Recognizing those patterns would require remarkable effort. Slot machine outcomes are controlled by programs called pseudorandom number generators that produce baffling results by design. Government regulators, such as the Missouri Gaming Commission, vet the integrity of each algorithm before casinos can deploy it.
But as the “pseudo” in the name suggests, the numbers aren't truly random. Because human beings create them using coded instructions, PRNGs can't help but be a bit deterministic. (A true random number generator must be rooted in a phenomenon that is not manmade, such as radioactive decay.) PRNGs take an initial number, known as a seed, and then mash it together with various hidden and shifting inputs—the time from a machine’s internal clock, for example—in order to produce a result that appears impossible to forecast. But if hackers can identify the various ingredients in that mathematical stew, they can potentially predict a PRNG’s output. That process of reverse engineering becomes much easier, of course, when a hacker has physical access to a slot machine’s innards.
Knowing the secret arithmetic that a slot machine uses to create pseudorandom results isn’t enough to help hackers, though. That’s because the inputs for a PRNG vary depending on the temporal state of each machine. The seeds are different at different times, for example, as is the data culled from the internal clocks. So even if they understand how a machine’s PRNG functions, hackers would also have to analyze the machine’s gameplay to discern its pattern. That requires both time and substantial computing power, and pounding away on one’s laptop in front of a Pelican Pete is a good way to attract the attention of casino security.
The Lumiere Place scam showed how Murat Bliev and his cohorts got around that challenge. After hearing what had happened in Missouri, a casino security expert named Darrin Hoke, who was then director of surveillance at L’Auberge du Lac Casino Resort in Lake Charles, Louisiana, took it upon himself to investigate the scope of the hacking operation. By interviewing colleagues who had reported suspicious slot machine activity and by examining their surveillance photos, he was able to identify 25 alleged operatives who'd worked in casinos from California to Romania to Macau. Hoke also used hotel registration records to discover that two of Bliev’s accomplices from St. Louis had remained in the US and traveled west to the Pechanga Resort & Casino in Temecula, California. On July 14, 2014, agents from the California Department of Justice detained one of those operatives at Pechanga and confiscated four of his cell phones, as well as $6,000. (The man, a Russian national, was not indicted; his current whereabouts are unknown.)
The cell phones from Pechanga, combined with intelligence from investigations in Missouri and Europe, revealed key details. According to Willy Allison, a Las Vegas–based casino security consultant who has been tracking the Russian scam for years, the operatives use their phones to record about two dozen spins on a game they aim to cheat. They upload that footage to a technical staff in St. Petersburg, who analyze the video and calculate the machine’s pattern based on what they know about the model’s pseudorandom number generator. Finally, the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button.
“The normal reaction time for a human is about a quarter of a second, which is why they do that,” says Allison, who is also the founder of the annual World Game Protection Conference. The timed spins are not always successful, but they result in far more payouts than a machine normally awards: Individual scammers typically win more than $10,000 per day. (Allison notes that those operatives try to keep their winnings on each machine to less than $1,000, to avoid arousing suspicion.) A four-person team working multiple casinos can earn upwards of $250,000 in a single week.
Since there are no slot machines to swindle in his native country, Murat Bliev didn’t linger long in Russia after his return from St. Louis. He made two more trips to the US in 2014, the second of which began on December 3. He went straight from Chicago O'Hare Airport to St. Charles, Missouri, where he met up with three other men who’d been trained to scam Aristocrat’s Mark VI model slot machines: Ivan Gudalov, Igor Larenov, and Yevgeniy Nazarov. The quartet planned to spend the next several days hitting various casinos in Missouri and western Illinois