Las Vegas Still Struggling to Recover from Last Sunday's Cyberattack

"Chaos and Concern in Sin City," read this morning's headline on a video report from ABC News about "the massive cyberattack in Las Vegas crippling several hotels and casinos, and putting a damper on getaways for thousands of tourists there." "Today marks a week since that cyberattack hit Las Vegas, and MGM hotels and casinos are still working on getting systems back up and running.. The online reservation site for MGM is still down, ATMs not working, and those playing the slot machines or even video poker having to wait for attendants to pay them out in cash. All of this fiasco leading to long lines at check-in, and now a cyber investigation with the FBI...

Other gaming resorts also having issues. Caesar's entertainment says they too were a victim of a cyberattack, but their online operations were not impacted. Then this weekend at the Venetian, an outage shutting down some slots, but the resort says they're back up, and that at least thankfully was not due to a cyber attack.
They report MGM properties were affected as far away as Atlantic City, New Jersey.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Narcocide]

Difficult to do anything about when we have people helping them from the inside.

let the MOB deal with justice part

[Joe_Dragon]

let the MOB deal with justice part the people who did this will trun up dead.

Re:

[Narcocide]

Well, the people who did this may very well turn up dead if they get caught, but it probably won't be [the MOB] but rather the Satanist mafia, eliminating loose ends.

Re:

[pete6677]

Exactly. This might be the event that finally leads to Vegas casinos pulling their heads out of their asses and getting them back under mob control where they always belonged. It will require extra-judicial measures to keep this sort of thing from happening repeatedly.

Re:

[Applehu Akbar]

let the MOB deal with justice part the people who did this will trun up dead.

The Mob hasn't run Vegas for years. It's all large corporations like MGM now, companies whose bean counters see giving in and paying ransoms as the lowest-cost way forward.

Re:let the MOB deal with justice part

[arglebargle_xiv]

Exactly. The mob got out because having to rub shoulders with the likes of MGM made them feel dirty.

Re:

[NoWayNoShapeNoForm]

Exactly. The mob got out because having to rub shoulders with the likes of MGM made them feel dirty.

+1 Funny - IIHMP

Re:

[youngone]

So the people who at fault for this hack of casinos are women who work for the government?
Please, do go on.

Re:

[Oliver Wendell Jones]

Agreed, where can I subscribe to this newsletter?

Re:

[youngone]

I was hoping for one of those spittle-flecked rants about how woman are just the worst, and how they ruin everything, but it looks like futuretechoutlook has had to go for a wee lie down to stop his hands shaking.

Re:

[hdyoung]

Ceasar’s paid? I’m surprised. I thought that it was well established that paying is the worst thing to do. At best, the attacker takes the $$$ and does literally nothing. More likely, the payer has now identified themselves as weak and wealthy, in a world where the strong eat the weak.

I’m especially surprised that Ceasar’s would make that error. Generally, casinos are pretty comfortable operating in a world where knee-capping is just another Tuesday.

Huh. Interesting.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[The-Ixian]

Yeah, I mean, hospitals, police stations, schools, city government? Fine... But casinos?! This is where we draw the line! Just stop it Russia! Stop it right now!

Re:

[Cajun Hell]

Oh come on, how much more transparent can this weaponization of government be?! You can't just block the Republican Party from the internet. That's blatantly unconstitutional.

Retribution for paid parking

[quonset]

Someone's taking action after they were charged for parking [lasvegasadvisor.com] at one of the casinos on the Strip. They're just getting their money back.

Re:Retribution for paid parking

[Anonymous Coward]

Someone's taking action after they were charged for parking [lasvegasadvisor.com] at one of the casinos on the Strip. They're just getting their money back.

This. Among other things. I was just thinking that it must be such a coincidence that this happens almost a month right after DEFCON where they had oodles of exposed attack surfaces and it wasn't going to attract attention if you're walking around with a damned Yagi (as I saw a few times).

Re:

[leonbev]

Maybe some hacking groups finally realized that they were also getting fleeced by triple zero roulette tables, $20 cheeseburgers, and $35 nightly resort fees and decided it was time for payback.

Seriously, Vegas has become a place for tourists to get ripped off even if you're not a gambler nowadays.

Re:

[drinkypoo]

Seriously, Vegas has become a place for tourists to get ripped off even if you're not a gambler nowadays.

Vegas is a place for tourists to go to fuck.

Last time I was there for training the acting GM of another property (I think one of the casinos in AZ) was asking one of my coworkers if I would treat her right if she let me take her back to my room. I wasn't even remotely interested, but apparently she likes sasquatch. She also said (where I could hear her) that she gets pregnant every time she comes to Vegas. Holy fucking shit, batman.

Who's the bonehead?

[RitchCraft]

Who are the boneheads that made the decision to put video poker and slot machines on a network that has a connection the Internet? Talk about putting a big ass target on your back.

same ones that said 6-5 blackjack is an good idea!

[Joe_Dragon]

same ones that said 6-5 blackjack is an good idea!

Re:

[RitchCraft]

I'm not saying don't use a network. I'm saying keep the local in-house network off the Internet, i.e. air-gap.

Re:

[Howard Beale]

Vendors. Everyone is moving their applications to the cloud. "Big" iron (iSeries) is still out there at a number of locations but properties are going with Windows-based systems even though complexity is greater.

Re:

[Howard Beale]

Sorry to respond to my comment but Linux is out there as well. Unfortunately, seems that vendor's advice on best practices, patching, etc is lacking (and clients don't have expertise). One vendor I'm familiar with deploys different products on different Linux distributions; unbelievable. Pick one and stick with it.

Re:

[ctilsie242]

Digressing a bit, perhaps it might be wise for something like iSeries (well, it is all POWER now, and it runs IBM i, Red Hat, or AIX), but more open and universal, such as a 2-3U ARM or RISC-V server with financial software developed by a nonprofit, and funded by grants and donations? If a government donated and made an appliance that could handle what IBM i could... or even a fraction of the business stuff... it would go a long way to reducing financial breaches.

The reason to go with ARM or RISC-V is beca

Re:

[aaarrrgggh]

They have to be networked; that is a given. If they have gotten into your hotel|property management systems, Casino operations are likely only two hops away.

Re:

[AmiMoJo]

From TFA it appears that the gambling machines themselves are not affected and presumably not on the compromised network. It's the backend systems that handle virtual winnings that are down, the ones designed to avoid them needing to handle massive amounts of cash on-site.

They probably have to have internet access in order to handle transactions with other institutions. But that's also probably not how the network was compromised. It's likely via email or some other common vector, to a user whose computer i

Re:

[mjwx]

Who are the boneheads that made the decision to put video poker and slot machines on a network that has a connection the Internet? Talk about putting a big ass target on your back.

The bonehads who raked in a bonus for finding a way to monetise the data on the sad MFers who play pokie and slot machines. The same ones who thought having robust cyber security was a waste of money. The same ones that won't get fired for this.

Re:

[CEC-P]

I can't really give details but my company did some work at a different casino and we had to install a proxy server because even the cameras cannot be on the internet but they needed remote management from offsite. So we opened like 1 port or something (I'm infrastructure and hardware and OSes, not networking team) and that was the only way they'd let us do it. This is NOT a big casino and NOT in Vegas and yet they take security more seriously.

They Rolled The Dice

[zenlessyank]

And crapped out. I so don't feel sorry for them.

Defense fund?

[LostMyBeaver]

If they ever figure out who did it, I want to contribute to the defense fund. I am completely against businesses who prey on the weak. I hope whoever these hackers are manage to keep at it long enough for the casinos to lose their insurance.

There is only one solution

[battingly]

There is only one solution to ransomware attacks: a federal law that prevents paying the ransom. People who think the gangs can be caught and prosecuted are delusional. The only answer is to eliminate any chance of profit from the attack.

Macao?

[GrokvL]

Possibly Chinese state-based trying to create reputation hits on Las Vegas to increase tourist traffic to Macao?

What hackens in Vegas

[maudlins11]

Stays in Vegas

Let me guess ...

[cascadingstylesheet]

... they all use the same software, slickly marketed as being just perfect for casinos.

Re:

[CEC-P]

Well they obviously don't have the money to build their own system. They're a small, low-budget, family-run business lol.
Btw does anyone know how many casinos are not MGM on or near the strip? I feel like it's a lot. Not sure and I've actually been there twice. I know Excalibur, Aria, and a couple others are.