Casino Cyber Breach
January 2, 2020: Restaurant conglomerate Landry’s announced a point-of-sale malware attack that targeted customers’ payment card data – the company’s second data breach since 2015. The collected Personally Identifiable Information (PII) included credit and debit card numbers, expiration dates, verification codes, and cardholder names. CityNews has obtained pages appearing to be cyberhack data that is part of the massive Casino Rama cyber breach first reported Thursday. The links include collection agency information, revenue reports from the casino and hotel, and even customers’ credit and betting histories. In June 2016, Cowboys Casino announced they had suffered a personal data breach, sending out notifications to over 14,000 customers, clients and staff to notify them they could be victims.
It's been a year since American billionaire Sheldon Adelson's casino company was hacked. Now the blame is officially being placed on Iran.
For the first time, Director of National Intelligence James Clapper said the Iranian government was behind a damaging cyberattack on the Sands Las Vegas Corporation(LVS) in 2014. He mentioned it while testifying before the Senate Armed Services Committee this week.
Sands owns several well-known properties, including The Venetian and Palazzo in Las Vegas and two other resorts in Macao and Singapore.
The attack made headlines, because Las Vegas Sands is a large publicly-traded company. In February 2014, it said unidentified hackers broke into its computer network and stole customer data: credit card data, Social Security numbers and driver's licenses numbers.
At the time, it sounded like just another digital break-in. But the nation's leading intelligence official says it was much worse than that.
On Thursday, Clapper described it as a 'destructive cyberattack' on par with North Korea's hack of Sony. In that case, hackers wiped computers, destroyed data and froze the company to a halt.
It's unknown what damage Iranian hackers did to the casino company. Las Vegas Sands declined to comment for this story.
However, the company thinks hackers broke into its casino in Bethlehem, Pennsylvania and 'certain company data may have been destroyed,' according to documents it filed Friday with the Securities and Exchange Commission.
Of all targets, why Adelson's company? The businessman is a major donor to Republican politicians. He's staunchly pro-Israel, the ultimate foe of the current Iranian regime. And in the past, Adelson has casually suggested that the U.S. drop nuclear bombs on Iran.
If Clapper's assertion is true, this is the latest example of a frightening trend: governments are hacking private companies.
Chinese hacker spies have stolen business plans from U.S. power plants. Russian hackers have broken into American and European oil and gas companies. And most recently, leaked documents show American and British spies hacked a phone SIM card maker in the Netherlands.
Computer security experts widely agree that companies aren't prepared to handle this threat. It comes down to resources. A government is a predator with billions of dollars at its disposal to amass a formidable cyber army. Its prey is a lean, for-profit company with a small security team.
Clapper told senators that hackers in Iran and North Korea pose less of a threat than China and Russia. But they're still a serious foe.
'These destructive attacks demonstrate that Iran and North Korea are motivated and unpredictable cyber actors,' Clapper told senators on Thursday.
Having a whole bunch of smart objects like lights, appliances, and thermometers can make life a little more convenient for businesses, but buying into the internet of things can also make those same businesses more vulnerable to hackers.
Nicole Eagan, CEO of cybersecurity company Darktrace, revealed Thursday that a casino fell victim to hackers thanks to a smart thermometer it was using to monitor the water of an aquarium they had installed in the lobby, Business Insider reported. The hackers managed to find and steal information from the casino's high-roller database through the thermometer.
SEE ALSO: The Internet of Things: Everything You Need to Know In 2 Minutes
'The attackers used that to get a foothold in the network,' Eagan said at a Wall Street Journal panel. 'They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.'
That database may have included information about some of the unnamed casino's biggest spenders along with other private details, and hackers got a hold of it thanks to the internet of things.
As Eagan explained at the panel, the proliferation of connected smart devices makes people more vulnerable to cyber attacks. Hardly a surprise revelation, but this case stands as a good object example of the risks.
SEE ALSO: Lawmakers propose bill to make make smart devices more secure
'There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices,' she said. 'There's just a lot of IoT. It expands the attack surface, and most of this isn't covered by traditional defenses.'
Casino Cyber Breach Update
Because these devices tend to be very basic, they often don't include added security features outside of the common WPA2 Wi-Fi protocol, which by itself isn't a great line of defense. Of course, people are working to make these devices safer and more secure, but the world is still a long way off from being totally safe from hackers who exploit the internet of things.