Casinos

Casinos By Status

Popular Filters

By Banking Options

Games

All Games

Bonuses

Popular Bonus Filters

Forums

Popular Forums

Forum User Features

Complaints

Submit A Complaint (PAB)

PAB Rules and Guidelines

Browse PABs

Gambling News

Popular News Sections

About Us

About Us

external image

MGM Resorts subject of a cybersecurity incident

News Hound

News Hound

Casinomeister News
CAG
MM
Shield Meister PAB Experienced CM Veteran (5yr+)
Joined
Feb 15, 2019
We’re in Vegas at the moment, apparently it’s affecting all MGM properties worldwide. Slots are off and people struggling to check in etc!

Local rumour says Caesars also got hacked but they paid the ransom! Who knows.
 
Webzcas said:
Crikey Mark, I take it you are not staying there?? I hate queues at the best of time, but if that was the queue to check in at a hotel I had booked, I think I would find another!

Although I do like the arrangement of glass flowers? on the ceiling directly above the check in desk, dentists take note!
Click to expand...
We were in Caesars so not affected thankfully. No surprises that our hotel got pretty busy on the back of it, they must be losing a fortune!
 
Mark_Lottomart said:
Local rumour says Caesars also got hacked but they paid the ransom! Who knows.
Click to expand...
Yes, I've also heard this from someone in Vegas - very interesting if so! The hacker group I believe, who've claimed responsibility, are from Russia last time I checked.
 
Lemon said:
Looks pretty bad doesn't it? They'll probably try to recoup their losses by jacking prices up even higher and having 1/1 Blackjack and quintuple-zero roulette...

Don't they have self-service check-in terminals at the Bellagio?
Click to expand...
Just from what I've seen personally, mainly first-hand accounts on Twitter, it does look like they're hiding a lot of what's been going on, saying everything is fine when it's not, etc. And I think the next worry is what information has been compromised! Quintuple-zero Roulette though, don't give them any ideas...
 
According to Sky News as at 11:26am KT ( King Time ) this morning, the MGM Resorts Group is still enduring this attack, which does sound like a ransomware attack.

@Mark_Lottomart any further news from the ground on this for us?

From the Sky News article, which you can read here:
You do not have permission to view link Log in or register now.


"Hotel booking systems and casino slot machines at one of America's biggest hospitality firms remain paralysed three days after it first acknowledged a significant cyberattack.

MGM Resorts has seen its share price decline by more than 6% and the incident is being investigated by the FBI."

Additionally other casinos and casino groups have been warned by authorities to be extra vigilant.
 
Last edited:
Whilst the MGM website now seems operable since late last night KT ( King Time ), there is still news filtering out about how deep this attack is and whether it is still ongoing. One report I have seen is a statement from the people responsible for the attack, but I am looking to find additional sources to verify its authenticity.

It does state though that they gained access to MGM's exsi hypervisor. It also alludes to the fact that they utilise Microsoft Azure cloud hosting solution.

I am aware of an issue with VMWare and exsi, whereby a known exploit was identified several months ago with VMWare offering a patch. This exploit, could allow someone to inject ransomware. Further info on this:
You do not have permission to view link Log in or register now.
.

So it could possibly be the MGM's IT team didn't apply the security update. If however, I find out more including whether the statement from the people behind the attack that I have seen is authentic, I will post in this thread.
 
Ok some more on this, Reuters is reporting the following:

The Scattered Spider hacking group said on Thursday it took six terabytes of data from the systems of multi-billion-dollar casino operators MGM Resorts International
You do not have permission to view link Log in or register now.
and Caesars Entertainment
You do not have permission to view link Log in or register now.
as both companies probed the breaches.

Speaking to Reuters via the messaging platform Telegram, a representative for the group said it did not plan to make the data public, and declined to comment on whether it had asked the companies for ransom. "If MGM wish to release that information they will. We do not do that," the person said.
Click to expand...

Additionally I have been given this below, however, have yet to see an independent source linking to this statement, so as of yet, not sure if indeed it is authentic:

1694736189655.webp
 
What a mess! Just goes to show how much trust we put into massive corporations like MGM etc. not to get exploited. If it's online, it can get hacked at some point either through small ransomware groups - or beligerant governments like Russia, N.K.,or Iran. Just image how many lives would be turned upside-down and businesses destroyed with Google being hacked. Most everyone is using the "cloud" (which is technically someone else's computer) or free email accounts (if it's free - you are the product).

Blind faith and trust - and there is no getting around it unless you are willing to go off the grid.
 
15 million paid! Yes, that'll stop them.

I have a solution for this. How about making a mechanical slot machine with actual reel sets that are not powered by a computer chip?

Revolutionary, I know.

They could even get rid of the electronic spin button with, I dunno, a long metal arm with a ball on the end or something.
 
bamberfishcake said:
15 million paid! Yes, that'll stop them.

I have a solution for this. How about making a mechanical slot machine with actual reel sets that are not powered by a computer chip?

Revolutionary, I know.

They could even get rid of the electronic spin button with, I dunno, a long metal arm with a ball on the end or something.
Click to expand...
I can imagine the size of these machines to hold the millions of cash to pay out!
 
Mark_Lottomart said:
I can imagine the size of these machines to hold the millions of cash to pay out!
Click to expand...
Oh, that is a stumbling block.

How about keeping the cash in a secure safe somewhere? That way, when somebody wins, I dunno, let's say a $Million Jackpot, the casino staff can get the cash from the safe.

I would be inclined to use a safe that is not connected to the internet though, with real money, and not digital cash - progressive, eh?

How about a safe designed with mechanical gears only? Yes, that'll work.
 
bamberfishcake said:
I would be inclined to use a safe that is not connected to the internet though, with real money, and not digital cash - progressive, eh?
Click to expand...
A real money progressive that isn't tracked digitally? That'll take some work... (sorry ?)

One of the problems of 24/7 news is they'll jump on any updates, and often skip the necessary steps to validate the authenticity to be first to air. The Financial Times talking about 'spitting out money from slot machines' is a curious one given most machines are TITO (ticket in, ticket out) and any cash goes to the bottom which is secured by physical locks - so the only mechanic there would be spitting out tickets and that seems like an awful lot of work for a cheap publicity stunt. It might be possible for ticket redemption machines or ATMs, but again it's pocket change compared to what they're demanding.

I might give them a bit more leeway if the story sounded credible, but it doesn't!
 
Easy to overcome if you make the Jackpot payout at a certain level, like the Hot Mode used in these software versions.

When the mechanical safe is near-full, the croupiers walk the floor handing out a raffle ticket to each punter. Then, you get a machine that is full of numbered balls, a mechanical device, which spits out one ball. The winner of the progressive jackpot is the bettor with the matching ticket.

There you have it - an unhackable, efficient and effective way to offer a progressive jackpot, without running the risk of being hacked because it is tech-free.
 
Why stop there?

Why not just convert MGM into barns, where prizes are guarded by Templars? Punters would walk in to the establishment bringing their gambling funds, such as, I dunno, chamber pots, bale, livestock etc

Maybe even spindles, if feeling particularly flush!

Jackpots would comprise of marrying one of the king's daughters, which could be traded for an alternative prize if unable to collect, say, a washtub or fancy hat?

That'll teach those f***ing hackers wouldn't it!
 
What hackers?! Good idea @goatwack

On a more serious note, which I feel I need to state after derailing the thread so much with my inspirational advances in cyber-security, has the rumour of a 2-mill payout been confirmed? Seems a dangerous game to play to give in to ransom demands.
 
Last edited:
bamberfishcake said:
When the mechanical safe is near-full, the croupiers walk the floor handing out a raffle ticket to each punter. Then, you get a machine that is full of numbered balls, a mechanical device, which spits out one ball. The winner of the progressive jackpot is the bettor with the matching ticket.

There you have it - an unhackable, efficient and effective way to offer a progressive jackpot, without running the risk of being hacked because it is tech-free.
Click to expand...
Almost like you've missed the most hackable thing of all... the social engineers will love you! Which incidentally is how they got in - social engineered the help desk to get access to an identity account.

goatwack said:
Jackpots would comprise of marrying one of the king's daughters, which could be traded for an alternative prize if unable to collect, say, a washtub or fancy hat?
Click to expand...
Puts a new meaning to "not tonight Josephine" - but man, that washtub takes a double load, the maid will be so happy!

At least the colosseum will be more of a match-up than most boxing matches held in Vegas in the past decade ?
 
bamberfishcake said:
On a more serious note, which I feel I need to state after derailing the thread so much with my inspirational advances in cyber-security, has the rumour of a 2-mill payout been confirmed? Seems a dangerous game to play to give into ransom demands.
Click to expand...
Not seeing any coverage of that yet - so either it's breaking news, or it's unverified. Caesars was rumoured to have paid $15m, or half of the demand.
 
Yes, I'd read about Caesars' payment a couple of weeks back, to prevent something similar :eek2:

Not sure what precedent that sets, or if it's just a calculated business decision compared to the losses they would have incurred, but still.

You'd think these, of all places, would have near-foolproof cyber security set up, to allay incidents such as these. Or simply a business resting on its laurels not wanting to spend the necessary millions, seeing it as having been 'good enough'?

Was it also not the case that either the MGM or Caesars' cyber experts actually managed to make the situation worse, through a series of technical blunders? Don't know the full context, but one could say it turned out to be.....'costly'.....
 
goatwack said:
You'd think these, of all places, would have near-foolproof cyber security set up, to allay incidents such as these. Or simply a business resting on its laurels not wanting to spend the necessary millions, seeing it as having been 'good enough'?
Click to expand...
The problem is that you get into a realm where the cost of that extra few percent grows exponentially, same with software as a whole. Hobbyist software is cheap and cheerful, professional software costs a bit, business-critical software takes longer to develop and costs more, mission-critical (risk to life) takes an eternity to develop and costs a fortune.

The bad guys only have to succeed once, the good guys have to defend the fort every single time... it ultimately comes down to a numbers game.

Additionally, for every "step" you add here - it's a step your staff have to deal with as well as intruders... and you'll get to the point you won't just keep the bad guys out but you'll keep the good guys out too! Or your staff get tired of jumping through the extra hoops and start taking shortcuts (e.g. writing down passwords on post-it notes, as we've seen in the past).
 
The conspiracy threads are going on about how the F35 that went down in South Carolina might have been hacked. Nation might get jittery in a hurry if glitches start spreading. .
 

Attachments

  • Screenshot 2023-09-19 092138.webp
    Screenshot 2023-09-19 092138.webp
    29 KB · Views: 122
Ah yes I heard that. The Full Spectrum Survival channel on YouTube covered that in the early hours. Brad was loving it, helping his grift no end lol

The reason they couldn't see it on radar, is because it is a STEALTH airframe LOLOLOL. Not because a Chinese or Russian hacker took over the controls and flew it to Beijing or Moscow ?

But they have subsequently found the debris field of where it ended it.
 


Write your reply...

Similar threads

News Hound
MGM Resorts proposed acquisition of LeoVegas Group given green light
Replies
1
Views
868
maxd
maxd
Nate
Must Read The 'Not on GamStop' Industry Has a Body Count
Replies
4
Views
264
Mr Shine
Mr Shine
Webzcas
Must Read Novomatic to acquire Ainsworth
Replies
5
Views
358
slotmaster
slotmaster
Webzcas
Must Read Next Phase of Growth at Lottomart
Replies
7
Views
311
andysbetting1187
A
Webzcas
Must Read UKGC take Regulatory Action against Aspire Global
Replies
10
Views
729
kammy9933
K

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)

Accredited Casinos

Read about our rating system and how it's done.
Back
Top