Casino Hacker Report
Hacker attacks against the Las Vegas Sands (LVS) properties last year have been fairly common knowledge, although recent developments in the resulting investigation have now singled out direct connections
with Iranian hackers. James Clapper, US Director of National Intelligence, recently reported to the Senate Armed Services Committee that the attack was the first truly destructive attack on the US by nation states.
This incident took place in February 2014, but news and details of the impact were largely contained within the corporation and investigating agencies. The cyberattack essentially crippled the Sands’ total IT infrastructure, including email and other operational systems, but was not successful in corrupting or retrieving confidential items such as customer credit card data or similar financial data.
What Took Place
In February 2014, the Venetian Hotel and Casino, a flagship of LVS Corporation’s properties, experienced an attack on their computer systems. At first, the extent of the intrusion was not apparent, but as
the chaos spread throughout the facility, multiple systems began to fail. Phone systems were taken down, email was unavailable, servers were being wiped of their data files, and panic quickly set in. Computer technicians scrambled to determine what was taking place, shutting down systems as quickly as possible, to mitigate additional damage. The attack shut down systems essential to normal casino operations,
including computers utilized to run the customer loyalty rewards program, and those that monitor payouts of table games and slot machines at LVS’ US casinos. The corporation’s data storage system was also
rendered unavailable. Also impacted was the sister hotel of the Venetian, the Palazzo.
The malware used to infiltrate the LVS environment worked its way through thousands of servers, PCs, and laptops. Technicians were able to determine that confidential data was being compressed, potentially in preparation for downloading by the intruders. Michael Levin, president of Sands, made the call to totally drop all connection from the Internet. That move likely saved LVS from any further critical damage or the potential loss of its mainframe functionality. Most patrons were probably even unaware of the disruption going on around them.
Hackers had begun to infiltrate LVS’ other facilities earlier, looking for weaknesses in points of access through intrusions into the Sands Bethlehem casino and resort in Bethlehem, PA. Through repeated efforts
and continuing attempts to hack through the Bethlehem systems, they eventually uncovered a pathway to the corporate systems in Las Vegas.
Significance of the Attack
The attack signifies the first on a US corporation by a state-sponsored or controlled entity, of this kind. It’s well-known that nations spy on each other to obtain intelligence, and that hackers make daily attempts
to extort through theft of confidential or financial information (common credit card information theft or similar data). Unique in this instance is the intentional destruction of computer systems belonging to a US company, not a government agency. As Internet access is tightly controlled and monitored in Iran, it is difficult to imagine that the Iranian government did not have full knowledge of the incident and may, in fact,
be directly responsible. Clapper further indicated to the committee in his report that “We foresee an ongoing series of low-to-moderate level cyberattacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.”
Why Attack the Sands?
LVS CEO Sheldon Adelson has long been a supporter of Israel, and owns three news agencies in Israel. Adelson is also a friend of Israeli Prime Minister Benjamin Netanyahu. In a speech at New York’s Yeshiva University in October of 2013, Adelson made reference to Iran’s nuclear program, suggesting that he would threaten Iran with a nuclear weapon on Tehran, if they want to proceed with their position. Within
weeks, hackers began their intrusions on LVS’ networks, looking for vulnerability. Unfortunately, LVS had at the time not invested heavily in protection against cyber-threats, allowing the hackers to find their
way into critical areas eventually. Their pathway was discovered only after the investigation into the major destructive attack.
It’s evident that the attack was precipitated by Adelson’s statements and support of Israel, as the LVS web site was also penetrated and corrupted, displaying a map of LVS’ US locations, with flames coming from
each property on the map. These sites were still available, being hosted by a third-party vendor that was not damaged by the direct attack. Additional corruption to the web site included a photograph of Adelson
with Netanyahu, admonitions against using weapons of mass destruction, and scrolling information about Sands employees that included names, social security numbers, and email addresses, all obtained during
the breach of security.
Aftermath
LVS is still working to totally recover from the severity of the attack. Levin stated recently that the rebuilding of all systems and data recovery may ultimately cost the corporation $40 million or more.
Hackers were able to destroy three fourths of the company’s servers in Las Vegas.
While US companies have largely been spared from unrecoverable damaging attacks, theft of data and damage to business reputations are making headlines on an all-too-frequent basis in recent years or months. Notable occurrences are the hacks against Sony Entertainment, Home Depot, and Target.
Hacker attacks against the Las Vegas Sands (LVS) properties last year have been fairly common knowledge, although recent developments in the resulting investigation have now singled out direct connections
with Iranian hackers. James Clapper, US Director of National Intelligence, recently reported to the Senate Armed Services Committee that the attack was the first truly destructive attack on the US by nation states.
This incident took place in February 2014, but news and details of the impact were largely contained within the corporation and investigating agencies. The cyberattack essentially crippled the Sands’ total IT infrastructure, including email and other operational systems, but was not successful in corrupting or retrieving confidential items such as customer credit card data or similar financial data.
What Took Place
In February 2014, the Venetian Hotel and Casino, a flagship of LVS Corporation’s properties, experienced an attack on their computer systems. At first, the extent of the intrusion was not apparent, but as
the chaos spread throughout the facility, multiple systems began to fail. Phone systems were taken down, email was unavailable, servers were being wiped of their data files, and panic quickly set in. Computer technicians scrambled to determine what was taking place, shutting down systems as quickly as possible, to mitigate additional damage. The attack shut down systems essential to normal casino operations,
including computers utilized to run the customer loyalty rewards program, and those that monitor payouts of table games and slot machines at LVS’ US casinos. The corporation’s data storage system was also
rendered unavailable. Also impacted was the sister hotel of the Venetian, the Palazzo.
The malware used to infiltrate the LVS environment worked its way through thousands of servers, PCs, and laptops. Technicians were able to determine that confidential data was being compressed, potentially in preparation for downloading by the intruders. Michael Levin, president of Sands, made the call to totally drop all connection from the Internet. That move likely saved LVS from any further critical damage or the potential loss of its mainframe functionality. Most patrons were probably even unaware of the disruption going on around them.
Hackers had begun to infiltrate LVS’ other facilities earlier, looking for weaknesses in points of access through intrusions into the Sands Bethlehem casino and resort in Bethlehem, PA. Through repeated efforts
and continuing attempts to hack through the Bethlehem systems, they eventually uncovered a pathway to the corporate systems in Las Vegas.
Significance of the Attack
The attack signifies the first on a US corporation by a state-sponsored or controlled entity, of this kind. It’s well-known that nations spy on each other to obtain intelligence, and that hackers make daily attempts
to extort through theft of confidential or financial information (common credit card information theft or similar data). Unique in this instance is the intentional destruction of computer systems belonging to a US company, not a government agency. As Internet access is tightly controlled and monitored in Iran, it is difficult to imagine that the Iranian government did not have full knowledge of the incident and may, in fact,
be directly responsible. Clapper further indicated to the committee in his report that “We foresee an ongoing series of low-to-moderate level cyberattacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.”
Why Attack the Sands?
LVS CEO Sheldon Adelson has long been a supporter of Israel, and owns three news agencies in Israel. Adelson is also a friend of Israeli Prime Minister Benjamin Netanyahu. In a speech at New York’s Yeshiva University in October of 2013, Adelson made reference to Iran’s nuclear program, suggesting that he would threaten Iran with a nuclear weapon on Tehran, if they want to proceed with their position. Within
weeks, hackers began their intrusions on LVS’ networks, looking for vulnerability. Unfortunately, LVS had at the time not invested heavily in protection against cyber-threats, allowing the hackers to find their
way into critical areas eventually. Their pathway was discovered only after the investigation into the major destructive attack.
It’s evident that the attack was precipitated by Adelson’s statements and support of Israel, as the LVS web site was also penetrated and corrupted, displaying a map of LVS’ US locations, with flames coming from
each property on the map. These sites were still available, being hosted by a third-party vendor that was not damaged by the direct attack. Additional corruption to the web site included a photograph of Adelson
with Netanyahu, admonitions against using weapons of mass destruction, and scrolling information about Sands employees that included names, social security numbers, and email addresses, all obtained during
the breach of security.
Aftermath
LVS is still working to totally recover from the severity of the attack. Levin stated recently that the rebuilding of all systems and data recovery may ultimately cost the corporation $40 million or more.
Hackers were able to destroy three fourths of the company’s servers in Las Vegas.
While US companies have largely been spared from unrecoverable damaging attacks, theft of data and damage to business reputations are making headlines on an all-too-frequent basis in recent years or months. Notable occurrences are the hacks against Sony Entertainment, Home Depot, and Target.
