AILSA CHANG, HOST:
OK, we're going to talk about a world that maybe most of us only know about from the movies - high-stakes poker games. The FBI arrested 31 people yesterday, including NBA coach Chauncey Billups. Authorities allege that the group made millions of dollars defrauding victims in illegal gambling schemes, including in rigged poker games that relied on high-tech methods to cheat. According to the FBI, one of those methods was rigging a card-shuffling machine that's commonly used in casinos. Well, Andy Greenberg, a senior writer for Wired, has been reporting on the hacking vulnerabilities of this machine for quite some time. He joins us now to talk about it. Welcome.
ANDY GREENBERG: Thanks for having me.
CHANG: Well, thanks for being with us. OK, so first describe this card-shuffling device. It's called the DeckMate 2, right? How is it used generally in regular poker games?
GREENBERG: Right. Well, the DeckMate 2 is this automated card-shuffling machine that can be found in casinos in Vegas and Atlantic City, in gambling establishments all around the world and also in some high-end private games. It basically takes in a deck of cards, and it uses computer-generated random numbers to place every card in a deck and then spits it out for the dealer to speed up play, basically, so that casinos can get in more hands.
CHANG: Yeah. OK. And you reported two years ago that hackers actually found a way to corrupt this machine and use it to cheat at poker. Explain, how was that done?
GREENBERG: Well, the kind of incredible thing about the DeckMate 2 is that it has a camera inside.
CHANG: (Laughter).
GREENBERG: And ironically, that camera is meant to prevent cheating. It's supposed to check that all the cards are in the deck, that those 52 cards are there...
CHANG: Right.
GREENBERG: ...And no extra ace or something. But then in 2023, a group of security researchers at the security firm IOActive found that they could, using basically, like, software vulnerabilities in the DeckMate 2, get access to that camera with this little hacking device they inserted into a USB port that's exposed on the back of the shuffler and then use that camera to pull out the deck order and transmit it via Bluetooth to a cheater's phone in the middle of a game.
CHANG: Oh, my God. It seems like such a freebie. OK, so what does law enforcement allege in this case that's now pending about how exactly this DeckMate 2 was used in their gambling scheme?
GREENBERG: Well, they cheated in lots of different ways. But the one that's spelled out in the most detail is that they rigged these DeckMate 2 card shufflers to do exactly what I just described, essentially to transmit the deck order to a secret operator actually in another state over the internet. Then that operator would transmit the information about who has the best hand to a so-called quarterback or driver, like a cheating player in the game...
CHANG: Yeah.
GREENBERG: ...Who can then see this on their phone. And then they can signal to all the other cheating partners in the game...
CHANG: Yeah.
GREENBERG: ...How they should bet or fold.
CHANG: Wait, wait, so let me try to picture this in my mind. One of the cheating players at that card table is, like, pretending to look at their phone to check a text message or something, but it's actually, like, an image of somebody else's hand or something?
GREENBERG: You're not supposed to be looking at your phone in the middle of a high-stakes poker game...
CHANG: (Laughter) Yeah.
GREENBERG: ...Even in a private room.
CHANG: OK.
GREENBERG: But if that cheating player folds, they're out of the game, so they can pick up their phone. Then they can see the information that's being transmitted by this remote operator.
CHANG: Sure. So what is the company that makes the DeckMate 2 have to say about these allegations and how easy, apparently, it is to rig their product?
GREENBERG: Well, two years ago, when we at Wired broke this story of these vulnerabilities in the DeckMate 2, Light & Wonder, the parent company of the manufacturer Shuffle Master that sells the DeckMate 2, they told us that this kind of cheating was unrealistic, that it could never be pulled off in a casino setting, which, you know, it's closely monitored. Nobody's going to be able to, you know, insert something into the USB port on these shufflers, which, you know, maybe that's true. But that doesn't mean that the owner of the machine in a private game or an unlicensed cardhouse where nobody's checking the shuffler couldn't themselves rig the machine. Now, just this summer, we at Wired decided to, you know, film a video where we...
CHANG: Yeah.
GREENBERG: ...Tried out this experiment. And set up...
CHANG: Just a few weeks ago, right? You guys posted that video.
GREENBERG: Yes, this is, like, a bizarre coincidence. And so in the process of making our video, I reached out to Light & Wonder again, and they now say that, you know, in the two years since these vulnerabilities were exposed, they have, in fact, pushed out security updates in the code of these shufflers. But those really went to, you know, machines in licensed casinos, in places like Las Vegas. This kind of patch for a security flaw in the code doesn't solve the problem of the host of the game rigging their own machine.
CHANG: Exactly. That is Andy Greenberg, senior writer at Wired. Thank you so much for joining us.
GREENBERG: Thank you, Ailsa.
CHANG: And in a statement from his lawyer, Chauncey Billups denied any wrongdoing and says that he intends to fight the allegations. Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
 
 
 
                
            