Former Security Director For Lottery Charged With Tampering Equipment Before Secretly Buying $14.3 Million Winning Ticket

from the security-director? dept

If someone hasn’t already sold the movie rights to the story of Eddie Raymond Tipton, expect it to happen soon. Tipton, an Iowa-based former “security director” for the Multi-State Lottery Association (MUSL), is accused of trying to pull off the perfect plot to allow himself to win the lottery. It didn’t work, but not for the lack of effort. MUSL runs a bunch of the big name lotteries in the US, including Mega Millions and Powerball. It also runs the somewhat smaller Hot Lotto offering, which was what Tipton apparently targeted. When he was arrested back in January, the claims were that it had to do with him just playing and winning the lottery and then trying to hide the winnings. Lottery employees are (for obvious reasons) not allowed to play. However, late last week, prosecutors in Iowa revealed that it was now accusing Tipton of not just that, but also tampering with the lottery equipment right before supposedly winning $14.3 million. Because of these new revelations, Tipton’s trial has been pushed back until July. However, the details of the plot and how it unraveled feel like they come straight out of a Hollywood plot.

First, there’s the story of how Tipton was discovered winning the lottery in the first place. The ticket was purchased in late December 2010 in a QuickTrip off of Highway 80 in Iowa. The winning $14.3 million went unclaimed for nearly a year, but right before it was set to expire, a New York lawyer named Crawford Shaw showed up with paperwork to claim it. However, Shaw refused to reveal the necessary details about who actually won the money, as Shaw was merely representing Hexham Investments Trust, which was a shell company set up in Belize. Belize, as you already know, is a popular place to setup offshore companies if you want the true ownership to be anonymous. The problem, however, is that Iowa doesn’t allow for anonymous lottery winners. That resulted in Iowa officials investigating who was really behind the winning ticket.

The resulting investigation took them from the NY lawyer Shaw to some (unnamed) guy in Quebec City, Canada, who was listed as Hexham Investments Trust’s trustor and president. That guy eventually pointed investigators to two other guys in the Houston area: Robert Rhodes and an unnamed Houston attorney — who had also known the NY attorney, Shaw, for many years. The attorney in Houston insisted that he represented the winner of the ticket who wished to remain anonymous. Somewhat stumped, investigators released a video and screenshots of the guy at the QuickTrip who bought the ticket:

A colleague of Tipton’s at the MUSL told investigators that it was Tipton. Investigators then discovered that Rhodes and Tipton had gone to University of Houston together and frequently talked to each other by phone. After some more investigating, Tipton was officially arrested and charged with fraud in January.

And that’s where the story stood until just recently. In March, Rhodes was also arrested for fraud and then prosecutors revealed that Tipton was in the draw room in November, a month before the winning ticket was purchased and that they believe he tampered with the equipment:

Prosecutors also argued in their reply that Tipton was in the draw room on Nov. 20, 2010, “ostensibly to change the time on the computers.” The prosecution alleged the cameras in the room on that date recorded about one second per minute instead of how they normally operate, recording every second a person is in the room.

“Four of the five individuals who have access to control the camera’s settings will testify they did not change the cameras’ recording instructions; the fifth person is Defendant,” the prosecution wrote.

It is a reasonable deduction to infer that Defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection.”

Of course, some of the additional evidence seems purely speculative. For example, prosecutors quote Tipton’s co-workers talking about his “obsession” with rootkits:

In their reply to the defense’s motion, prosecutors argued that Tipton’s co-workers said he “was ‘obsessed’ with root kits, a type of computer program that can be installed quickly, set to do just about anything, and then self-destruct without a trace.” The prosecution claimed a witness will testify that Tipton told him before December 2010 that he had a self-destructing root kit.

Honestly, that part of it feels pretty weak, and one would hope they have more extensive evidence to support that claim. However, given all of the other evidence in the case, and the timing of all of the events, it certainly does raise reasonable questions about just what Tipton was up to in that room.

Filed Under: , , , , , ,
Companies: multi-state lottery association, musl

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Former Security Director For Lottery Charged With Tampering Equipment Before Secretly Buying $14.3 Million Winning Ticket”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Winning and attempting to be anonymous isn’t going to work. The fine print on tickets grants the companies or states that run the lottery the use of name & likeness of the winner. Kind of like sports tickets.

Also, MUSL isn’t directly involved with the lottery equipment (at least, not in IL.) If he gained access to a machine, he likely had inside help. However, different states have different companies managing the machines so MUSL might have a little knowledge (as it pertains to their games) but I still think he’d need help.

Use to work for one of those companies.

Baron von Robber says:

Re: "given all of the other evidence"

Kim Dotcom uploaded petabytes of infringing content??!

His calendar must have been odd.

“Upload, upload, upload, upload, upload, upload, upload, upload, upload, pee, upload, upload, upload, upload, upload, upload, upload, upload, brush teeth, upload, upload, upload, upload, upload, upload, upload, upload, upload, upload, upload, upload, drink coffee.”

DannyB (profile) says:

Re: "given all of the other evidence"

Kim Dotcom is not involved in any infringement activities. Some of his end users may be.

By your logic, maybe the guy at the KickTwip who sold Tipton the lottery ticket should also be charged. Be raided by black helicopters, etc. After all, this is a real crime for millions of dollars. And that KickTwip store definitely enables and facilitates committing fraud on lottery systems just as digital storage lockers, ethernet cables and electric utilities contribute to copyright infringement.

Anonymous Coward says:

Re: Re: Re: "given all of the other evidence"


There are 2 chains in the US that call themselves that.

One spells it KwikTrip.

The other spells it QuikTrip.

Presently both are in different markets. I can only imagine the confusion that would result – like what already exists in this article – if they both entered the same market.

Roger Strong (profile) says:

Re: "given all of the other evidence"

The Kim Dotcom case has international border and privacy complications. From the CBC News yesterday:

Kim Dotcom Megaupload case falters over sharing Canadian data

More than three years have passed since Canadian police seized 32 Megaupload-related servers on behalf of U.S. authorities seeking to prosecute company founder Kim Dotcom in one of the world’s largest copyright infringement cases.
A year later, a different Ontario judge rejected a request to send mirror copies of what was on those servers to the U.S, saying such a request might be overly broad. Instead, the justice ordered both parties to find a way to filter out and share only the relevant data.
The “vast majority” of the data, argues Megaupload lawyer Hutchison, is likely everyday files uploaded by innocent users of the file-sharing service, which allowed users to upload and share large files such as photos, videos and documents.
But Megaupload’s lawyer argued that the Ontario court can only ask the U.S. police officials on the so-called clean team to “double pinky promise” that they won’t share information not relevant to the case, since there’s no way to enforce the court’s decision south of the border.

Another highlight: The crown attorney acting on behalf of the U.S., arguing that all the data should be handed over to the US, privacy be damned, because “this data pales in comparison to other information shared easily with the U.S., such as wiretaps.” “What’s being proposed here looks very, very minor in terms of what we’re exposing foreign officials to.”

Americans should remember that that information flow goes both ways.

John Fenderson (profile) says:

Re: "given all of the other evidence"

“Yet you can’t connect Kim Dotcom to contributory infringement?”

Nobody can, it seems.

“Petabytes of infringing content stored for anyone to download, but that’s only circumstantial, eh?”

That’s not, by itself, evidence of contributory infringement, circumstantial or otherwise. Also, petabytes? Evidence, please.

Anonymous Coward says:

Re: "given all of the other evidence"

The case does more to connect copy protection law, those that push for it (RIAA/MPAA), politicians, and the government with corruption than anything. It shows the true motive is not to stop infringement but to stop competition altogether. For example it was the government, working for the RIAA/MPAA (not the people), that was responsible for destroying all that evidence. Kim wanted to keep it. Why would he be willing to keep evidence that the government acted to destroy if he was so guilty. Kim dot com also went above and beyond when he complied with takedown notices. His servers were mostly used for legitimate purposes. Sure, some users may have attempted to use it for infringement but that’s no different than someone using the USPS for illegal activity. The USPS can’t be blamed for the actions of others.

Thanks for bringing this up. By bringing this up you allow us to keep reminding everyone how corrupt the government and industry is in their attempt to stifle competition for personal gain.

Anonymous Coward says:

Re: Re: "given all of the other evidence"

Perhaps another part of the reason the U.S. government went after Megaupload is because it was a foreign service that competed with U.S. services (ie: google/youtube). The U.S. doesn’t want American dollars directed overseas. Of course New Zealand should probably consider this an attempt by the U.S. to harm their economic growth internationally and they should allow to continue making their country wealthier. From this perspective this gives me a lot less sympathy for the U.S. when the EU attempts to pass laws against Google. A taste of their own medicine if you will.

Anonymous Coward says:

Re: How dumb do you have to be?

More than likely, he just got cocky and figured he would deal with the issue of claiming it at a later date.

He probably didn’t count on the store still having video of him purchasing the ticket 😉

I’m guessing he realized at some point later that he couldn’t use any direct friends or family – he couldn’t trust some random stranger on the street, and choosing an old school buddy was his best bet.

Too bad it still tied back to him 😀

Anonymous Coward says:

Re: Re: How dumb do you have to be?

My guess is that security cameras along with compliance with a corresponding policy to prevent and investigate possible fraud are likely required for any place that wishes to sell lottery tickets and part of that policy is likely that when a matching ticket is found, the footage is automatically reviewed and archived. This guy was also the “SECURITY DIRECTOR” for the lottery. If anyone should know what those policies and procedures are you would think that it would be him. Next question:

How does a guy this inept get hired to that position in the first place?

Anonymous Coward says:

Re: Re: Re: How dumb do you have to be?

Security directors for an IT-reliant company. His tampering was likely what he got focused on.
After that seemingly flawless execution of the hack, he didn’t plan ahead enough to get an accomplish for the actual heist. When he found out he had blundered, he tried covering it up. While his setup wasn’t bad – an old friends friend trying to hide him in a taxshelter – nobody wants hackers to get a payday for their deeds and the policework has been pretty good.

The question you should ask yourself is: “Would the company have noticed the tampering and made the connection before he could have disappeared if he didn’t buy the ticket?” Given how the case has unraveled, it seems likely he actually did well enough on the IT-technical stuff, while he done goofed in the legal understanding part of the plan.

Anonymous Coward says:

Re: Re: Re:2 How dumb do you have to be?

The fact is lotteries don’t allow anonymous winners for 2 reasons and fraud prevention is only one of them. The other is whenever there is a big jackpot winner they want to use the presentation of that jackpot to the individual in a very public way to promote further interest in playing the lottery. It’s fundamental to the business plan for the way lotteries work. There is never going to be a winner that is going to be able to collect without exposing their identity. The concept of someone tampering with the lottery to generate a winning ticket for themselves but never collecting wouldn’t cause them to lose any money so until someone tries to claim it they really have no incentive to vet the process to make sure that the process was legitimate. If the ticket expires unclaimed, they still haven’t lost anything and don’t have to waste resources doing an investigation that in their mind is unnecessary.

DannyB (profile) says:

Re: How dumb do you have to be?

And dumb enough to talk about his self destructing rootkit.

Dumb enough to not research and discover that Iowa doesn’t allow anonymous winners.

Dumb enough to think that an offshore and lawyer would keep him anonymous.

Dumb enough not to realize that winning would bring lots of instant scrutiny to ensure the win wasn’t fraudulent.

I think this guy should have found gainful employment with his talents, by applying for a job at Righthaven, Prenda, Rightscorp, or even the RIAA / MPAA.

Anonymous Coward says:

Re: Why not just...

plus if anyone realized a friend of an employee won then I am sure both would be investigated for potential fraud. It would have to be an obscure friend that you can still trust enough to deposit at least some of the money into the account.

In the end playing the lottery is stupid and you could better spend your time and money on other pursuits.

Anonymous Coward says:

Re: Why not just...

Ohai AC @ 11:44am. Please can you go pick up a ticket whose number I will specify when you’ve answered my post with your full name, address, date of birth, and bank account details including any security information I may need to access it so I can get my share of the multiple millions you’re going to have in there when you’ve bought it and cashed it in. Not bad for a couple bucks, huh?

Thanks in advance.

DannyB (profile) says:

Re: I'm surprised they use computers for the drawing

You cite the very reason why they would use computers (because tampering can be done), while being surprised that they would choose that.

Put the two together and it should bring you to a conclusion about why someone might choose to use something that can be tampered with. And it’s the exact same reason why some would push so hard for voting machines designed to invite tampering.

Q. Why would anyone choose something that can be tampered with and have no verification?
A. Because it allows the results to be tampered with and have no verification.

Uriel-238 (profile) says:

Re: I'm surprised they use computers for the drawing

So be fair, mechanical lottery devices and paper ballots allow for plenty of tampering and questionable results.

Look at Florida 2000 and everybody’s new friend, Dangling Chad.

In the meantime, open source code run by a monitored neutral party would be able to keep the game honest.

Anonymous Coward says:

Re: Re: Re: I'm surprised they use computers for the drawing

It also taught us that if people want to actually look for the weaknesses and flaws, they can – while closed source software is much more opaque to the masses (while remaining easy for the hackers and crackers to exploit at will).

You clearly picked up the wrong message.

MrTroy (profile) says:

Re: Re: Re:2 I'm surprised they use computers for the drawing

It also taught us that if people want to actually look for the weaknesses and flaws, they can

It also taught us that people actually don’t want to look for weaknesses and flaws.

I agree that it’s better to be able to than not to be able to… but for most of the world it’s an academic distinction.

Notwitstanding, it seems that black box hacking is at least as common as source code inspection, which suggests that it’s just as easy to find weaknesses and flaws in proprietary code as OSS code. The only benefit is that OSS code allows the possibility (but not the certainty) of a fork if the current developers aren’t interested in working on a fix for any found weaknesses and flaws.

Then again, patch and pray is a bit of a broken system to start with. The gordian knot needs to be cut.

Uriel-238 (profile) says:

Re: Re: Re: Open source doesn't determine the size of the support team or that they're volunteers

Only that the code is available to public scrutiny. Though, yes, that usually goes hand-in-hand with a free license to use and modify.

But that is what keeps our still robust encryption options like AES intact, and why we suspected the vulnerability of the elliptic curve RNG seed generator long before it was revealed to be an NSA backdoor.

With an open source secure lottery number picker, white hats and black hats alike would be all over it like anteaters looking for exploits.

Anonmylous says:

Can we give a funniest comment to...

the prosecutor?

“”Four of the five individuals who have access to control the camera’s settings will testify they did not change the cameras’ recording instructions; the fifth person is Defendant,” the prosecution wrote. “

I am pretty sure all 5 f them will testify they did not change the camera’s settings. Unless the accused just really wants to go to prison.

DB (profile) says:

I’ll posit a scenario: this guy came up with a way to rig the number-choosing side of the lottery, probably with a rootkit. He immediately wanted to see if it would work, so he bought a ticket, changed the security video frame record rate, and installed the rootkit.

Only after he does this, does he realize it’s not a “dry run”. He has already committed the crime. He left evidence. Rather than having time to complete the plan for the perfect crime, he is halfway in with no way to back out and no good endgame.

So he spends the next few months coming up with an approach to cash in the ticket. But it’s a lot more difficult than he expected. There are plenty of ways to launder money if you have a big operation and a legitimate flow of money to hide under. But no good way to do a last-minute one-off.

He probably didn’t have the contacts, but his best bet would probably have been someone looking to launder money. They would be willing to buy a winning lottery ticket in order to turn unexplainable piles of cash into legitimate income.

Steve from Kingston says:

Re: "Dry Run"

There would have been a very easy way to back out after the fact. All he had to do was tear up the ticket and forget about it.

If nobody had ever tried to claim the prize the lottery almost certainly never would have conducted any investigation at all. Unless they were already aware of the improper video recording of the drawing computer they would have had nothing to be suspicious about. Since it took so long to make an arrest and the original charge didn’t include anything about the equipment tampering it seems unlikely that the video problem had already been discovered by any routine check.

The one thing that’s absolutely certain about this case is that the lottery’s security protocols were incredibly deficient.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...