Two symbols of Las Vegas, the gaming capital of the world, were targeted by two successive cyberattacks five days apart. The hackers went to get the money from the source: they attacked casinos.
Like a modern remake ofOcean’s Eleven with George Clooney, Brad Pitt and Matt Damon. On the big screen, the chic and shocking robbers had taken the plane to Las Vegas, and they had found a way to access the safe, in the last basement. 22 years later – and this is not cinema – the hackers probably did not need to move.
We imagine them with a PC and an Internet connection. But according to one of them, it would have taken them 10 minutes on the phone with customer service to enter the system, after having identified one of the employees on LinkedIn, the professional social network.
10 minutes to cause chaos, and pocket the ransom, i.e. 15 million dollars because yes, the Caesars Entertainment group which notably manages Caesars Palace and the MGM Grand, apparently paid. Or rather, he said he had already paid $15 million in ransom, because there had been a first computer attack on September 7. And therefore two cyberattacks on the same two sites, five days apart. That makes the case all the more exceptional.
Elevators and slot machines stopped
Obviously, all the IT, including room reservations, went down. You should know that when we talk about hotels in Las Vegas, we are not talking about a small charming hotel, but about concrete behemoths covered in neon, with thousands of rooms each time: and the MGM Grand, the One of the two targeted is not just any of these establishments in Las Vegas.
It holds the world record for the number of individual rooms: 6,852 rooms, and as many doors that open with a smart card as a key, provided the system works. The MGM is also 30 floors. However, the cyberattack also caused the blocking of elevators, ticket machines and slot machines. Everywhere in the casino there are blue screens with the words “out of service” or “temporarily unavailable”.
$15 million missing
The hacker group, called Scattered Spider, also managed to download 6 TB of confidential data: personal information of customers, and players holding the group’s loyalty card: name, address, credit card number, etc.
The Caesars group says it has taken all precautions to ensure that this data is deleted by hackers, but “without any guarantee”, he specifies. Hackers who asked for 30 million dollars, and who only received 15. The explanation, perhaps, of this new cyberattack.