Casino Screwup Royale: A tale of “ethical hacking” gone awry

Enlarge (credit: Aurich Lawson / Getty)
People who find security vulnerabilities commonly run into difficulties when reporting them to the responsible company. But it's less common for such situations to turn into tense trade-show confrontations—and competing claims of assault and blackmail.
Yet that's what happened when executives at Atrient—a casino technology firm headquartered in West Bloomfield, Michigan—stopped responding to two UK-based security researchers who had reported some alleged security flaws. The researchers thought they had reached an agreement regarding payment for their work, but nothing final ever materialized. On February 5, 2019, one of the researchers—Dylan Wheeler, a 23-year-old Australian living in the UK—stopped by Atrient's booth at a London conference to confront the company’s chief operating officer.
What happened next is in dispute. Wheeler says that Atrient COO Jessie Gill got in a confrontation with him and yanked off his conference lanyard; Gill insists he did no such thing, and he accused Wheeler of attempted extortion.
Read 58 remaining paragraphs | Comments