“A good security and control casino system is based in the continuous assessment on the new ways of attack and prevention”

How did you start working with information security applied to the gaming industry?
My work, connected to the Information Security, started after 2001, when I was Assessor and Assessor of private national and international companies and Special Forces of International Security,  among them, American Express Argentina (Global Security division), the firm ICIACORP (intelligence and security consuting), ATT Venezuela, the International Criminal Police Organization (OCN INTERPOL Lima-Peru), among others.

In recent years, he was appointed by several judges and attorneys of the City of Buenos Aires as Technical Adviser and Official Expert in cases of illegal and clandestine gaming in Internet, cases with no precedents in Argentina so far. Importante National and International gaming companies  chose our services in Assessment in Security and Computing Expertise.

The experiences acquired all these years and the merits achieved led me to create the Consultant of Security Information ZL -Security Senior Consultant (ZL-SSC), positioned as one of the main companies from Argentina and Latin America in offering Gambling Security and Gambling Forensics services, among other services allocated to fraud prevention, detection and investigation, cheats, tricks, frauds, incidents, etc., which involves totally or partially the use of technologies in gambling venues and companies related to the gaming industry.

In your view, how important is the security issue for casino operators?
The importance that operators bring to security in casinos nowadays is very considerable and they have a top-level instruction. As everybody knows, technology improves very fast, so Information Security has to be constantly renewed, because technological improvement is also for “bad guys” that, day after day, search for new ways to vulnerate those security barriers that operators have; they achieve this with the use of new technologies and/or taking advantage of the gaps or weak points of casinos or bingo halls, so then, they may attach to them and achieve their goals.

For example, the increment of internal robberies due to a lack of security procedures and  secure and effective internal controls are growing considerably in the industry, as “Orleáns” case, where casino employees took advantage on the lack of controls on them and with regards to the maintenance and manipulation of their activities in slots and device, achieved, for a long time, to rob thousands of dollars passing totally unnoticed to casino controls.

I am convinced that, nowadays, a good Security and Control system is based in the continuous assessment on the new forms of attack and prevention to managers of security in casinos and the implementation of new and improved internal security controls, both of software applications and policies and procedures acordes to the new ways of cheats, tricks, frauds, robberies, etc.

How complex are the technologies that operators face when being attacked?
Operators face latest generation technologies, because “bad guys” evolved together with the improvements applied in the industry. Some evolution examples, for example, are: “Bad guys” used to forge tokens for slots until the controls were improved. Then, they wanted to attack the Hopper with the Slider technique, until manufacturers and operators detected that and improved that with a coin sensor. Then, they attacked this sensor with the
Bar-Light, and then, they were followed by card counters of Black Jack; then, techniques such as Los Pelayos for roulettes, Savannah techniques in table games, technical device that can vulnerate bill acceptors, ways to predict numbers in traditional or electronic roulettes, etc.

Nowadays, our ZL-24/7 base registers in an online form, 24-7, incidents from all parts of the world, from different private agencies of investigations, mainly from Las Vegas, where operators and investigators are interested not only in capture those who use these technologies in their gambling venues, but also they want to know how are they utilized or which is the vulnerability that the modern systems have so that “bad guys” achieve their aims and they may defend from this type of attacks, so there is where our consulting firm, ZL – Security Senior Consultant, starts operating.

Do you consider that techniques to vulnerate systems used in Latin America are as complex as the ones from other markets?
I am sure that not only they are as complex as the ones used in places like Las Vegas, but also our records indicate that many of theses “Tools and Techniques” are made in Latin America.

Incidents such as the manipulation of true tickets mixed with false ones introduced in bill acceptors of slots, for example, is a technique applied to the control of special acceptors that are vulnerable to those attacks, or, for example, attacks to traditional or online roulettes through a technique called “ballistics measurements”, achieved through the hiding of a determined computing device in a simple cell phone, capable of predicting numbers or zones, sending previous results by Bluetooth technology to another participant of the band of cheaters in the same betting table.

But not always there are swindlers, cheaters, thieves, etc.that do not belong to the company. Incidents that involve the bingo or casino team are not new and each time this type of incident is increasing. For example, the so-called Orleans case, in which the manipulation of a special application (firmware) and the lack of efficient controls from technicians of mantainance of gaming machines, achieved to obtain several thousands of dollars before being discovered through the use of TITO technology; or the case of the manipulation of “Counters” of the device and their adulteration in both a physical and logical level.

Which is the basic investment that an operator should perform in order to have a secure business?
According to my experiences in the sector, the main investment that operators should do is the daily trainning in new technologies and ways of attack and prevention, both in the casino and in the company.

Which are the new security trends in information for casinos and gambling venues?
The latest trends in information security applied globally are divided in several points, for example, the casino security division. The training in the detection of different techniques, used by one or several people, in order to detect in which device a fraud is being performed. Then, demand to online data bases available 24/7, for example, through a photo or a name, in the style of a record, in which other incidents in casinos or bingo halls did these people participate.

On the other hand, operating companies they are implementing controls on Information Security and Transparency, some of them based, for example, in international norms such as ISO/IEC 27001. Once this norm is implemented and certified in the company, it allows a better information control and security with regards to cases of adulteration or manipulation of internal information that may cause several incidents, the loss of credibility of the company, among others.