BusinessWeek Profiles Cyber Attack on Las Vegas Sands


In February, PocketFives brought you a story about the websites of Sheldon Adelson’s Las Vegas Sands Corporation being hacked due to remarks he made about nuclear weapons. Sorry poker players, you can’t take credit for this one. Visitors to the websites of properties like the Venetian and Palazzo in Las Vegas were unable to do much of anything except view the fruits of the hackers’ labor.

Ten months later, BusinessWeekpublished an expose about the attack, which was far more extensive than just a few websites: “Numerous systems were felled, including those that run the loyalty rewards plans for Sands customers; programs that monitor the performance and payout of slot machines and table games at Sands’ US casinos; and a multimillion-dollar storage system.”

Iranians, whom Adelson’s inflammatory remarks were targeted against, were reportedly behind the attacks. And Sands seemed ill-prepared to handle the drama, according to BusinessWeek: “The company has been slow to adapt to digital threats. Two years ago, it had a cybersecurity staff of five people protecting 25,000 computers.” Maybe that’s part of the reason why the company is so vehemently against internet gambling.

The hackers were deliberate and focused throughout the process and, as BusinessWeek outlined, their big break came in early February. That month, the group found “the login credentials of a senior computer systems engineer who normally worked at company headquarters but whose password had been used in Bethlehem during a recent trip. Those credentials got the hackers into the gaming company’s servers in Las Vegas.”

The hack could have affected Sands across the globe, but was instead limited to the US. As BusinessWeek explained, “Among the first targets of the wiper software were the company’s Active Directory servers, which help manage network security and create a trusted link to systems abroad. If the hackers had waited before attacking these machines, the malware would have made it to Sands’ extensive properties in Singapore and China. Instead, the damage was confined to the US.”

The public attack on Sands’ websites soon followed, with pictures and messages targeted at Adelson as well as “a scrolling list of information about Sands Bethlehem employees that had been stolen in the breach, including names, titles, Social Security numbers, and e-mail addresses.” Oops. Sands estimates that it has spent about $40 million as a result of the attack. That’s roughly the same amount as Adelson’s net worth increased by each day in 2013.

BusinessWeek closed by profiling other major cyber-attacks and relaying that companies are on their own to combat them, as the odds of any firm receiving help from the US Government are slim. As a former director of the CIA and NSA said, “If this would have come across my desk when I was in government, I would have just put it in the outbox.”

Sands properties include The Venetian (Las Vegas), The Palazzo (Las Vegas), Sands Macau (Macau), The Venetian Macau (Cotai Strip), Four Seasons Macau (Cotai Strip), Sands Cotai Central (Cotai Strip), Sands Bethlehem (Pennsylvania), and Marina Bay Sands (Singapore).

Read the five-page BusinessWeek article by clicking here.

Want the latest poker headlines and interviews? Follow PocketFives on Twitterand Like PocketFives on Facebook. You can also subscribe to our RSS feed.


    • What have they got from Hacking the system?

      Apparently lots of sensitive info. I think it was more about sending a message to Sheldon Adelson too.

    • Given Adelson’s loose cannon reputation with saying irresponsible things like nuclear bombs should be dropped on Iran these attacks on his casinos and hotels shouldn’t be surprising.

      I would certainly have second thoughts about staying in his hotels or playing in his casinos for that reason alone. No one wants to chance a terrorist stopping by one of Adelson’s hotels because of something dangerously stupid the guy said.

    • Not a surprise that a guy who doesn’t have a computer because he hates them would be hard to get to spend money on computer security. My buddy sells security software to the white house, homeland security, congress, and others and said how embarrassed Obama was at the technology in the wh when he came into office. (I’m not a fan, just talking tech.) my buddy told them he has been trying for years to get them to upgrade stuff. (There was a hack at the wh after he got in office and things weren’t upgraded yet as they take time but the wheels were in motion finally.)Moral of the story: old people are clueless about technology and see it as a waste of money until they are hacked. Cliffs: Bush’s fault.