CYBER WRANGLING
Cyberattacks make for some interesting potential outcomes for casinos
By Frank Legato
I’ve been reading all I can about last month’s cyberattack on MGM casinos. I wrote about it in my column this month for Global Gaming Business, but for that article, my deadline was, like, right after it happened, so the information that had been released was sketchy at best.
All the initial reports I read confirmed that reservation systems were down, and people had to sign in for their rooms, writing their credit card numbers down so their folio could be resolved when the systems were back up. It was one step ahead of actually having to sign a hotel register like in the old days. The first accounts said digital key cards were disrupted, but none of them said clearly how people got into their rooms. They revealed that payment systems were disrupted, so restaurant outlets were cash only.
As you can imagine, this all led to a hilarious sequence in my column, which, like this one, is a goofy humor column that happens to involve casinos. I imagined crawling through an HVAC duct to my room, and then going to the Wolfgang Puck restaurant and paying Wolfgang in person, in cash, for my meal.
Subsequent reports came out in the week that followed. It turns out customers generally were issued physical room keys—the keys normally used by security to get into rooms. Although, for the life of me, I can’t think of the last time I saw a keyhole on a hotel room door. I wonder if there’s a secret panel somewhere. (Too bad there aren’t transoms on doors anymore. That would solve everything.)
The initial reports did say that there were a lot of slot machines that were either disrupted or inactive because of the attack, but an article in the Financial Times revealed that the slot machines were the original main target of this group of cybercriminals, who call themselves the Scattered Spider. They’re divided into “Spider-1,” “Spider-2” and “Spider-3,” and they’re, you know, scattered all over the place.
They’re a ransomware group, younger than most of your cybercriminals, with a lot of native English speakers. (The other big groups are Russians.) The Financial Times article cited a source that said he represented the Spiders (hey, didn’t they sing “Tennessee Slim?”), detailing that the group originally planned to manipulate the software on the slot machines and then “recruit mules to gamble and milk the machines.”
I wonder how you get a job as a slot-machine mule. Do you think they recruit through Indeed? Actually, I was a slot-machine mule for years, but it involved me delivering big loads of my personal money directly to the casinos through their slot machines. In this scenario, the mules would milk the machines, not the other way around.
Anyway, whatever code-writing or software manipulation or electronic hoodoo they tried, it didn’t work. Evidently, the machines’ cybersecurity software canceled their little party. So, they turned their attention to a ransomware attack on MGM.
What I find remarkable about these outfits is that they claim they’re helping casinos in the process. According to the Financial Times piece, the Spider guy actually said when ransomware victims pay the ransom to halt the attacks, they’re helping the whole industry.
“When a company is infected with our ransomware [and chooses to pay] the ransom, we help better their security so this doesn’t become a continuous problem down the line,” the report quoted the Spider guy as saying.
That’s like robbing a bank and claiming it’s in the name of helping the banking industry avoid similar robberies. It’s like sticking a gun in someone’s ribs and taking his wallet, and telling the guy you should be thanked because now he knows better to watch out for guys like you. It’s like…
I have other analogies, but let’s move on.
My suggestion to casinos, in my other column and in this one, is to create a totally old-timey casino adjacent to the regular one. The restaurants would have antique cash registers (including “No Sale”) (older readers will get that), the hotel would have nice, leather registration books, and the slot machines would be all mechanical-reel games (OK, maybe a bunch of the original Player’s Edge video poker games too).
Then, if the Spiders come, you just switch to the old-timey casino-hotel. It will be like going back in time.
Problem solved. And in a fun way.
I’m still going to look into the slot-machine mule thing, though.