Iranians mount 'catastrophic' cyber attack on Las Vegas casino

Iranian hacktivists targeted Las Vegas Sands casino in a sinister forerunner of the Sony Pictures breach.

Cybercriminals use online gaming sites to funnel fraudulent revenues
Cybercriminals use online gaming sites to funnel fraudulent revenues

It has just been revealed that pro-Iranian hackers wiped swatches of data and caused an “IT catastrophe” at the company running the famous Las Vegas Sands casino earlier this year in a revenge attack on the company's billionaire Israeli owner.

The 10 February hack remained secret for 10 months but was revealed this week by Business Week in a report quoting six separate sources.

In a timeline pieced together by Dell SecureWorks which investigated the breach, the hackers first mounted brute-force password attacks on the Sands network in January, then “found a weakness in a web development server” at the company's slot casino in Bethlehem, Pennsylvania on 1 February.

Using a tool called Mimikatz, they captured passwords including the login credentials of a senior systems engineer which they used to infiltrate the gaming company's main servers in Las Vegas.

The magazine says the attackers then used ‘wiper' software - consisting of just 150 lines of Visual Basic code - to erase the data on many of the hard drives within the company, in a sinister forerunner of the recent breach at Californian film and TV company Sony Pictures.

According to Business Week: “Investigators from Dell SecureWorks have concluded that the attack was likely the work of hacktivists based in Iran.

“The security team couldn't determine if Iran's Government played a role, but it's unlikely that any hackers inside the country could pull off an attack of that scope without its knowledge, given the close scrutiny of internet use within its borders.”

The magazine says the hackers were targeting Sands' majority owner and billionaire media mogul, Sheldon Adelson, who in October 2013 had called for a nuclear attack on Iran to get the country to abandon its own nuclear programme.

The hack is being compared to the recent ‘wiper' attack on Sony Pictures, which may have been carried out by pro-North Korean hackers - raising fears in the cyber-security community of a new trend of rogue nation-states attacking Western individuals and businesses.

Ross Dyer, technical director at Trend Micro UK, told SCMagazineUK.com: “It is very much becoming a new trend and it's very visible. It's not stealth, it's not under the radar to steal information or to slowly infiltrate things – it's highly visible, there and then nothing's working, you can't access your systems.”

Dyer said it's much easier for nation states to “have a team of developers building the code and then to infiltrate the network” than to “build a bomb or fly over and bomb somewhere”.

And he warned: “To be able to immediately respond to someone who's said something you disagree with is scary. There's definitely a change in the type of approach. It's very brazen. You can cause chaos within organisations and within government bodies' technical infrastructure, it's very easy to have a big impact.”

In response, Dyer said, companies need to focus on reacting quickly to attacks and minimising their impact.

He said both Sands and Sony have spent heavily on security. “It's not that they've made big mistakes or there's anything they've done wrong.”

But with so many entry points: “it's very important to look at how do we manage it - as soon as we see something, how do we then take that machine offline, stop it spreading, how do we respond to this, how do we make sure we can still do business – and that's the key thing.”

TK Keanini, CTO at Lancope, also warned that companies have to face up to this type of threat.

He told SCMagazineUK.com via email: “Hacktivism is alive and well and companies need to add this to their threat modelling. What threat modelling you ask? Well you better get busy because this needs to be done on a daily basis the same way business monitor changes in the marketplace. Like it or not, this is life in the information age.

“Weaknesses will be found and exploited: the question becomes how early can you detect these violations and shut the operations down before they complete the objective.”

Meanwhile Ron Gula, CEO of Tenable Network Security, told SCMagazineUK.com via email: "This news comes as a trend where more and more attacks are about destruction of assets and data and not exfiltration of data."

Gula said the US gaming industry has a better cyber-security record than retail or the US Government, and is known for its ability to fund sound cyber-security programmes. But he said: “In this case it looks like the target isn't the casino itself, but a reaction to comments made by their CEO.”

Dell SecureWorks did not want to say anything publicly about its role in mitigating the Sands attack. A spokesperson told SCMagazineUK.com via email: “As a general rule, Dell does not comment on situations pertaining to individual customers. We cannot, and will not, be able to provide any comment on this case.”