Authorities recently took a teenager into custody for allegedly participating in a significant cyberattack on several Las Vegas casino properties. This attack occurred between August and October 2023, leading to financial losses amounting to hundreds of millions of dollars, according to the Las Vegas Metropolitan Police Department.
The cyber intrusions have been linked to an organized group known by various names, including “Scattered Spider,” “Octo Tempest,” “UNC3944,” and “Oktapus.” The method used in the attack on MGM Resorts was notably straightforward. A hacker used LinkedIn to impersonate an MGM Grand employee, calling the IT Department to request a password reset. This allowed access to MGM’s internal systems in approximately 10 minutes, as reported by SFGATE.
After gaining access, the hackers reportedly disabled slot machines, hotel key cards, and blocked employee email access. They also prevented the hotel from booking and taking reservations. In a Securities and Exchange Commission (SEC) filing, MGM Grand reported $100 million in losses due to this cybersecurity breach.
Around the same time, Caesars Entertainment also reported a hack in an SEC filing. Hackers accessed sensitive customer data, including driver’s license information and social security numbers from Caesars’ loyalty program. Although the financial impact remains unclear, Caesars mentioned efforts to ensure the stolen data’s deletion. Cybersecurity experts cited by NBC News suggest that this might indicate a ransom payment to the hackers.
The FBI’s Cyber Task Force, along with LVMPD’s Cyber Investigative Group, spearheaded the investigation and identified the teenage suspect. The suspect surrendered at the Clark County Juvenile Detention Center on September 17. The charges against this juvenile include extortion, unauthorized use of another person’s identifying information, and unlawful computer acts. Due to the suspect’s age, authorities have not released his identity.

Leave a Reply