IT security insiders rob casinos of £33,000

Two IT analysts have pleaded guilty to stealing £33,000 from a casino group after using their insider knowledge of the group's remote-betting systems to rig payouts.

Londoners Andrew Ashley and Nimesh Bhagat hacked systems at the Gala Casinos group, Croydon Crown Court heard on Friday. After pleading guilty to theft, they were given 200 hours of community service and will have to pay back over £16,000 each, the Metropolitan Police said in a statement on Friday. They were also given a one-year suspended prison sentence.

"This was a long and complex investigation into what I believe may be the first case of its kind using IT systems to commit fraud within the gaming industry in the UK, and if it hadn't been for vigilant staff within the casino, the £33,000 might easily have rolled into hundreds of thousands," detective inspector Ann-Marie Waller of the Metropolitan Police clubs and vice unit said in the statement.

Ashley and Baghat went to Gala casinos across London and placed bets on roulette via the casinos' remote touchscreen betting terminals. The remote terminals issue tickets of credit following a win. The two men rigged the system so they could get credit tickets regardless of whether they had won, the Met said. Ashley and Baghat wrote a program that was built for legitimate reasons, which they then manipulated to commit theft.

The security consultants were caught after trying to cash a £600 credit ticket. An employee noticed they had made a £10 bet, which would never return £600 on roulette, as the maximum odds are 35/1, the police said.

A subsequent investigation led to the discovery of a pattern of credit tickets that led back to the men. The bets were made between 1 July 2007 and 7 September 2007.