Geolocation Software Fails New Jersey Gambling Site

Will online gambling geolocation software ever be flawless?

In the history of computer software, has any program ever been deemed truly flawless? Whether it’s an internal bug, an external hacker, or a simple rearrangement of browser coding, it always seems there is one way or another to cripple a software system.

That’s exactly what one young man from Nevada was able to do last summer. All it took was a little browser code observation and alteration, and he was able to place a wager at a New Jersey online casino – one that, by rule and discretion, claims to only be capable of accepting wagers from players psychically located in the state of New Jersey.

Online Gambling Geolocation Software Failure

According to a report that appeared this morning in Vancouver’s City News 1130, a flaw was identified in the geolocation system of the online gambling website of the Hard Rock Casino of Atlantic City.

It wasn’t the operators of the iGaming website that found it. It wasn’t the tech heads in the security or IT departments of the Gaming Innovation Group – makers of the software – that realized there was a problem. Regulators at the New Jersey Division of Gaming Enforcement (NJ-DGE), whose job it is to police the industry and ensure the safety and security of the state’s countless online gamblers, didn’t find it either. This teeny tiny little flaw was found by one man – a man with a keen sense of computer program coding languages – all the way across the country in Nevada.

This young man was able to scour the seemingly endless source code of the www.HardRockCasino.com website and identify the exact portion that reads a visitor’s geographical location. He was then able to alter that segment of the code to make it look as if he were, in fact, located within the borders of New Jersey. With that little annoyance out of the way, he was then able to register an account, make a deposit, and place a simple $29 bet.

The $29 Win that Cost $25,000

The duplicitous player did not win this bet. It was won by the Hard Rock Casino, but at great cost to the company that provides its geolocation services. When the online casino realized what had happened, the issue was immediately reported to the NJ-DGE. Regulators launched an investigation into the matter and discovered the flaw in the program, which allowed the Nevada resident to view and alter the browser code in the first place.

The end result was a $25,000 fine imposed upon Gaming Innovation Group (GiG); the company responsible for providing online gambling services to the Hard Rock’s iGaming portal. It was that company’s job to ensure the geolocation software would prevent anyone outside of New Jersey from accessing its betting services. And in that job, the NJ-DGE determined that GiG had failed.

In response to the incident, a statement from GiG reads:

“This one-off single incidence of out-of-state gambling was due to a technical vulnerability which was quickly discovered and reported to the regulator in New Jersey in the first week the company went live in New Jersey. An end user from outside the state of New Jersey with technical knowledge managed to access the front end debugger to change the location and pretend to be from New Jersey.”

The company goes on to accept the penalty for not catching and fixing the flaw before it could be exploited, and said it is fully committed to maintaining regulatory compliance “at all times”.