On September 11th, 2023, MGM Resorts International posted that the company experienced a "cybersecurity issue." That issue links to two different hacker groups, a ransomware attack, and a similar incident that happened to another major casino company earlier in the year. This is the story so far.
See omnystudio.com/listener for privacy information.
This is an unofficial transcript meant for reference. Accuracy is not guaranteed.
Get ready for season, poor of the restless once and original podcast presented by t mobile for business- and I heard radio join me as I sit down for in depth. Discussions with the people at the intersection of technology and business you'll learn how each
these leaders is building a bridge to what's next and leveraging transformative technologies like five g to create a more connected and meaningful future. Today, listen to the restless ones,
available- and I are radio apple pie guests wherever you listen, the pod guests,
ac, hotels by Mary. It is a european inspired hotel brand, where every detail has been refined, crafted and considered to ensure a seamless day, a simple, yet elevated design treats and uncomplicated experience, providing everything you need and nothing you don't wake up each morning to their european inspired breakfast with handshake, prosciutto freshly beg croissants, croissants and made to order hot items unwind each evening in their ac lounge featuring their custom, Jen tonic served in a scientifically engineered glass and paired with delicious top us get a restful night sleep with their relaxing lavender turned down ritual ac hotels takes ownership in the effortless pride in the precise and inspiration in style visit
you see, dash hotels, dot, com and learn more about the perfectly precise hotel. Easy hotels is part of the marriott bon voyage portfolio of hotels, ay. I has the power to automate, but if it's using untruss the data, can you trust the results?
Your business doesn't just need a it needs the right I for your business in
producing, what's next a platform designed to multiply output by tailoring ai to your needs. When you what's an extra business, you can train tune and deploy ai all with your trusted data. Let's create the right. Ai for your business with watson: next,
Learn more at eyebeam dot com! Slash! What's the next ib in, let's create you know in today's world it seems the best treatment is reserved. Only for a few well discover wants to change that by making everyone feel special. That's why, with your discover card, you have access to twenty four seven live customer service. As well as zero dollar fraud liability, which means you're, never held responsible for unauthorized purchases. Finally, no matter who you are or where you are in life you'll feel special with discover, learn more at this
her dot com, slash credit card limitations, apply the welcome to textile production from I heart, radio,
hey there and welcome to text up. I'm your host Jonathan Strickland. I am and executive producer with iheart radio and how the tec area
Recording live here from the iheart podcast studio powered by those at the house of music at the iheart radio. Music festival
I'm sure you're gonna be able to hear some of the ambience.
call it here at the festival.
and ass is proof that I'm actually here, I don't,
know how that happened. I am nowhere near cool enough to have been invited here. I guess they did
listen to the show. First, that's why?
with me, though, there's some
pretty incredible musical acts that it can be rocking out in the arena. That's right in front of me and I will sit here and talk about geeky text off, so the question is, then: what topic should I
Ivar for this episode, and I asked myself that several times I had a lot of possible answers. I am maybe I could talk about
tat of running a concert? For example, there is a lot of tech involved in that. Maybe I could just talk about the tec needed to make sure of bans, equipment,
all working properly. I could talk about sound systems or lasers or pyrotechnics or all sorts of stuff, but I'm in vegas baby.
what's more I'm staying at the hotel, its own by m gm resorts. So I think the topic to tackle is the recent hacker attack on that come
So what exactly happened? Who is responsible for who do? We think is responsible how
It unfold and what are the ongoing consequences so said that folks, it's fun to do a casino heist, podcast episode text stuff, stop now
We, I thought I do a quick history of em gm resorts, international companies. That became the target of the hackers plan, as it turns out that companies history is, let's say, its super complicated and
overlaps. The history of mgm studios, the film company, as well as numerous other companies, both within
gambling world and beyond so run
then go through all of that which would be
using in an entire episode by itself. I'm just gonna to kind give you a summary so since the mid nineties
Eighty, the company, that we now call em gm resorts international has had some major ups and downs.
It has also overtime, swallowed up other companies that operated resorts and casinos in vegas and in other places today in gm reserve,
national operates, but does not own numerous resorts in vegas and beyond
the vegas properties are the mgm grand and assorted mgm properties like park and gm.
The ballade, the area, the cosmopolitan new york new york, excalibur
the lux or mandalay bay and some more
and it also has a more than forty percent ownership of the t mobile arena. The building that is directly
we just the building. However, they do not own the land, the company.
Made somewhere in the neighbourhood of thirteen billion dollars in revenue last year, that was an
he's from nearly nine point, seven billion from the year before, and it seems that twenty twenty two
beside the highest revenues and the companies history so far, of course run,
It was not the same as income bats more to the tune of one point: four billion dollars for twenty twenty to that
a lot of money, a princely some, as I might say,
the own more than thirty billion dollars worth of assets, so, in other words, to enterprising thieves.
m gm resorts. International is attempting target heck us. The stuff of ice movies right except a heist, is typically a high risk endeavour and it's almost bound to fail. Successful heist have had
in the past, even in vegas but more often than not, the house comes out on top moving the highest
to the realm of computer systems, becomes a different matter. However, it's more likely that you can find a way to pull off your crimes. While
you protect yourself now before we move on to the actual hacking attack, I also need
dimension the company Caesar's entertainment.
I m. Gm Caesar's has a really really complicated history, its filled with mergers and acquisitions and sales, and even bankruptcies. They gets bonkers. The most recent move of that company was in twenty twenty. That's when another company called eldorado resorts incorporated
Acquired caesar's entertainment corporation, then eldorado resorts changed its own name to Caesar's entertainment, but there are other
companies that are a lump in there as well like heroes. Entertainment is part of that. Anyway, in twenty fifteen caesar's went into bankruptcy and as part of the effort to get out of bankruptcy, the company split into two entities, one would be a company that would actually operate.
various resorts and casinos the other would be what is called a real estate, investment trust or r E. I t which would actually own all the properties to get into ari. I tease is beyond the scope of the show, but y'all they can be monsters anyway. The spin off r e, I T, took the name vici after veni, vidi, vici. You know I came, I saw I conquered so VG technically owns many nineteen, in fact of caesar's properties. There's the wild thing last year: vici, acquired ownership of thirteen m g m properties, so both caesars entertainment and
gm resorts of national pay rent to vichy in order to operate their respective casinos. So you want to know what the power behind the throne is looked bt anyway,
while all those dealings are worthy of a deep and engrossing podcast series. This is a hint somebody make a podcast series about these real estate companies and their their involvement in las vegas, because it is fascinating,
but our focus should really beyond the hacker attacks nowadays,
important that I mentioned Caesar's, because, while the attack on incomes properties was the major attack, that's been in the news for a couple of weeks now
those same hackers, or at least some of them, first targeted caesar's entertainment a little earlier to
of the biggest gambling companies in the world, have fallen prey to hackers, and it appears that the foothold the hackers established came courtesy of a third party security firm and also involves a very important company in tech, namely Acta. Thou YA
The hacker attack is bad news for india. There is no way around it, but
I would actually argue it could be way worse for october, at least as far as reputations go, and that's because Acta is an identity and access management company. This is the company that markets, the user authentication system that tons of other companies.
rely upon with her a company can hand over the trickier elements of user authentication
was companies grow more complex, they might add more systems that employees rely upon and it can be a hassle if you need a different law again for every single service. You use a service like single sign on really simplifies things. You have a username and password, and that gives you access to a suite of different services
all the just one loggia, so you can see where the value of that it's right. Well, with act of a company,
can hand over all of this, an octave handles it and you pretty much after just trust, aka to be a good steward of this process.
now, todd mckinnon and frederick Carest cofounded doc
back in two thousand nine, the company has been
focus of a couple of security incidences since its founding in twenty twenty one, a hacker group secured limited access to aka systems by
compromising a camera network inside the octave offices. Specifically, a system designed by ver
a company that I should probably talk about a future episode in early twenty twenty two different hacker group, known as lapses accessed octaves systems. This time the attack vector was a third parties,
port engineer, lapses. Shared information suggesting that they data breach,
far greater than what octave was telling the public, but after executives really held there
round, they said that are only around two point. Five percent of octaves customers were potentially impacted by this data breach and that the hackers had limited access to customer data. Aka said the data breach lasted for less than half an hour and it only hit to customers whereas lapses claimed and maintain a presence in octaves systems or this client of actors systems for the better part of a week. Now that attack was bad, but it could have been worse and debate
only fair to october. It was really the third party security person who was at fault for the breach, though I never really saw details on exactly what happened with that one. I imagine it was something fairly similar to what we are talking about today. So, let's set the scene we're not going to go strictly chronologically because some information we wooden
oh about until later, so we're gonna be jumping around a little bit, for the purposes of our story will begin on september, tenth, twenty twenty three that day,
Some folks who are staying at mgm resort. International properties began to encounter errors, while they were trying to interface with various systems connected to those properties. The following day september, eleven twenty twenty three.
Things got much worse. Players who are members of mgm resorts loyalty programme so that their loyalty features weren't working at the websites went down.
while staying at him gm properties found that their digital keys that they dependent on on their smartphones. They were working anymore. They could
get into their rooms using their digital keats. They, these effects got worse
a lot of video slot machines went off line. That was a huge indicator
Something really bad had happened. Sports
features were interrupted. Even eighty ends on casino floors went out of service
eleven twenty seven a m eastern time, mgm resorts posted on x. You know that
platform, formerly known as twitter. A little message, and it read quote
m gm resorts recently identified.
cyber security issue affecting some
the company systems promptly after detecting the issue we quickly began and investigate
and with assistance from leading external cyber security experts. We also notified law enforcement and took prompt action to protect our systems and data
including shutting down certain systems. Are investigation
is ongoing and we are working diligently to determine the nature and scope of the matter and quote
no it's serious when they say that they responded promptly and quickly.
yet both of those back to back. You know it's! It's.
At that time and what exactly happened? Well I'll tell you after we come back from this quick break
hey podcast listeners returning for season for is the restless ones and original podcast presented by t mobile for business, and I heard-
radio join me, as I sit down for in depth discussions with the people at the intersection of technology and business
learn of their unique missions and challenges to enhance, optimization and drive their organizations forward. We reveal how two days
bored thinking, leaders continue to thrive and a world of ever changing technology.
Here from those on the leading edge of business, share industry, expertise and how a strong, inflexible network lays the foundation for positive changes in their fields for
revolutions, and customer experience and employee enable meant to ideas with the power to change the game and even the world. They are building a bridge to what's next and adopting transformative technologies like five g to create a more connected and mean
for future today check out new episodes of the restless ones available
on the heart, radioactive apple pod or wherever you listened abad guests. First, tech federal credit unions can reward you with a better way to maximize you're mine. A first take rewards, checking
It is a good way to start earning more with an annual percentage level that the four percent earn cash back rewards bonus. Credit card rewards
and more perks role always use bad, maybe
That's why money magazine, name, first tech rewards checking as twenty twenty three is best rewards, checking account, among all credit unions. First task is the financial partner for the tec gimme.
and we invest in you, so you can
banking with better rates and bigger rewards, comes
What kind of rewards awaits you by visiting first tech, fed dotcom, slash, checking first tech, invest in EU insured by us.
EU membership is required and subject to approval for stack, rewards
In April, I is four percent annual percentage yelled in the first fifteen thousand dollars with qualifying transactions. Any statements in point, one percent of remaining balanced non qualified ap wise,
point zero. One percent on all ballasts nissan has a car for everyone. Not me,
every driver who, once more whatever you're more, is more freedom, more head, turning style, more turbo charged excitement nissan hand,
that get more fun behind the wheel of the nissan z. The sports car built to deliver the most thrilling. Dr ever get more action from the nissan roque that can take on any terrain with a twist of a dial. If more. At
venture, is what you're, after find it in the nissan pathfinder the vehicle with the muscle to handle the journey. Looking for more zip, the agile and stylish nissan sentra is for you
and for a drive, that's positively more electric nissan
are, has the perfect combination of raw power and refine luxury? When you want more of what
ex driving exciting from sports cars and stands to ease pick ups and crossovers nissan is the call because more is all we do, get the endless,
thrills and the more you ve been looking for checks.
While nissan's exciting line up, learn more at nissan usa: dot com, hello there. This is Malcolm gladwell, host of revisionist history. Ebay motors is here for the ride. You saw the potential through some elbow, grease, fresh installs and a whole lot of love. You transformed one hundred thousand miles in a body full of rust into a drive entirely. It's own look to your left. Look to your right. No one's got a ride like this there's nothing else. That sounds like feels
or looks like the set of wheels in your garage with over a hundred and twenty two million parts for your number one right or die. You can make sure your ride stays running smoothly. So there's no limit to how far you can take a break kits: turbo chargers, engines, exhaust kids, roof racks
lady headlights, bumpers. Whatever your baby needs, ebay motors has it and with the ebay guaranteed to fit, is guaranteed to fit your ride. The first time everytime pull your money back plus at these prices. You're burning,
tat cash. Keep your right or die alive. Today, motors talkin eligible items, only exclusion supply,
All right, we're back, you are listening to tax stuff, like that. The I hurt podcast studio powered by both at the house of music at the
hard radio, music festival in the house. The job.
doubt. This is a pretty incredible experience. Whenever I look up, I'm just seeing tons of people in
it's pretty outfits wandering around getting ready for the festival and hanging out the house music. It's pretty cool again, I feel like I'm
We have a place here, but they invited me. So I guess I should just embrace it. So we're gonna
back into this cyber security incident that had a couple of major gaming and hotel companies and dozens of properties. So, as you might expect, speculation ran rampant regarding the nature of the cyber security issue that mgm resorts international mentioned. Some thought that it could just be a massive systems. Failure like yeah, maybe some key system that connects everything went down. Some people figured it had to be around somewhere attack. Lots of folks assumed that the issue will receive a ton of covered.
uncertain pod guests. No one mention me just hurt. My feelings and folks were complain right away about the issues they encountered. One x user posted quote. We are at one of your resorts. It's pretty widespread. We can't check in pay with card use coms, receiver gifts, get tickets out of machines, end quote, others claimed they had unexplained charges on their bills. As some of these incidents happened,
before september eleventh so whether they are accurate or maybe they reflect some other issue. That's unrelated to this, or maybe
the attempt of cashing in on a bigger problem. I can't say I don't know I just know: people reported it. The web
It's for various mgm resorts as well
as the sites for restaurants on him. Gm properties all went down, mgm replaced its website with.
Can a landing page. The directive, people to call resorts directly so just listed each resort and its own number, so you
Call them on the phone you know like
hey man, that's a joke! I'm old! I still call places on occasion. The following day m gm resorts gave an update, saying that much of its services were operational, including entertainment
dining and gaming, but people were stolen, countering issues. There are still problems with slot machines,
and pay became the method to cash out. This is when you have to signal for a casino employee to come over and count out by hand your winnings, rather than getting the machine to print out a ticket, and you take that ticket to pay out machine feet again, and then you get your cash that way. The atm
still having issues people still couldn't check in online. They could not make a card payment to book a room at that point.
I'm were forming at the desks of various him gm resort properties, because you can use your digital
at also couldn't just check in with your phone and then use your phone to get into your room. You had to go and get a physical key card. It was still like an hour if I d chip key cards or you could hold it up to the door and it would open but your hand to have one. You couldn't just use your
want to do it, so that meant everybody had to go and wait in line to get a key. On september twelfth we heard that a hacker group called alpha, a l, p h v. Actually that's the way
style. Their name sometimes are also called black cat. We heard that they could have been behind the attack. Now the the black cat name actually comes from malware that this group has created. You know some malicious software ran somewhere.
be precise and alpha introduced that in late twenty twenty one and here's how an alpha attack, which typically work out, so the group would end up collaborating with someone to inject the malware into a targeted system that person might be
it disgruntled employee of the target of maybe they're, not even disgruntled, maybe they're, just very greedy, because alpha would offer up to ninety percent of a ransom to the cloth and quote affiliate. They affiliate could also be some other hacker group that its job is just to gain access to it.
system through some means an alpha would provide the malware, while the other group actually would get access to the targeted become this. You know this collaborative effort
This means the business model for alpha is: are a ass. That stuff
for ransom where, as a service that as us,
this trend has gone out of control ya'll. So these hackers, who primarily communicate on russian language platforms, build the tools, but they don't necessarily carry out the attacks themselves, their facilitators, the black cat malware in crypts, a target computers,
so it makes it inaccessible to the systems rightful owner. So imagine you log in to your computer, but you find out you can't access anything. All the files are encrypted
Although the methodologies are encrypt, you can't decrypting, so it's just a brick without
key data on your machine stays out of your reach, and then you see a message and the message
tells you that the hackers will give you access back to your dad,
It will give you the decryption key, but only if you pay them a ransom, usually
This is in the the realm of millions of dollars. Typically, they ask for it in the form of crypto currency, to avoid being traced back to the people responsible, and if you don't pay up, the hackers will say either you will not get access
data again. It's just gone or they'll delete it sometimes they'll say alright. We won't delete it. Instead, what we're going to do is we're going to release all that data on a public platform so that, anyway,
Everyone can see what it is.
Typically, ransomware hackers want to target organizations that have a lot of money and a lot of incentive to protect data now pretty much.
every organization has an incentive to protect its data, at least to some extent. Information is the currency of the modern era. After all, and while
he can't spend information. You you can sure affect the value of accompanied by stealing there. For me,
the ransom, where hackers typically want to target organisations that have access to buckets of cash. So prime targets for these hackers ideally fall into a couple of categories. If it's a really big company and its business depends upon the safe keeping of information, particularly really personal information that ends up being a big target, so hospitals and other health care companies fall into that
glory by law. These companies are meant to keep patient data secure their in big trouble if they don't and obviously any health care company that fails to live up to that would have.
a massive problem, not just from the government or from law enforcement, but now they they would lose the the confidence of pay.
Ships and patients could have their lives really upturned if their personal health information gets shared everywhere. So the thinking go
that those companies are more likely to pay a ransom in order to make the prom go away.
Why ransom, where hackers target healthcare companies so frequently there?
a very high incentive to get the problem fixed as quickly as possible,
Well, casinos and resorts definitely fall into that. A similar category right. First, you ve, pry heard the phrase the house always wins, we'll have phrase reference is the fact that the odds are ever in the favour of the house. You might have a good night at the tables and he might leave with more money than you brought with you. A lot of other people will, in the night
down with less money than what they started with or maybe you'll also be down a little bit and other folks will also be down a bit
and some of them might be down a lot. All casino games favour the house and I make sense, because if they didn't favour the house than casinos would soon be other business right
So instead collectively the casinos nevada can make at least a billion dollars every month. That's across all the casinos and nevada.
Some games will give you better shot at winning that other games.
Jack is a game that has failed.
a decent odds somewhere,
labour. Out of forty percent to win, dealers have
a forty nine percent chance to win and youth might think, o forty nine plus sporty that
That's not a hundred will ass because the rest, the odds, kind of cover, the case where you can have a draw or a push where you go to the next hand, meanwhile
games like keno or the wheel of fortune. They have some of the worst odds in gambling set, doesn't mean your destined to lose. If you play
but the chances are pretty darn high. So anyway, this means that casinos,
make a lot of money, if I might elaborate, they make a crap ton of money in that puts them firmly and one of the categories that ran somewhere. Hackers love to target companies that are flush with cash,
on top of that, these casinos deal with a lot of customer data, whether at someone staying in a resort or
a gambler who has signed up to participate in a loyalty programme, which is a pretty frequent thing, because the casinos here have lots of incentives to get people to sign up to their loyalty programs you can get gives you can redeem credits, you can get a free room if you're a frequent gambler and your party.
well programme. There are a lot of reasons for that. In return, one, the casino has a repeat customer, which is very valuable, unto the casino can gather data about the p
who visit their resorts and learn more about them and thus cater to them more.
Even more money, so
this. Information has value not just because of how it can be used to advertised individuals. Us often what we talk about when we talk about data in the modern world,
but it has value because the customers are trusting the casinos with this information, even
They are aware of the implications, and so when there,
is a data breach. Suddenly, customers get
very much concerned about that data. It affects them directly. If there's
the possibility that the customers own finances could be compromised, that's
you'd problem above the customer and the casino. So this mean
casinos and resorts are in that sweet spot for ransom where hackers. So how did we find out about alpha's alleged involvement with the indian resorts international hack, but one early statement came from the ex account. The twitter
out of a group called the ex underground, the ex underground bills itself, as the largest collection of malware source code, samples and papers on the internet, and they work with lots of researchers. They work with hackers, they workload tons of people largely to educate about now where they are rather
cheeky, I would say they ate the kind of have that cheeky sense of hackers that they do not
sally come across as being button down, let's say so on
the timber twelve, the ex underground posted all alpha, ransomware group did to compromise. Indian resorts was hop on
then find an employee then call the help desk a company valued at thirty three
billion. Nine hundred million dollars was defeated by a ten minute conversation. End quote: thou mgm do not
common on this and as far as I am aware, has never actually reference there. Cyber security incident as an attack, but lots of other folks have not been in the mood to mince words,
and the information that would come out later seem to align with what the ex underground was claiming. The attack happened
through social engineering, so stage one you
learn about the person you are going to impersonate you,
and someone on linked in who has listed their job title and where they work
if you can find someone who has a very high profile job title, something it's really high up at an organization, that's potentially much better or
It's not high up at least someone who works within the I t department, because that typically means you're going to find someone who has a lot of access to the systems if you're able to compromise there
Now I have talked about social engineering a tonne on this show how it is a huge part of hacking.
I see you. Ve got a system that is at least in theory, really well secured. Your best bet of infiltrate the system is to target
vulnerability, and sometimes you find out about technical vulnerability right. You might find out that there's a vulnerability in some software that accompany is dependent upon and bite
are getting that software vulnerability. You can penetrate the system, you can gain access to it. You get a foothold there,
and if you're really got a really quick and or really lucky, you can exploit that vulnerability and then you're an obvious.
Hey, there's way more to it than that I mean just because you get access doesn't mean that you can do anything, and even if he can do something, you might get found out before you're able to really do a lot of damage. But you get the idea, that's one method of penetrating a secure system as you target a vulnerability in some software, but another way is not to worry about the tech side that much at all you target poll. You look at people who have access to the system
you want to infiltrate. People are frequently, in fact, almost always, I would say, the weakest point of a security system. If you can convince someone who had
as access to hand that access over your in maybe you outright trick the person
maybe you pose as someone in authority or maybe someone who needs help
You convince them to do something. They absolutely shouldn't do as it turns out most of us anyway, if we are,
presented with someone who is
saying that they really need help there in desperate need of some assistance. We want to try and be the person to give them that assistance is not universally true, but drew often enough that this
approach works a lot or maybe, instead, you actually are promising this person a cut of the money. Maybe your counting on their greed to push them into granting you access a few target, someone who has a lot of administrative access to a system, but they are
not in a high paying job, sometimes just promising them that you're sweet, cold hard cash is enough to let them be kind of a conspirator on your side.
Now, in this case, it seems that someone taught to a third party, eighty staffer and as part of that conversation, they can
Hence the eighty staffer to reset some multi factor, authentication settings so that the hackers could gain access to a single sign on system. You know the cost of that. Acta provides.
now I'm guessing. A lot of you know that there are different levels of access with computer systems, whether we're talking about a net.
Or even just a single computer, so, for example, a user
typically as limited access to a computer or a system
might be able to do stuff like open, specific probe.
amazon, color files, negative thing, but to make actual changes to the commission.
The user might need administrator access, while others
of access come with specific permissions, an administrator level access.
No such restrictions, and so the attackers one
to target accounts that would have the highest administrator access to systems to have as much opportunity to do whatever they wanted, as they could so on september. Fourteenth news broke that Caesar's entertainment had also been the target of a ransom where attack the company had filed a report with the ssc on september. Seventh, in that report, the company leads with Caesar's entertainment, incorporated the company we or are because officials
only recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced sourced eighty support vendor used by the company.
customer phasing operations, including our physical properties and our online and bobo gaming applications have not been impacted by
this incident and continue without disruption. End quote so,
that's a big difference between these Caesar's attack and what happened at em gm there,
pour, it goes on to say that investigation determined that the hackers were able to access information in caesar's entertainments loyalty,
program. Interface.
Obviously that includes customer information, including stuff like driver's license numbers and or social security numbers. If you
in role in these. You typically have to allow them to make a copy of things like your driver's license in order to get the benefits of the loyalty programme. Now that
clearly a risk or things like identity theft. They said
no evidence that the hackers were able to access things like passwords bank account information or payment card information. So that's good, but the identity theft issue is still a big and
and they did say they would offer credit monitoring to all members of the loyalty programme and that it had already taken steps to quote to ensure that the stolen data is deleted by the unauthorized
to end quote. So. How do they make sure that this data gets deleted by a party? They have no control over most folks interpreted that to mean that Caesar's had paid the
and some now the rumour mill said that
workers were asking for thirty million dollars and in return they would Pinky swear. They would delete the stolen data. Caesar's ultimately agreed to pay fifteen million,
fifteen million dollars to delete information yells and by the way
fifteen million dollars means that technically this would have been
The second most successful casino heist that I have ever encountered and granted it's not quite the same as a casino heist, but then number one really isn't either I'll talk more about that towards the end of this episode. In fact, we'll talk a lot more about the hackers and what they did, but we're going to take another quick break. I I I I I
hey bud gas listeners returning for season, for is the restless ones and original podcast presented by t mobile for business, and I
radio join me as I sit down for in depth discussions with the people at the intersection of technology and business
learn of their unique missions and challenges to enhance, optimization and drive their organizations forward. We reveal how today's
forward. Thinking leaders continue to thrive and a world of ever changing technology.
here from those on the leading edge of business, share, industry, expertise and how a strong, inflexible network lays the foundation for positive changes in their fields
revolutions and customer experience and employee enable meant to ideas with the power to change the game and even the world. They are building a bridge to what's next and adopting transformative technologies like five g to create a more connected and me
for future today check out new episodes of the restless ones available,
and I heard radio app apple podcast or wherever you listen to broadcasts. First tech federal credit union can reward you with a better way to maximize you're mine. A first take rewards checking
God is a good way to start earning more with an annual percentage level that the four percent earn cash back rewards bonus credit card rewards
and more perks, role, a ways you span.
It s why money magazine, name, first tech rewards checking as twenty twenty three is best rewards. Checking account, among all credit unions. First attack is the financial partner for the tec. Gimme
and we invest in you, so you can
enjoy banking with better rates and bigger rewards come
what kind of rewards await you by visiting first tech, fed dotcom, slash, checking first tech. Invest in eu insured by
so you membership is required and subject to approval, restock rewards
Can I be wise, four percent annual percentage yielding the first fifteen thousand dollars with qualifying transactions. Any statements in point, one percent of remaining bows non quantified api.
point zero one percent on all ballasts nissan has a car for everyone them
in every driver who, once more whatever you're more, is more freedom, more had turning style, more turbo charged excitement nissan huh,
does it get more fun behind the wheel of the nissan z, the sports car built to deliver the most thrilling. Dr ever get more action from the nissan rope that can take on any terrain with a twist of a dial if more at,
Venture is what you're, after find it in the nissan pathfinder the vehicle, with the muscle to handle the journey. Looking for more zip, the agile and stylish nissan sentra is for you
and for a drive, that's positively, more electric nissan,
Arya has the perfect combination of raw power and refine luxury. When you want more of what
it's driving exciting from sports cars and stands to ease pick ups and crossovers nissan is the call because more is all we do get the endless
thrills and the more you ve been looking for. You
hell. Nissan's, exciting line up, learn more at nissan usa. Dot com, hello there. This is malcolm Gladwell host of revisionist history. Ebay motors is here for the ride. You saw the potential through some elbow, grease, fresh installs and a whole lotta love. You transformed one hundred thousand miles in a body full of rust into a drive entirely. It's own look to your left. Look to your right. No one's got a ride like this there's nothing else. That sounds like feels,
or looks like the set of wheels in your garage with over a hundred and twenty two million parts for your number one right or die. You could make sure your ride stays running smoothly. So there's no limit to how far you can take a break, its turbo chargers, engines, exhaust gets roof racks.
Allie di headlights, bumpers. Whatever your baby needs ebay motors has it and with the Ebay guarantee to fit, is guaranteed to fit your ride. The first time, every time for your money back plus at these prices, you're burning
not cash. Keep your right or die alive. Today, motors talkin eligible items, only exclusion supply,
The
ok, we're back here, listening to text of live or die hard august studio powered by bows
also music at the heart radio, music festival, aright
moving forward a little bit more around september, fifteenth, a different hacker group called scattered spider, claimed responsibility for the m gm attack, but not the caesars attack the ex underground referred to scattered spider as eight
sub group acquaint numerous sources. This group, mostly consists of young hackers, think like seventeen to twenty two who live in places like the united states in the united kingdom. They appear to be native english. Speakers are extremely low in english speakers and they have a reputation for being very, very good. At social engineering, scattered spider is suspected of using tools like fishing websites, in addition to social engineering, so they typically will direct some one to a log in
it's that looks like it's a legit page, but in fact it allows the hackers to fish for credentials as for multi factor, authentication calling- and I d help- does to reset my phase and effective way to get around that there's also sim card, swapping that they ve done where they ve convinced phone companies to swap I
a digital sim card to a different
ice they pose. As a customer, and then they talk the the telecom,
nations, rap on the other, in the line,
to change a sum card setting which then gives
the ability to access things like multi factor authentication when the code get sent instead of going to be valid person, it goes to their phone number, which has now been switch to a different phones. Some cart
very nefarious now you might wonder about resetting multi factor authentication why anyone would even agree to do that. In the first place I mean the whole point:
Multi factor authentication is to have multiple ways of authenticating a person's identity, but with just a little thinking it becomes clear.
Let's say that you call into an I d help desk and you claim that you
no longer access your work account because you recently changed phone numbers
So that means that when you try to log in you're getting a text message sent to your old phone number and you can't receive it. So you are talking with I'm saying
I need you to switch this because I saw my user name must all my password, but I can't get access because they no longer have that phone and I need to be able to access my work so
password reset. Maybe you have a lot of information about the person that your posing ass says you can convince the the person, on the other end of the phone, call that your legitimate again, that's what you do with the an investigation when you're, using linked in to learn a little bit about her you're
you're kind of patsy- if you will, maybe you just don't really clueless and stressed, and you just trigger the iD person's desire to help you get out of a tight spot. Like I said, most of us
We want to help someone when they are really struggling. They reset the emma Faye on they account they put a new phone number and that a phone that you have in the control- and now you don't have to worry about that multi factor, authentication processing. So I want to be clear: scared, spider. These are not stripped kiddies, they write. These are not people who just
download some code and then they make use of it. They have an understanding of how computer and cloud systems work. They haven't understand
of how the underlying businesses work. They do their homework,
knowing how these businesses work. They know how to target and make
their social engineering efforts, have the best chance for success. So I want to be clear, like they are,
what they do they're, not just fast talkers. They know
their stuff so its past,
all that they were involved in one or maybe even both- of the attacks, though again they weren't, claiming that, however
Alpha has also claimed responsibility for the m gm attack and they argued that any reports stating it was teenagers were inaccurate and based on rumours,
there is another rumour that alpha was very quick to deny that was report.
Then at least some outlets that had to do with slot machines, so
According to this rumour- and I love this rumour-
According to this rumour, scattered spider originally wanted to essential,
reprogram slot machines so that they just started to pay out cash kind of
like a scene. That's in the of the ocean.
Eleven movies, except this would mean that the slot machines would sort spit out tickets kind of like receipts with winnings on them.
The rumour goes. The hackers found this wasn't really possible, in fact, when the rumour said that the person who is making the suggestion has
we've seen the oceans eleven movies, so there
this talking about something they had heard of, and why the dry.
and when they found out that it wasn't gonna be as easy as I thought they moved on to just steel data from the computer systems. Now
categorically says this story is totally false, it's completely fiction and that it somehow got circulated among news outlets.
What's the truth, there are now back to Acta. So david bribery, these EU law
I said that social engineering attacks are at the root of five arctic clients who have recently found themselves compromised by ransom where attacks
and that Caesar's, entertainment and m gm resorts are two of those five, but he hasn't named the other three he also
different scattered spider and alpha as business associates or affiliates, suggesting that
Some of the hacks of arctic clients are the product of cooperation between these two groups. So
story is still unfolding as our record here in LAS vegas right now, currently, mgm resorts international says that all operations are back to normal. That's, however, things being reported and that its continuing to investigate the quote unquote cyber security
you that the f b I is involved and that they're taking this very seriously there are concerns that these attacks will have a hefty impact on the value of both mgm and caesars entertainment. It certainly had an impact on him. Gems ability to generate revenue
While all this was going on a loyalty programme, members should probably sign up for credit monitoring, because a lot of their personal information is stored in those systems and
it sounds like hackers gotta access to all of that stuff so
chrome monitoring is not a bad idea if you want to make sure that your information hasn't just start been trading around on the dark web and people start like taking out credit cards under your name. That kind of thing so probably a good idea, at least to keep an eye on your credit, it's easier,
you do sign up for credit monitoring, but you you can do it on your own if you're really diligent about it. The YAP scary,
stuff, I'll also say this. So I've been staying at the aria.
unlike s at which is a new gm resorts property and have encountered some ten.
Oh glitches, which may or may not have any connection to the hackers. According to the boy spoke with day recently,.
Is that a new computer system and brought it online and that the issues their running into may very well just be working the bugs out of a new system and have nothing to do with the.
hackers at all. But what I will say is that they have connected essentially all room controls through an internet. In her face,
and you can use a tablet or I assume, an app to be able to access those things, but when
I got to my room. Ah
but I found was that I could not closed the curtain on the window. I could not turn off the lights in my room. None of the buttons worked the tablet that was part of the room. I would not connect. I did not
to use the app for reasons that I think should be pretty obvious and so
again. I don't want him say that that's part of the hacker attack, but it was unfortunate to have that that sort of experience right on the tail end of this hacker issue,
its concerning, and it's one of those exult continuously come up
nothing. I will say this again not directly connected to the hacker attack, but just something that I observed. The wifi in that hotel is an open wifi,
like you can just connect to it, and you know you do a little sign on on a web landing page, but then you're connected there's no password security on the wifi network at all, and I gotta tell you if you are a major hotel that
just been the target of a massive ran somewhere attack. Maybe you should,
start offering a password protected wifi network. I'll, tell you this, I wont connect to
Unless I'm using a viviane, I
refused to do it. They may be perfectly safe, but it might not be with an open network like that in a recent attack in not even a week
old at this point that there were still issues unfolding this past week? Don't
so yeah interesting observations as from
bring forward. I think these attacks are the most recent reminders. The organizations have to make some really big
decisions about cyber security, now part of that
really involves an ongoing educational approach that reinforces how to spot social engineering and fishing schemes and
it's important not to share credentials or to act on suspicious emails or phone calls. This is particular,
true for people who are working and positions that have administrative level access to certain computer systems within an organization. If we count the ransom that Caesar's allegedly paid to have sensitive customer data deleted. As a heist like, I said, it would be the second biggest casino heist in history.
from what I can tell at least from a monetary standpoint. If you're wondering what is the number one will that goes to a key, a new zealand named james manning,
the help of a casino services manager managed to cheat his way to thirty. Three million dollars by cheating at blackjack.
So supposedly he and this casino employee were able to breach the security cameras system and they used things like hand, signals and stuff in order to cheat on eight successive hands, a black jack that ultimately resulted in thirty, three million dollars of winnings manning was confronted and then by your casino security, and then he was banned from the crown costs
no in melbourne, australia after they picked up on the scam and fortunately before the casino had actually credited him most of his winnings. So it
walk away with thirty three million dollars. The casino chose to keep this matter quiet
other than suffer embarrassment by admitting that they got taken for thirty million
this was made a little more complicated because manning was supposed to participate in a pr stunt later in that week he was supposed to order and outrageously expensive cocktail called the winston.
The winston was priced at twelve,
thousand five hundred dollars for a single cocktail
do. You know I'd even promoted that this was going to happen,
so this is gonna, be like an event type of thing and that
would establish against world record for the most expensive cocktail ever purchased, but
with manning's scam uncovered and then have banned from the casino they had the sky,
able to come up with an alternative customer. And then,
had to arrange to pay the guy back. So really it wasn't a purchase it
Oh, like money, changed hands but changed hands back. So there was no real purchase here by the way that that story all
as its own share of drama and scandal. That goes beyond what I just said, but I think we ve had enough for one episode of yes me, so that means there were region.
point where it's time for me to sign off from the I heart podcast studio
powered by bows here at the eye: heart
idiot music festival in LAS vegas nevada,
and maybe in law
of these recent hacker attacks. We should actually check
that saying to say the house almost always win
hope. You are all well I'll talk to you again. Release
the tech
I heart radio production for more pod tasks from my heart radio visit the iheart radio, an apple podcast,
where, were you, listen to your favorite jobs?.
Are you ready for a new era of color, because physios new quantum and quantum pro tvs deliver their highest color count ever along with wide viewing angles? So you can sit wherever you want and still get the perfect picture. They come loaded
it's all your favorite apps too, like iheart radio, so you can stream music, radio and podcasts straight out the box, so whether it's mesmerizing brightness superior contrast or high speed wifi for streaming and gaming. That you're after these jeebies habit heads
yoda com to learn more or check them out of your favorite retailer, get into the festive spirit with zero.
Play and I heart radio zumo play has free, live and on demand. Holiday. Entertainment fill your home with the soundtrack of the season on the I heart christmas music channel, snuggle on the couch with the holiday starring cameron, Diaz, Kate, winslet and jude law streaming free only on zumo play plus,
Zero original pledges, unforgettable christmas and take a chance at christmas zuma play is always free. No login, no sign up, no account no hassle photo played dot, zoo Mozart, com for some pollinate. Here, that's play: dot x, you m, o dot com last minute holiday shopping. Take the stress of the season with CBS from pre wrapped gifts, while presence and premium box chocolates to over fifty same day photo gets. There's something for every one left on your left,
and the free cbs pick up? You can order online and pick up in store in this little as one hour for quality convenience
Last minute holiday, magic CBS has you covered
CBS, dot, com, slash holiday for details
saturday showdown is back its approved in the football starting on december, sixteenth, with an exclusive trouble had libel bell network three.
that jobs all day Saturday watched back to back. To fact, batch kicking opened one be guilty with vikings. Bengal, followed by students goes all the way into prime time, with rocco line saturday December sixteenth only in a rail network and streaming on nfl plus
Transcript generated on 2023-12-14.