Betting Big MoneyBy Larry Barrett | Posted 2002-12-01 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Worried about outsiders breaking into your network? Don't overlook your own employees. Just ask Autotote, where a software developer almost stole a $3 million jackpot.
Betting Big Money
Autotote Systems builds and maintains a network used to track 65% of the roughly $20 billion wagered each year at racetracks and off-track betting sites in North America.
Harn apparently had virtually unlimited access to servers used to develop new services, and to servers used in day-to-day betting. Typical security procedures try to separate users of development servers and users of production servers.
But even so, the rigging of payoffs from this Super Bowl of horse racing required outside conspirators, as well. Harn confessed to orchestrating this scheme with a pair of fraternity brothers from Drexel University.
In Pick Six, the bettor must correctly choose the winning horse in each of six selected races at a particular track. In this case, it was Arlington Park, just outside of Chicago. Bettors can make wagers over the phone, the Internet or from other horse tracks and watch-and-wager locations throughout the country.
Bettors who correctly pick the winning horses in each of the six races get to split the pot. For example, if only four people pick the six winning horses, they equally split the pool of money bet by their fellow bettors. In this case, the Pick Six pool was well over $3 million.
Key to the attempt to take advantage of the system is the timing of the bets. It always helps to know who wins. Indeed, in legitimate Pick Six competition, bettors must pick the winning horses in all six races before the first race begins.
In this case, one frat brother, Derrick Davis, 29, opened an account at a satellite wagering location in upstate New York that allowed wagers by phone. Harn says he knewbecause he had set up the systemthat this location didn't make a recording of touch-tone wagers, as many other states require.
With the account established and, presumably, untraceable to Harn, Davis phoned in his Pick Six wager shortly before the races began in Illinois.
Davis bet on individual horses to win in the first four races and then bet on all the horses in the final two races to win the last two races, meaning that if the individual horses he selected in the first four races won he would be assured of winning his Pick Six wager regardless of which horses won the fifth and sixth races.
That might have been good enough to ensure a winning piece of the pot. But apparently Harn got greedy. Working from Autotote's headquarters that Saturday, Harn changed codes on Davis' bets to the winning horses in the first four races. Then, he attempted to cover his tracks by manipulating the system's audit trail.
Harn knew betting information from off-site locations was not transmitted to the main pool in Arlington until after the fifth race. So, in the approximately 30 minutes after the end of the fourth race, he simply changed the wagers stored at the New York computer before the off-site data arrived at the end of the fifth race.
The 30-minute gap is nothing new. "It's been that way since the mid- or late '80s," says a source close to Autotote who participated in the investigation that led to Harn's arrest. "It's called an 'intertote systems protocol.' At the time, it was set up simply as a way to commingle the data from different locations. It wasn't devised with security in mind."