In February, PocketFives brought you a story about the websites of Sheldon Adelson’s Las Vegas Sands Corporation being hacked due to remarks he made about nuclear weapons. Sorry poker players, you can’t take credit for this one. Visitors to the websites of properties like the Venetian and Palazzo in Las Vegas were unable to do much of anything except view the fruits of the hackers’ labor.
Ten months later, BusinessWeekpublished an expose about the attack, which was far more extensive than just a few websites: “Numerous systems were felled, including those that run the loyalty rewards plans for Sands customers; programs that monitor the performance and payout of slot machines and table games at Sands’ US casinos; and a multimillion-dollar storage system.”
Iranians, whom Adelson’s inflammatory remarks were targeted against, were reportedly behind the attacks. And Sands seemed ill-prepared to handle the drama, according to BusinessWeek: “The company has been slow to adapt to digital threats. Two years ago, it had a cybersecurity staff of five people protecting 25,000 computers.” Maybe that’s part of the reason why the company is so vehemently against internet gambling.
The hackers were deliberate and focused throughout the process and, as BusinessWeek outlined, their big break came in early February. That month, the group found “the login credentials of a senior computer systems engineer who normally worked at company headquarters but whose password had been used in Bethlehem during a recent trip. Those credentials got the hackers into the gaming company’s servers in Las Vegas.”
The hack could have affected Sands across the globe, but was instead limited to the US. As BusinessWeek explained, “Among the first targets of the wiper software were the company’s Active Directory servers, which help manage network security and create a trusted link to systems abroad. If the hackers had waited before attacking these machines, the malware would have made it to Sands’ extensive properties in Singapore and China. Instead, the damage was confined to the US.”
The public attack on Sands’ websites soon followed, with pictures and messages targeted at Adelson as well as “a scrolling list of information about Sands Bethlehem employees that had been stolen in the breach, including names, titles, Social Security numbers, and e-mail addresses.” Oops. Sands estimates that it has spent about $40 million as a result of the attack. That’s roughly the same amount as Adelson’s net worth increased by each day in 2013.
BusinessWeek closed by profiling other major cyber-attacks and relaying that companies are on their own to combat them, as the odds of any firm receiving help from the US Government are slim. As a former director of the CIA and NSA said, “If this would have come across my desk when I was in government, I would have just put it in the outbox.”
Sands properties include The Venetian (Las Vegas), The Palazzo (Las Vegas), Sands Macau (Macau), The Venetian Macau (Cotai Strip), Four Seasons Macau (Cotai Strip), Sands Cotai Central (Cotai Strip), Sands Bethlehem (Pennsylvania), and Marina Bay Sands (Singapore).
Read the five-page BusinessWeek article by clicking here.