At the end of the evening, Nestor says they went to his cheap hotel room at Bill's Gamblin' Hall and Saloon to settle up. As the benefactor of Kane's discovery, Nestor had agreed to give his old friend half his winnings. But now that the cash was rolling in, he was having second thoughts about the arrangement.
Every jackpot, he realized, was being reported to the IRS, and he'd already won enough from the bug to propel him into a higher tax bracket. If he paid half to Kane off the top, he might wind up without the reserves to pay his tax debt come April of the following year. He broached the subject with Kane: He'd be more comfortable holding on to the money until his taxes were paid. It was just a year. He'd happily give Kane half of his post-tax winnings then.
Kane was indignant but not surprised; leave it to Nestor to turn even free money into a problem to obsess over. He insisted Nestor honor his agreement, and Nestor grew more agitated, his voice rising in pitch. “What am I doing? Why am I even doing this?” he complained. “I'm not winning any money doing this if I'm giving you all this up front.”
Kane finally agreed to accept a third of Nestor's $20,000 take for the day. Nestor says he counted out $6,000 in hundreds onto an end table, and Kane said good night.
The tension between the men lingered the next day at the Wynn, a towering upscale supercasino with more than 1,300 slots. They played side by side, raking in money and continuing to argue over the split. Nestor was now of the opinion that he shouldn't have to pay Kane anything. It was Nestor, after all, who'd figured out that the Double Up feature was part of the bug. That should make them square.
AFTER A NIGHT IN JAIL, AN UPSET KANE CALLED NESTOR. “STAY OUT OF THE CASINOS”, HE SAID. “DO NOT GO BACK TO THE CASINOS.”
“This was my gift to you,” Kane shot back testily. “If you'd found this bug instead of me, you would never have told me about it.”
The accusation stung. Nestor gaped at his friend, then he stood and walked away from the machine.
The next day Nestor nursed his hurt feelings with a solo trip to the Rio. He found a Game King displaying four aces and a kicker and hit it for $5,600. Then he wandered into the high-limit room and found another four aces. He punched this one twice: $20,000 at a $5 denomination, then, after a decent interval, $8,000 at the $2 level. Nestor's records show that he eventually left the casino with about $34,000 in his pockets. He didn't need Kane at all. “There was so much money to be made, what did it even matter?” he says.
On his last day in Vegas, Nestor continued his solo run, hitting a Game King at the Wynn for a combined $61,000. Back in his room at Bill's, he added up his winnings: He was going home with $152,250 in cash in his luggage. And he wasn't done yet. There were casinos in Pennsylvania, too, where he could operate without the slightest risk of Kane knowing what he was up to—or demanding a cut up front.
After Nestor left, Kane tore into Vegas with a vengeance. Official numbers have never been released, and Kane declined to speak for this article, but the FBI would later tally Kane's winnings at more than $500,000 from eight different casinos. The Wynn, where Kane kept four nines on one Game King for days, was the biggest loser at $225,240.
Back in Pennsylvania, Nestor targeted the newly opened casino at the Meadows Racetrack in Washington County. In contrast to Kane, who played the bug with joyless, businesslike intensity, Nestor was voluble and chatty at the Meadows. He dressed smartly and, according to court documents, brought along a small entourage for company: his roommate, a retired cop named Kerry Laverde; and Patrick Loushil, a server at Red Lobster who agreed to collect some of Nestor's jackpots for him, so they wouldn't all show up on Nestor's tax bill. Nestor hammed it up every time he won, gushing excitedly to the slot workers—“I'm so excited! Here, feel my heart!”—and tipping generously.
But it all began to unravel the night Kane found himself waiting for a payout at the Silverton. The casino's head of security stood just outside the slot area. Kane paced and huffed, spun the swivel chair back and forth like a metronome, and complained to passing slot attendants. Finally, three men strode up to him. The head of security directed Kane to an alcove, handcuffed him, and escorted him away from the video poker machines.
An armed agent from the Gaming Control Board arrived soon after. He sealed the machines Kane had been playing on with orange evidence tape and collected Kane from the back room, where he'd been handcuffed to a chair. Kane's wallet and the $27,000 in his pocket were confiscated, and he was booked into the Clark County Detention Center on suspicion of theft.
After a night in jail, Kane was released. On Monday he called Nestor to warn him that the bug had been discovered. He sounded more upset than nestor had ever heard him. “Stay out of the casinos,” Kane said. “Do not go back to the casinos.”
Nestor's heart sank for his old friend. It was painful to imagine Kane suffering the indignity of a night in jail, mug shots, fingerprints, being treated like a common criminal. But after the call, Nestor talked himself into an alternate theory. What if there'd been no arrest? What if Kane suspected—as he must have—that Nestor was using the bug and had made up the story about the Silverton to scare Nestor into stopping, so Kane could have the exploit all to himself? By this time Nestor had been back in Pennsylvania three weeks and had already won nearly $50,000 from the Meadow's Game King.
He decided to ignore Kane's story and started planning his next trip to the Meadows.
Three days later, in Las Vegas, engineers from the Nevada Gaming Control Board's Technology Division descended on the Silverton. The forensics investigation of the Game King scam had fallen to John Lastusky, a 25-year-old clean-cut USC computer engineering graduate.
Lastusky pulled up the game history on the two machines Kane had played and reviewed the wins, then slid out the logic trays, the metal shelves housing the Game King's electronic guts, and checked the six EPROMs containing the machines' core logic, graphics, and sound routines. There was no sign of tampering. He confiscated the logic trays and packed them up for the trip back to headquarters.
Housed in an anonymous office park near the airport, the GCB's Technology Division was formed in the mid-1980s to police video gambling as it began its Nevada ascent. The division helps set the rigorous standards that gamemakers like IGT must meet to deploy machines in the Silver State. A 3,000-square-foot laboratory at the back of the office is packed end to end with slot machines in various states of undress—some powered down, some in maintenance mode, others stripped to their bare electronics, though most are configured as they would be on a gaming floor.
“GET ON THE FLOOR!” YELLED THE TROOPER, LEVELING HIS AR-15 AT NESTOR'S FACE.
A smaller, locked-down room adjacent to the lab is more important: It houses a permanent repository of the source and executable code for every version of game software ever approved in Nevada—more than 30,000 programs in all. The code vault is at the center of the gaming board's massive software integrity operation. Every new addition is carefully examined: Is the random number generator random enough? Does the game pay out at the advertised rate? Is there logic where there shouldn't be? “We're not necessarily looking for something nefarious, but the goal is to ensure the integrity of the product,” says division chief Jim Barbee.
There's a real, if mostly unrealized, danger of gaming software being backdoored. The concept was proven in 1995, when one of the GCB's own staffers, Ron Harris, went bad. Harris modified his testing unit to covertly reprogram the EPROMs on the machines he was auditing. His new software commanded the machine to trigger a jackpot upon a particular sequence of button presses—like a Konami Code for cash. He was eventually caught, and he served two years in prison.
The “Double Up bug” lurking in the software of Game King video poker machines survived undetected for nearly seven years, in part because the steps to reproduce it were so complex. John Kane and Andre Nestor experimented until they could trigger it at will.
1. Locate a Game King video poker machine configured for multi-denomination play. If you're in Las Vegas, you're probably already standing next to one.
2. Flag down a slot attendant and ask them to enable the Double Up option. Say thank you and smile until they walk away.
3. Insert money or a voucher and select the lowest denomination level offered by the machine—for example, $1 per credit on a $1, $2, $5, $10 machine.
4. Choose your favorite game variant—Triple Double Bonus Poker is fun—and start playing.
5. Keep playing at the $1 level until you win a big hand. An $800 royal flush is perfect.
6. With your royal flush showing but not yet cashed out, hit the More Games button on the touchscreen and select a different game variation. Play it until you score a win.
7. Insert more money or a voucher into the machine.
8. Touch the More Games button again, and change to the maximum denomination—in this case, $10 per credit. Then return to your original $800 royal flush.
9. Press the Cash Out button. “Jackpot! $8,000” will appear on the screen and the light on the top of the machine will illuminate. Congratulations!
10. Wait for the slot attendant to show up with an IRS form W-2G (“certain gambling winnings”). Once you've signed it, they'll get the machine to spit out a jackpot ticket.
That stain on the board's integrity haunts the division to this day. But by all evidence, the division's paranoia, coupled with the game industry's self-interest, have kept video gambling code clean and mostly free of exploitable bugs. That made the Game King case an intriguing puzzle for Lastusky. Armed with the surveillance footage of Kane in action, Lastusky sat at one of the Game Kings in the lab and began experimenting. Within a few days he was able to reliably reproduce the exploit himself. He gave his findings to IGT, which rushed out a warning to its customers advising them to immediately disable the Double Up option. “Replacement programs are being expedited,” the company explained.
Every Game King on the planet running a vulnerable version would need a patch. The upgrade process would be grueling. When an operating system like Windows or OS X has a security bug, customers can download the patch in a few minutes over the Internet. Slot machines aren't online. New programs are burned onto EPROMs by the manufacturer and shipped in the mail in plastic tubes.
Blind to the firestorm erupting in Vegas, Nestor spent the rest of July and most of August playing at the Meadows, until August 31, when the casino finally got suspicious and refused to pay Nestor on a four of a kind. Nestor protested but walked away, breaking into a run as he reached the parking garage.
Nestor was up more than $480,000. The Game King ride was over, but he had enough money to last him forever.
At 1:30 pm on October 6, 2009, a dozen state and local police converged on Andre Nestor's split-level condo on a quiet, tree-lined street in Swissvale. He was dozing on his living room couch when the banging started. “State police! Open up!” The battering ram hit the door seconds later, splintering the frame and admitting a flood of cops into the house.
Nestor says he started toward the stairs, his hands over his head, when he came face-to-face with a trooper in full riot gear. “Get on the floor!” yelled the trooper, leveling his AR-15 at Nestor's face. Nestor complied. The cop ratcheted the handcuffs on Nestor's wrists, yanked him to his feet, and marched him into the kitchen.
For the next two hours, Nestor watched helplessly, handcuffed to a kitchen chair, while the police ransacked his neat home. They flipped over his mattress, ripped insulation from his ceiling, rifled his PC. At about 4 pm, Nestor's roommate, Laverde, arrived home and was arrested on the spot as an accomplice to Nestor's crimes.
It was the first major gambling scandal in Pennsylvania since the state had legalized slots in 2004. The media portrayed Nestor as a real-life Danny Ocean, and prosecutors hit him with 698 felony counts, ranging from theft to criminal conspiracy. The district attorney seized every penny of Nestor's winnings and gave it back to the Meadows. Nestor and Laverde spent about 10 days in the county jail before making bail.
A defiant Nestor vowed to fight the case—no jury would convict a gambler, he was certain, for beating a slot machine at its own game. But on January 3, 2011, when it was time for jury selection, Nestor was hit with another surprise. Two FBI agents showed up and pulled him from the Washington County courthouse. The Justice Department had taken over the case. Nestor and Kane had both been charged federally in Las Vegas.
As the agents walked him to their car, Nestor stopped in front of a television camera and let loose. “I'm being arrested federally now—for winning at a slot machine!” he shouted in disbelief. “This is what they do to people! They put a machine on the floor, and if it has programming that doesn't take your money and you win on their machine, they will throw you in jail!”
The Las Vegas prosecutors charged Nestor and Kane with conspiracy and violations of the Computer Fraud and Abuse Act. Passed in 1986, the CFAA was enacted to punish hackers who remotely crack computers related to national defense or banking. But in the Internet age the government had been steadily testing the limits of the law in cases that didn't involve computer intrusion in the usual sense. Kane and Nestor, the government argued, exceeded their otherwise lawful access to the Game King when they knowingly exploited a bug. The casinos only authorized gamers to play by the rules of video poker. “To allow customers to access previously played hands of cards at will, would remove the element of chance and obviate the whole purpose of gambling,” assistant US attorney for the District of Nevada Michael Chu argued in a court filing. “It would certainly be contrary to the rules of poker.”
The defense attorneys pushed for dismissal of the computer hacking charge, on the grounds that anything the Game King allowed players to do through its interface was “authorized access” by definition: The whole point of playing slots is to beat the machine, and it's up to the computer to set and enforce limits. “All these guys did is simply push a sequence of buttons that they were legally entitled to push,” says Leavitt, Kane's attorney.
The pretrial motions dragged on for more than 18 months, while in the larger legal landscape, the CFAA was going under a microscope for the first time since its passage. In January 2013, coder and activist Aaron Swartz committed suicide after being charged under the same law for bulk-downloading academic articles without permission, spurring calls for reform. Three months later, the US Ninth Circuit Court of Appeals threw out computer hacking charges in a closely watched case against David Nosal, a former executive at a corporate recruiting firm who persuaded three employees to leak him information from the firm's lead database. The Ninth Circuit found that pilfering contacts doesn't become computer hacking just because the data came from a computer instead of a copy machine.
Seeing parallels to the Game King prosecution, the judge overseeing Kane and Nestor's case ordered the government to justify the hacking charge. The prosecutors didn't even try, opting instead to drop the charge—leaving only an ill-fitting “conspiracy to commit wire fraud” count remaining.
Prosecutors had a weak hand, and they knew it. As a December 3, 2013, trial date approached, the Feds made Kane and Nestor separate but identical offers: The first one to agree to testify against the other would walk away with five years of probation and no jail time.
The old gambling buddies had one more game to play together. It was the Prisoner's Dilemma. Without speaking, they both arrived at the optimal strategy: They refused the offer. A few months later, the Justice Department dropped the last of the charges, and they were free.
Kane and Nestor haven't spoken since 2009. After his Silverton arrest, Kane began recording classical music in his house and uploading the videos to a YouTube channel. Last March, after the federal case was dropped, he sent a CD of some of his performances to his high school piano teacher. “I'm essentially now retired from a career in business, have remained single, leading a quiet suburban life,” he wrote.
Nestor's greatest regret is that he let the Game King bug come between him and Kane. “I didn't want it to go that far,” he says. “I thought he and I were friends long enough that these kinds of issues didn't need to happen.” He claims he always intended to pay Kane his cut from the secret jackpots. Now he can't. His roommate, Laverde, signed over Nestor's money in exchange for avoiding a trial of his own. (There are no court filings to suggest that Kane's winnings were seized.) Nestor says the Meadows still has his winnings, and the IRS is chasing him for $239,861.04 in back taxes, interest, and penalties—money he doesn't have.
If there's one silver lining, it's that Nestor has been banned from Pennsylvania casinos. He still gambles occasionally in neighboring states, but his more pressing addiction right now is Candy Crush, which he plays on a cheap Android tablet. He cleared 515 levels in two months, using a trick he found on the Internet to get extra lives without paying.
My take: I was contacted by Nestor's lawyer back in 2010 to testify in his behalf at an eventual trial. I never heard back from them, but I have to say that his cased looked bad to me. So I am surprised by this outcome. I must also say that this is one of the most interesting cases of casino/slot-video-poker cheating I have ever heard about!