Cyber Incident Victim: Multi-State Lottery Association

Eddie Raymond Tipton, then serving as security director for the Multi-State Lottery Association (MUSL), was arrested in January 2015 by the Iowa Division of Criminal Investigations following allegations he manipulated lottery draw outcomes. Prosecutors asserted Tipton exploited his privileged access to compromise the random number generation system for a December 2010 Hot Lotto draw. The offline computer responsible for generating winning numbers was housed in a glass-walled secure room under constant video surveillance, with physical access restricted to two simultaneous authorized personnel. Investigators alleged Tipton reconfigured the surveillance system to record only one second of footage per minute, creating gaps that enabled him to enter the secured area undetected. During these unauthorized entries, he purportedly inserted a USB thumb drive containing a self-deleting rootkit into the draw computer, though the prosecution did not publicly specify whether this malware altered number generation or provided predictive capabilities.

The scheme unraveled when Tipton was identified purchasing the winning $14.3 million Hot Lotto ticket at a Des Moines convenience store through CCTV footage, though he never claimed the prize. Investigators linked this ticket to the compromised December 2010 draw through forensic analysis. Iowa prosecutors charged Tipton with fraud in April 2015, citing his position of trust and technical authority over the draw systems as critical enablers of the alleged manipulation. The criminal complaint highlighted the sophistication of the attack, noting the targeted computer's air-gapped design and physical security measures were circumvented through insider access. MUSL implemented immediate procedural reviews following the arrest, though specific containment measures or system changes were not detailed in initial reports. The unclaimed jackpot funds were redistributed to MUSL member states according to lottery protocols.