Former Security Director For Lottery Charged With Tampering Equipment Before Secretly Buying $14.3 Million Winning Ticket
from the security-director? dept
If someone hasn't already sold the movie rights to the story of Eddie Raymond Tipton, expect it to happen soon. Tipton, an Iowa-based former "security director" for the Multi-State Lottery Association (MUSL), is accused of trying to pull off the perfect plot to allow himself to win the lottery. It didn't work, but not for the lack of effort. MUSL runs a bunch of the big name lotteries in the US, including Mega Millions and Powerball. It also runs the somewhat smaller Hot Lotto offering, which was what Tipton apparently targeted. When he was arrested back in January, the claims were that it had to do with him just playing and winning the lottery and then trying to hide the winnings. Lottery employees are (for obvious reasons) not allowed to play. However, late last week, prosecutors in Iowa revealed that it was now accusing Tipton of not just that, but also tampering with the lottery equipment right before supposedly winning $14.3 million. Because of these new revelations, Tipton's trial has been pushed back until July. However, the details of the plot and how it unraveled feel like they come straight out of a Hollywood plot.First, there's the story of how Tipton was discovered winning the lottery in the first place. The ticket was purchased in late December 2010 in a QuickTrip off of Highway 80 in Iowa. The winning $14.3 million went unclaimed for nearly a year, but right before it was set to expire, a New York lawyer named Crawford Shaw showed up with paperwork to claim it. However, Shaw refused to reveal the necessary details about who actually won the money, as Shaw was merely representing Hexham Investments Trust, which was a shell company set up in Belize. Belize, as you already know, is a popular place to setup offshore companies if you want the true ownership to be anonymous. The problem, however, is that Iowa doesn't allow for anonymous lottery winners. That resulted in Iowa officials investigating who was really behind the winning ticket.
The resulting investigation took them from the NY lawyer Shaw to some (unnamed) guy in Quebec City, Canada, who was listed as Hexham Investments Trust's trustor and president. That guy eventually pointed investigators to two other guys in the Houston area: Robert Rhodes and an unnamed Houston attorney -- who had also known the NY attorney, Shaw, for many years. The attorney in Houston insisted that he represented the winner of the ticket who wished to remain anonymous. Somewhat stumped, investigators released a video and screenshots of the guy at the QuickTrip who bought the ticket:
And that's where the story stood until just recently. In March, Rhodes was also arrested for fraud and then prosecutors revealed that Tipton was in the draw room in November, a month before the winning ticket was purchased and that they believe he tampered with the equipment:
Prosecutors also argued in their reply that Tipton was in the draw room on Nov. 20, 2010, "ostensibly to change the time on the computers." The prosecution alleged the cameras in the room on that date recorded about one second per minute instead of how they normally operate, recording every second a person is in the room.Of course, some of the additional evidence seems purely speculative. For example, prosecutors quote Tipton's co-workers talking about his "obsession" with rootkits:
"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions; the fifth person is Defendant," the prosecution wrote.
It is a reasonable deduction to infer that Defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection."
In their reply to the defense's motion, prosecutors argued that Tipton's co-workers said he "was 'obsessed' with root kits, a type of computer program that can be installed quickly, set to do just about anything, and then self-destruct without a trace." The prosecution claimed a witness will testify that Tipton told him before December 2010 that he had a self-destructing root kit.Honestly, that part of it feels pretty weak, and one would hope they have more extensive evidence to support that claim. However, given all of the other evidence in the case, and the timing of all of the events, it certainly does raise reasonable questions about just what Tipton was up to in that room.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: eddie raymond tipton, fraud, hot lotto, iowa, lottery, rootkits, scam
Companies: multi-state lottery association, musl
Reader Comments
Subscribe: RSS
View by: Time | Thread
"given all of the other evidence" -- Yet can't connect Kim Dotcom to contributory infringement?
Your analytic abilities are highly selective.
[ link to this | view in chronology ]
Re: "given all of the other evidence" -- Yet can't connect Kim Dotcom to contributory infringement?
Your analytic abilities are highly selective.
[ link to this | view in chronology ]
Also, MUSL isn't directly involved with the lottery equipment (at least, not in IL.) If he gained access to a machine, he likely had inside help. However, different states have different companies managing the machines so MUSL might have a little knowledge (as it pertains to their games) but I still think he'd need help.
Use to work for one of those companies.
[ link to this | view in chronology ]
"given all of the other evidence"
Petabytes of infringing content stored for anyone to download, but that's only circumstantial, eh?
Your analytic abilities are highly selective.
[ link to this | view in chronology ]
Re: "given all of the other evidence"
His calendar must have been odd.
"Upload, upload, upload, upload, upload, upload, upload, upload, upload, pee, upload, upload, upload, upload, upload, upload, upload, upload, brush teeth, upload, upload, upload, upload, upload, upload, upload, upload, upload, upload, upload, upload, drink coffee."
[ link to this | view in chronology ]
Re: "given all of the other evidence"
By your logic, maybe the guy at the KickTwip who sold Tipton the lottery ticket should also be charged. Be raided by black helicopters, etc. After all, this is a real crime for millions of dollars. And that KickTwip store definitely enables and facilitates committing fraud on lottery systems just as digital storage lockers, ethernet cables and electric utilities contribute to copyright infringement.
[ link to this | view in chronology ]
Re: Re: "given all of the other evidence"
[ link to this | view in chronology ]
Re: Re: Re: "given all of the other evidence"
There are 2 chains in the US that call themselves that.
One spells it KwikTrip.
The other spells it QuikTrip.
Presently both are in different markets. I can only imagine the confusion that would result - like what already exists in this article - if they both entered the same market.
[ link to this | view in chronology ]
Re: Re: Re: Re: "given all of the other evidence"
[ link to this | view in chronology ]
Re: "given all of the other evidence"
Kim Dotcom Megaupload case falters over sharing Canadian data
Another highlight: The crown attorney acting on behalf of the U.S., arguing that all the data should be handed over to the US, privacy be damned, because "this data pales in comparison to other information shared easily with the U.S., such as wiretaps." "What's being proposed here looks very, very minor in terms of what we're exposing foreign officials to."
Americans should remember that that information flow goes both ways.
[ link to this | view in chronology ]
Re: "given all of the other evidence"
Your analysis is what seems selective here.
[ link to this | view in chronology ]
Re: "given all of the other evidence"
[ link to this | view in chronology ]
Re: "given all of the other evidence"
Nobody can, it seems.
"Petabytes of infringing content stored for anyone to download, but that's only circumstantial, eh?"
That's not, by itself, evidence of contributory infringement, circumstantial or otherwise. Also, petabytes? Evidence, please.
[ link to this | view in chronology ]
Re: "given all of the other evidence"
Thanks for bringing this up. By bringing this up you allow us to keep reminding everyone how corrupt the government and industry is in their attempt to stifle competition for personal gain.
[ link to this | view in chronology ]
Re: Re: "given all of the other evidence"
[ link to this | view in chronology ]
He had a Sony DVD?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
How dumb do you have to be?
[ link to this | view in chronology ]
Re: How dumb do you have to be?
He probably didn't count on the store still having video of him purchasing the ticket ;)
I'm guessing he realized at some point later that he couldn't use any direct friends or family - he couldn't trust some random stranger on the street, and choosing an old school buddy was his best bet.
Too bad it still tied back to him :D
[ link to this | view in chronology ]
Re: Re: How dumb do you have to be?
How does a guy this inept get hired to that position in the first place?
[ link to this | view in chronology ]
Re: Re: Re: How dumb do you have to be?
[ link to this | view in chronology ]
Re: Re: Re: How dumb do you have to be?
After that seemingly flawless execution of the hack, he didn't plan ahead enough to get an accomplish for the actual heist. When he found out he had blundered, he tried covering it up. While his setup wasn't bad - an old friends friend trying to hide him in a taxshelter - nobody wants hackers to get a payday for their deeds and the policework has been pretty good.
The question you should ask yourself is: "Would the company have noticed the tampering and made the connection before he could have disappeared if he didn't buy the ticket?" Given how the case has unraveled, it seems likely he actually did well enough on the IT-technical stuff, while he done goofed in the legal understanding part of the plan.
[ link to this | view in chronology ]
Re: Re: Re: Re: How dumb do you have to be?
[ link to this | view in chronology ]
Re: How dumb do you have to be?
Dumb enough to not research and discover that Iowa doesn't allow anonymous winners.
Dumb enough to think that an offshore and lawyer would keep him anonymous.
Dumb enough not to realize that winning would bring lots of instant scrutiny to ensure the win wasn't fraudulent.
I think this guy should have found gainful employment with his talents, by applying for a job at Righthaven, Prenda, Rightscorp, or even the RIAA / MPAA.
[ link to this | view in chronology ]
Why not just...
[ link to this | view in chronology ]
Re: Why not just...
[ link to this | view in chronology ]
Re: Why not just...
[ link to this | view in chronology ]
Re: Why not just...
In the end playing the lottery is stupid and you could better spend your time and money on other pursuits.
[ link to this | view in chronology ]
Re: Why not just...
Thanks in advance.
[ link to this | view in chronology ]
I'm surprised they use computers for the drawing
[ link to this | view in chronology ]
Re: I'm surprised they use computers for the drawing
Put the two together and it should bring you to a conclusion about why someone might choose to use something that can be tampered with. And it's the exact same reason why some would push so hard for voting machines designed to invite tampering.
Q. Why would anyone choose something that can be tampered with and have no verification?
A. Because it allows the results to be tampered with and have no verification.
[ link to this | view in chronology ]
Re: I'm surprised they use computers for the drawing
[ link to this | view in chronology ]
Re: Re: I'm surprised they use computers for the drawing
[ link to this | view in chronology ]
Re: I'm surprised they use computers for the drawing
Look at Florida 2000 and everybody's new friend, Dangling Chad.
In the meantime, open source code run by a monitored neutral party would be able to keep the game honest.
[ link to this | view in chronology ]
Re: Re: I'm surprised they use computers for the drawing
[ link to this | view in chronology ]
Re: Re: Re: I'm surprised they use computers for the drawing
[ link to this | view in chronology ]
Re: Re: Re: I'm surprised they use computers for the drawing
You clearly picked up the wrong message.
[ link to this | view in chronology ]
Re: Re: Re: Re: I'm surprised they use computers for the drawing
It also taught us that people actually don't want to look for weaknesses and flaws.
I agree that it's better to be able to than not to be able to... but for most of the world it's an academic distinction.
Notwitstanding, it seems that black box hacking is at least as common as source code inspection, which suggests that it's just as easy to find weaknesses and flaws in proprietary code as OSS code. The only benefit is that OSS code allows the possibility (but not the certainty) of a fork if the current developers aren't interested in working on a fix for any found weaknesses and flaws.
Then again, patch and pray is a bit of a broken system to start with. The gordian knot needs to be cut.
[ link to this | view in chronology ]
Open source doesn't determine the size of the support team or that they're volunteers
But that is what keeps our still robust encryption options like AES intact, and why we suspected the vulnerability of the elliptic curve RNG seed generator long before it was revealed to be an NSA backdoor.
With an open source secure lottery number picker, white hats and black hats alike would be all over it like anteaters looking for exploits.
[ link to this | view in chronology ]
Re: Re: I'm surprised they use computers for the drawing
[ link to this | view in chronology ]
Monitoring and verification
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Can we give a funniest comment to...
""Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions; the fifth person is Defendant," the prosecution wrote. "
I am pretty sure all 5 f them will testify they did not change the camera's settings. Unless the accused just really wants to go to prison.
[ link to this | view in chronology ]
Re: Can we give a funniest comment to...
Exactly. That sentence structure is prosecutor-speak to make people appear guilty using mere suggestion, and it works on many people.
[ link to this | view in chronology ]
Only after he does this, does he realize it's not a "dry run". He has already committed the crime. He left evidence. Rather than having time to complete the plan for the perfect crime, he is halfway in with no way to back out and no good endgame.
So he spends the next few months coming up with an approach to cash in the ticket. But it's a lot more difficult than he expected. There are plenty of ways to launder money if you have a big operation and a legitimate flow of money to hide under. But no good way to do a last-minute one-off.
He probably didn't have the contacts, but his best bet would probably have been someone looking to launder money. They would be willing to buy a winning lottery ticket in order to turn unexplainable piles of cash into legitimate income.
[ link to this | view in chronology ]
Re: "Dry Run"
If nobody had ever tried to claim the prize the lottery almost certainly never would have conducted any investigation at all. Unless they were already aware of the improper video recording of the drawing computer they would have had nothing to be suspicious about. Since it took so long to make an arrest and the original charge didn't include anything about the equipment tampering it seems unlikely that the video problem had already been discovered by any routine check.
The one thing that's absolutely certain about this case is that the lottery's security protocols were incredibly deficient.
[ link to this | view in chronology ]
Light Bulb Just Went On.
[ link to this | view in chronology ]