The Vegas Asymmetric Threat

If you have not already seen my post entitled Takin’ Vegas, I recommend you read it first.

Guns don’t kill people. People kill people. And so it is. In Vegas, behind every scam there is a "who" … and it is always a who (or many whos) that lays out strategies, develops plans, recruits actors, trains, adapts, rehearses and ultimately executes the mission – all in hopes of taking home some loot. Undetected.

How do they do this?

For starters, if the actor believes he has already become known to casinos as a subject of interest, he will attempt to defeat recognition through the use of a disguise e.g., changing his hair style, growing a beard, sporting a bandana, slipping into some motorcycle apparel, etc. Some go so far as cross-dressing or pretending to be wheelchair-ridden.

Beyond a new look, opportunists will claim false identities and carry false credentials. There is one particular subject I am familiar with that has used over 30 very different aliases and a handful for different social security numbers and dates of birth. [On a funny but related note, check this out: Be Anyone in Vegas: Get Help Creating a Cover Story Here]

When actors want to expand their business, they recruit. Recruitment can be local or distant. New recruits are trained in rogue facilities so that by the time these new actors appear on the scene, they have superb tradecraft despite having never laid foot in a casino.

One insidious form of recruitment is the recruitment of a casino’s longstanding, high roller to participate in a coordinated covert scheme … or worse, the recruitment of the casino’s own employees. I know of one case where a dealer was coerced into assisting the scammers after being told his wife and children were going to be hurt.

The more significant the opportunity, the more organized the group, which means strategy meetings, business plans, capital raising, operating procedures, training guides, and so on. Attention to detail is essential to increased revenues and the sustainability of the group effort.

Larger teams may establish counter-intelligence measures to reduce the risk of being infiltrated by the establishment or scammed themselves by scammers. Their own team members may be placed under covert surveillance to ensure these trusted insiders have not gone bad over time as trust has a half-life.

Large teams have cells, sub-units that are expected to work together. Some cell members are members of several cells. As with any organization there are conflicting purposes and ideologies, thus membership in cells tend to morph over time.

Often, there is no apparent center of power. New groups emerge simply based on the inspiration of a movie, book, online chat rooms, etc. Groups form, merge, split and dissolve. Some groups just specialize in card counting while others specialize in a certain cheating methods e.g., "bet pressing" – adding to a bet after the outcome is known or the manufacturing of illegal cheating devices. Some groups start with one particular brand of cheating and then branch out into other specialties.

Imagine coordinating a team with 50, 100 and sometimes even more actors! What a challenge!

Well, actually, thanks to the Internet … training, recruitment, soft targets, etc. are at one’s fingertips. Some web sites maintain a level 1 area with limited revelation and benign chat rooms. There are level 2 areas which require the user first undergo a background check before being provided access. At level 3 the member is not only required to have a background check but is also required to have committed a felonious activity. And it is this group that shares even more sensitive information … for argument’s sake this might be viewed as equivalent to a government "Top Secret" clearance. Above this level, much like a military’s Special Access Program, very specialized knowledge is controlled to a minimum and known universe of folks. When the identities of the 12 Nevada dealers with subtle procedural defects in how they dealt hand held blackjack were discovered, such secrets are worthy of such extraordinary controls. The principle: if too many people knew about this weakness, it may be exploited at a pace that would have resulted in casino defection, prompting the casino to quickly close this vulnerability.

The latest challenge? Poker.

Poker is the problem these days. You think you are playing at a table with a fair shot. But unbeknownst to you, there is a team on that table working together against you – even though they make no outward appearance of knowing each other.

Is that slight twitch in the eye "natural" or "a signal"?

RELATED POST:

Takin’ Vegas

IEEE Spectrum Story: Vegas 911

IEEE Paper: Threat and Fraud Intelligence – Las Vegas Style

Web 2.0 – Al Qaeda’s Most Effective Force Multiplier

Takin’ Vegas

When I moved to Las Vegas in the early nineties, I had no idea I would get wrapped up in the world of gaming surveillance and intelligence. In fact, I had no idea I would soon be immersed in a high stakes game of cops and robbers.

My first glimpse into this world was unanticipated. Having just arrived, I needed a couch for the house. After finding a used couch in the newspaper classifieds, I called a guy and drove to his house to inspect it. While making small talk I asked him what he did for a living – and he said he played blackjack for a living. Striking me as odd, I asked him if he was a card counter. He said "Nope, what I do is hard core, I’m talking about the difference between pot and heroin!" When I asked what technique he was using and he only raised his eyebrows and smirked. Then he proceeded to show me a drawer of disguises, which included glasses, fake mustaches and other such stuff.

About a year later I learned about a certain blackjack surveillance team that had identified 12 dealers in the state of Nevada that each had a slight aberration in the way they dealt blackjack. This aberration opened the door to very specific exploitation. Only a small handful of opportunists knew the identities and shifts of these dealers, and they were exploited at low volume in an effort to remain undetected. And thus, the identity of these 12 dealers was very tightly held, their specific identity still unknown at that time.

Was the hard core guy who sold me the couch involved in this particular scheme? I’ll never know. And as it turned out, I would come to know many schemes. What kind of schemes you ask? Well, try these on for size:

Some players mark cards with a material during the game that only they can see (e.g., via special contact lenses). Others bend cards ever so slightly enabling them they visually recognize them later. And there was one time when someone was able to secretly modify manufacturing die – the die used to print the playing cards. Imagine that, the deck comes out of the wrapper and out of the box and the cards are already marked!

When the new one hundred dollar bill came out, new bill validators were required in slot machines. Shortly thereafter, a team from the Pacific Rim region discovered that when a certain bill validator was used in a conjunction with a specific brand of slot machines, there was a problem. Actually, not a problem for them. A member of the team would feed a hundred dollar bill into a machine in certain states, and the machine would spit the hundred dollar bill out. At the same time it would register a hundred dollars in credit. In other words, the one hundred dollar bill lasts all day. In short, after about $1.2 million dollars walked out the door over a two week period, the casino woke up to this hardware vulnerability.

Once a customer conducted a two week surveillance operation against a specific roulette table – tracking the every outcome (which number the ball fell into). After some mathematical modeling in his hotel room, he determined not only that the wheel was not perfectly balanced but also where on the board the ball would have a tendency to fall. Placing bets favoring the known bias allowed this player to walk away with $5 million over the next few weeks. Oh, and in case you are wondering, there is no crime here … the casino simply closes the table for repairs and the player gets to walk with the money.

Card counters (now called "advantage players") are another thing all together. While card counting is not illegal as it requires only mental skill, if a casino determines that you have figured out how to change the odds of the game (albeit even in your head), they can ask you to leave. Fortunately, when card counters count and bet according to the count, they are very easy to detect. Unfortunately, the now infamous "MIT" card count team (as brought to life in the book "Bringing Down the House") developed and fully exploited a different technique. The first player, a professional card counter, performs the counting function while playing without any significant variation to his bet. When the deck has a favorable count the first player covertly signals a second player. The second player then joins the game making only large bets. Separating the counter from the bettor presented gaming organizations with a very serious detection challenge.

When a dealer can be co-opted into helping a player, really bad things happen. For example, when the dealer lets the player introduce a new deck on the game (i.e., the dealer willingly swaps the shuffled deck with the player’s perfectly sorted deck) this scam can cost a casino a quarter of a million dollars in just 15 minutes.

Then there was the programmer at the gaming manufacturer who inserted some malicious code into the video poker machine so that it would deliver royal flushes at his will.

And how about this for high tech: Some teams send players to the table wearing an infrared lighting source, a mini-camera, batteries with a heat shielding system and an antenna. A truck in the parking lot receives the broadcast video via a satellite dish-like antenna. The operator in the vehicle slows down the video to determine a card value or card sequence and then radios the player (via an ear piece) with very helpful insight e.g., the next card is a four!

Wild uh? Actually, these examples are just the tip of the iceberg. The ingenuity of the opportunist is most amazing.

So how do these groups operate and how do casinos detect and preempt this kind of activity? Good question. And the subject of some forthcoming posts … so stay tuned!

On An Unrelated Note: A few weeks ago I coincidentally ended up sitting next to a US Senator on a commercial coast-to-coast flight. While I read up on the FISA debate, he played a pong-like game on his phone almost the entire time. Hello?

RELATED POST:

IEEE Spectrum Story: Vegas 911

IEEE Paper: Threat and Fraud Intelligence – Las Vegas Style

IEEE Paper: Threat & Fraud Intelligence – Las Vegas Style

This month in IEEE Security and Privacy (November/December 2006) there is an article I wrote that describes in relatively plain English the key principles of "Identity Resolution" and "Relationship Resolution."

Here is a link to a PDF version of this story: Threat and Fraud Intelligence – Las Vegas Style

In a nut shell, here are the essential objectives:

• Sequence Neutrality
• Relationship Aware
• Perpetual Analytics
• Context Accumulation
• Extensibility
• Knowledge-based Name Evaluations
• Real-time
• Scalable

This story also makes the case that probabilistic-based identity matching systems skew over time as the underlying data changes. I have 23 years of work in the area of identity disambiguation at scale. This has led me to the conclusion that starting with deterministic matching and tuning probabilistically is far superior, especially in large data sets that cannot be retrained or reloaded in any reasonable interval (e.g., quarterly).

Enterprise Intelligence – My Presentation at the Third Annual Web 2.0 Summit (November 2006)

I was invited to speak at the Web 2.0 Summit last week in San Francisco. Believe it or not I actually presented 41 charts in less than 10 minutes. This kind of general session presentation was called a Show Me/High Order Bits. That’s right, the essence of my life’s work in just 10 minutes ... the thrill!

[Note: The formal title was: "Cops and Robbers Las Vegas Style."]

If you did not make this most amazing summit with a most amazing cast of attendees or were there and missed my auctioneer-inspired delivery, here are the key points I covered:

0. I first showed a picture of a fire breather from my last New Year’s eve party – but that is not important right now.

1. I showed a surveillance video of a casino scam involving a corrupt dealer – resulting in a $250,000 loss in 15 minutes. If the dealer had the same address in the payroll system as the "high roller" had in the loyalty club and comp systems (free rooms, meals, etc.) … who would know?

2. I introduced the concept of "Corporate Amnesia." This occurs when one part of the organization makes a decision which very clearly did not account for other key data sitting elsewhere in the enterprise e.g., your marketing department is mailing offers to a person currently in jail for stealing from you!

3. "Perception Isolation" is the leading cause of Corporate Amnesia. Think of each operational system as a distinct enterprise perception. Notably, each perception is isolated from the others.

4. Enterprise intelligence requires persistent context. There is no way to get smart if perceptions are not integrated. When perceptions are integrated and stored in a database … this is persistent context. Think of this like a brain. You need a brain to be smart … duh!

5. I gave a simple demonstration of how context can be constructed and persisted and how this enables the enterprise discovery that otherwise would be missed (more corporate amnesia).

6. Then treat data as a query. And thus I introduced a 1st principle for enterprise intelligence: If you do not process every new piece of key data (perception) first like a query … then you will not know if it matters … until someone asks.

7. Treating data like a query beats periodically boiling the ocean when attempting to achieve real time intelligence.

8. Then, also treat queries as data. This means if one wishes to have a query persist, it must be persisted in the same data space as the data itself. Which leads to the 2nd principle for enterprise intelligence: Treat queries like data to avoid having to ask every question every day.

9. While constructing context (real time receipt of perceptions from across the different operational systems) this happens to be the most ideal time for this librarian function to exhibit enterprise awareness. Which leads to the 3rd principle for enterprise intelligence: Enterprise intelligence is computationally most efficient when performed at the moment the observation is perceived.

10. This is the world I sometimes refer to as "Perpetual Analytics." A world where the "data finds the data … and the relevance finds the user."

11. And this stuff really works … and at scale. In fact, in a benchmark center this was found to scale to over 3 billion historical observations while handling the real-time ingestion of more than 2,000 perceptions a second.

12. This has privacy consequences. For example: (a) What perceptions can or should be placed into context (in one brain)?; (b) What if perceptions are contextualized for one mission, then re-purposed later for another?; (c) What if someone steals the brain?; and (d) What if the librarian is corrupt?

13. I worry about these things. And I spend about 40% of my time thinking about the privacy and civil liberties consequences of such systems. Which prompted one of my more recent inventions: a new class of technology I call "Analytics in the Anonymized Data Space." Basically, instead of transferring perceptions from the various senses (an organization’s operational systems) that are human readable … the perceptions are anonymized first before being handed to the librarian for contextualization in the brain. The Reader’s Digest explanation of anonymization is basically this: if you take a pig and a grinder and make a sausage, even if I give you the sausage and the grinder you are not going to be able to make a pig. The cool thing about this new technology is that the librarian can still construct and persist context and discover relevance without actually handling human meaningful data.

14. So I summarized with the main think towards enterprise intelligence -- (a) Without persistent context … you have no brain; (b) Treat data and queries with equal rights to improve awareness; (c) More intelligence is possible when thinking based on streaming perceptions; and (d) And from a privacy perspective: More or less perceptions, that is the question (there is an important policy discussion that needs to take place about just how many – more versus less – perceptions should be permitted to be put in the brain).

15. While this approach to enterprise intelligence was born in Las Vegas ... today it plays a role in national security, financial services, health care, etc. And much of the focus of my current activity is towards using this technology to deliver new threat and fraud intelligence solutions in these and other areas.

To my shock at this point I had completed 36 charts and still had 1.5 minutes left. As I thought this was in fact a possibility, I quickly moved into what I called the bonus section!

Bonus Picture 1. I showed a picture of a chimpanzee with the words "99.4 percent human." The point being: If a .6% difference matters this much … no wonder traditional information systems lack so much intelligence! Net net, in intelligence systems very tiny little increments of accuracy make the entire difference between being dumb and smart.

Bonus Picture 2. And it may go without saying, that in such systems as this … the more observations one has the better the context. In fact, many times new observations will contain the evidence to improve or fix earlier contextualizations.

Bonus Picture 3. And this brings us to the crucial concept of "Sequence Neutrality." Meaning despite the order of the observations (records A, B, C received in that order versus arriving in the order C, B, A) the end state is the same. If you cannot process information with sequence neutrality then you get "data drift" – meaning you hold contradictory content which must be reconciled eventually or accuracy erodes. This is a common reason data warehouses must be reloaded. Almost no systems possess this sequence neutrality property. Notably, it is virtually essential at scale because it eventually becomes impossible to tear very large databases down to reload them every week, month, or quarter.

Closing thought. After working on designing sequence neutrality into my technologies, I have discovered there are some cases where a new record (perception) will necessitate so much recontextualization, it cannot be done in real time. Drats! That means the system must either be periodically reloaded or alternatively go offline into a maintenance mode (i.e., deep sleep) to remedy the situation. But alas, that is why humans sleep too – deep recontexualization that could not be handled on the fly. Our dreams are the byproduct of this necessary re-shuffling. Or so I have concluded!

This post is now the shortest read about my enterprise intelligence information theory.

I plan on blogging about "why perception isolation is the leading cause of corporate amnesia" very soon.

Be Anyone in Las Vegas, Get Help Creating a Cover Story Here

The saying goes “What Happens in Vegas Stays in Vegas.”  And just to be safe, why not travel to Vegas with a cover story?  Heck the opportunists do and you can too.  In fact, the Las Vegas Convention Authority would like to help you.

Be Anyone in Las Vegas

Use this site to establish a name, a cover, get business cards and so on.

While the professionals surely have more sophisticated identity factories … at least you can get started here!

IEEE Spectrum Story: Vegas 911

Vegas 911 - "A sin city programmer busted some of the biggest swindlers of all time.  Now he's helping the Feds nail terrorists."

This story by David Kushner in the April 2006 edition of IEEE Spectrum is one of the most accurate stories about my work that I have ever seen.  David’s attention to detail and magazine’s fact checking process was unparalleled.

I would have never guessed that my work to help the gaming industry to better understand who they were doing business with – and all those weekly meetings with the principals and investigators behind Griffin Investigations where we developed strategies and tactics to deal with the “MIT team” (as described in Ben Mezrich’s book “Bringing Down the House”) – would have turned out to be so widely known.  I guess at the time I thought this behind-the-scenes and somewhat private story would go untold.

Come to think of it, I may have to add some more color to this story one day.  Like how we closed the gap in the window between “detect and preempt” to minutes – even when dealing with their brand new, never before seen, recruits.  Or, the other highly organized team that was operating at the same time, which seemed even more threatening, that to this day is hardly talked about.  But, I’ll have to check with my old friends from “back in the day” to make sure such fun stories don’t effect any trust half-life curves. 

Stay tuned, I have a few Las Vegas "cops and robbers" stories of my own.