Cameras turned off
Citing court papers filed by prosecutors in the case, the Des Moines Register said the 51-year-old "may have inserted a thumb drive into a highly locked-down computer that's supposed to generate the random numbers used to determine lottery winners".
The offline computer is housed in a glass room and in theory can only be accessed by two people at the same time. It is also constantly monitored by a video camera.
It is alleged Mr Tipton used his position as security director to change the video camera settings and record only one second in every minute. This would have given him enough time to enter the room and plug a thumb drive into the computer.
On that drive, according to the prosecution, was a rootkit: a stealthy computer program designed to do a specific task and, in this case, then erase itself.
That task was to predetermine the winning lottery numbers for the draw that Mr Tipton was to later buy the winning ticket for.
Mike McLaughlin, senior analyst at computer security company First Base, said the allegation might sound farfetched but was plausible.
He told : "It is entirely possible to code a rootkit on a USB drive which could interfere with software on a computer then delete itself.
"It would only take a second to run once plugged in.
"However, this can leave traces on the infected machine if you know where to look."
As a member of staff, Mr Tipton was not allowed to win the lottery himself.
The court filings suggest there was an attempt to claim the prize just hours before it was scheduled to expire by a company incorporated in Belize.
If found guilty of the two charges of fraud, Mr Tipton faces up to five years in jail and a fine of up to $7,500.