Fantasy sporting leagues have become very popular. A good friend of mine is into fantasy car racing teams. Other friends are into fantasy soccer (football elsewhere in the world). In the US a lot of people are into the fantasy NFL (National Football League –not soccer).
Recently a researcher, Gary Rios, joined an ESPN sponsored fantasy football league and figured out how to cheat and win simply by manipulating the web address (URL). Gary could actually change the composition of another player’s team!
I don’t think Gary is a crook, but if he can do it you have to believe other people can do it as well, and I’ll bet you that some of them have criminal intent. It is supposed to be “fantasy football”, but some people bet real money on these teams. Take a look at Gary’s blog for the details of the exploit. http://xs-sniper.com/blog/2010/09/22/put-me-in-coach/
If you are going to use a computer to bet money, don’t assume that everything is honest. This is not the first example of cheating I have heard of when it comes to computer gambling. Many years ago when I worked at Microsoft I was asked to provide an Australian law enforcement agency with the cryptographic hash (positive ID) of a file used by the windows game Solitaire. It seems there was a group that created a replacement of the file that made it impossible to win the game and, believe it or not, people were betting money on games of Solitaire.
In all cases, if you are going to bet, never bet more than you can afford to lose. If you are going to bet using a computer, don’t expect that everything is as it appears. If you work with Mr. Rios, and your mouse doesn’t work, look underneath it for a post it note that covers the laser as Mr. Rios appears to be a true practical joker! OK, I don’t know that Mr. Rios ever pulled that prank, but our own Distinguished Researcher, Aryeh Goretsky, did that to my mouse once :)
Director of Technical Education
Author ESET Research, We Live Security