Investigation of the Iowa fraud case continues.
The prosecution believes that Tipton used a self-destructing rootkit to tamper with the lottery’s random number generator. “One of the things we don’t see much when we talk about computer security … is physical access to the machine by somebody intent on doing evil,” Jacobson [an expert, Iowa University professor] said. “If you can physically gain access to a system, touch it as a person intent on doing evil, there’s very little that can be done to stop you.”
Actually, the technology exists that can stop this; Szrek2Solutions’ RNG technology allows to mathematically verify generated random numbers, time of draw and draw process; so if this RNG technology was used, it would have detected the fraud or proven draw integrity. As it happened, there was no systemic fraud detection, rather preventive measure were used. Consequently, there is no proof, only circumstantial evidence.
This case brings up important issue for the lottery industry. RNG-s are and will be used by lotteries for many reasons. RNG vulnerability to fraud should be addressed, to prevent cases like this from happening. They cause too much damage to the industry. The lotteries need to review the RNGs they use – are they fully secure in case of insider attack and do they provide conclusive fraud detection? More on typical RNG security risks and available defenses against insider fraud.