Jackpot-winning former head of computer security allegedly hacked lottery computers

It doesn’t take a deeply cynical mindset to find a large lottery win by the former information security director of the Multi-State Lottery Association a bit suspicious.

Eddie Raymond Tipton of Norwalk, Connecticut, won $14.3 million with a Hot Lotto ticket in 2010, but prosecutors believe he tampered with lottery computers before buying a ticket.

The Des Moines Register reports that Tipton, 51, enlisted the help of others to claim the prize as he was banned from playing the lottery under Iowa law because of his job.

According to the Register, “prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and infect them with software that allowed him to control the winning numbers.”

Tipton’s trial begins Monday. If found guilty, he could face five years’ imprisonment and a fine of $750 to $7,500.

Insider threats – 89% of organizations “vulnerable”

The global edition of the 2015 Vormetric Insider Threat Report – released last month – notes that only 11% of respondents believed their organization was “not vulnerable to insider attacks”.

The insider threat landscape “now includes outsiders who have stolen valid user credentials; business partners, suppliers, and contractors with inappropriate access rights; and third-party service providers with excessive admin privileges.” Many of 2014’s high-profile breaches occurred because of insiders – whether unwitting or malicious – and it seems the message is finally getting through: good information security is an enterprise-wide affair that takes into account people, processes, and technology, exactly as prescribed by the international standard for information security management, ISO 27001.

ISO 27001 sets out the requirements of an information security management system (ISMS), a holistic approach to information security designed to protect corporate information assets across the organization. One of the essential components of an ISO 27001-compliant ISMS is regular penetration testing to determine the potential weaknesses in your networks and applications.

Penetration testing

If you’re concerned about your organization’s susceptibility to attack, you’d do well to consider IT Governance’s penetration testing packages. Designed to identify vulnerabilities and provide remedial measures that you can take to secure your systems, they provide a complete solution for the routine security testing of your websites and IT systems to ensure that your networks and applications remain secure against cyber attacks.

Book your pen test today to find the weak points in your systems – before the hackers do.