Betting Big Money

By Larry Barrett  |  Posted 2002-12-01 Print this article Print

Worried about outsiders breaking into your network? Don't overlook your own employees. Just ask Autotote, where a software developer almost stole a $3 million jackpot.

Betting Big Money

Autotote Systems builds and maintains a network used to track 65% of the roughly $20 billion wagered each year at racetracks and off-track betting sites in North America.

Harn apparently had virtually unlimited access to servers used to develop new services, and to servers used in day-to-day betting. Typical security procedures try to separate users of development servers and users of production servers.

But even so, the rigging of payoffs from this Super Bowl of horse racing required outside conspirators, as well. Harn confessed to orchestrating this scheme with a pair of fraternity brothers from Drexel University.

In Pick Six, the bettor must correctly choose the winning horse in each of six selected races at a particular track. In this case, it was Arlington Park, just outside of Chicago. Bettors can make wagers over the phone, the Internet or from other horse tracks and watch-and-wager locations throughout the country.

Bettors who correctly pick the winning horses in each of the six races get to split the pot. For example, if only four people pick the six winning horses, they equally split the pool of money bet by their fellow bettors. In this case, the Pick Six pool was well over $3 million.

Key to the attempt to take advantage of the system is the timing of the bets. It always helps to know who wins. Indeed, in legitimate Pick Six competition, bettors must pick the winning horses in all six races before the first race begins.

In this case, one frat brother, Derrick Davis, 29, opened an account at a satellite wagering location in upstate New York that allowed wagers by phone. Harn says he knew—because he had set up the system—that this location didn't make a recording of touch-tone wagers, as many other states require.

With the account established and, presumably, untraceable to Harn, Davis phoned in his Pick Six wager shortly before the races began in Illinois.

Davis bet on individual horses to win in the first four races and then bet on all the horses in the final two races to win the last two races, meaning that if the individual horses he selected in the first four races won he would be assured of winning his Pick Six wager regardless of which horses won the fifth and sixth races.

That might have been good enough to ensure a winning piece of the pot. But apparently Harn got greedy. Working from Autotote's headquarters that Saturday, Harn changed codes on Davis' bets to the winning horses in the first four races. Then, he attempted to cover his tracks by manipulating the system's audit trail.

Harn knew betting information from off-site locations was not transmitted to the main pool in Arlington until after the fifth race. So, in the approximately 30 minutes after the end of the fourth race, he simply changed the wagers stored at the New York computer before the off-site data arrived at the end of the fifth race.

The 30-minute gap is nothing new. "It's been that way since the mid- or late '80s," says a source close to Autotote who participated in the investigation that led to Harn's arrest. "It's called an 'intertote systems protocol.' At the time, it was set up simply as a way to commingle the data from different locations. It wasn't devised with security in mind."

Senior Writer
Larry, of San Carlos, Calif., was a senior writer and editor at CNet, writing analysis, breaking news and opinion stories. He was technology reporter at the San Jose Business Journal from 1996-1997. He graduated with a B.A. from San Jose State University where he was also executive editor of the daily student newspaper.

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.