in restitution for the scheme. His brother, who pleaded guilty to conspiracy to commit theft, is facing a payment of $800,000 and a two-and-a-half month jail sentence.

Robert Clark Rhodes II of Sugarland, Texas was also arrested for participating in the fraud ring. Rhodes was charged with conspiracy to commit theft and intend to defraud for attempting to redeem a lottery ticket for the rigged drawing.

The lottery association Tipton worked for has also come under fire from other players who feel they were cheated out of an opportunity to win on the days the lottery was rigged—slim as those odds would be. A number of lawsuits have been filed against the association.


© Copyright IBTimes 2022. All rights reserved.