Anyone can fall victim to cybercrime, but hackers have zeroed in on some large targets in Las Vegas: hotel and casino establishments.
Data breaches reported twice at the Hard Rock hotel and casino and Affinity Gaming over the past few years and a major cyber attack on Las Vegas Sands in 2014.
“What companies don’t want, is they don’t want to be the head, the headline of the newspaper. They don’t want to be on the news about losing customer data because that affects the trust in their brand,” said Jonathan Narveson, managing director, Accenture.
The I-Team reached out to the affected businesses to find out more about their responses to the attacks and other casino properties in southern Nevada to find out how they’re trying to protect customer information. None would agree to any interviews or make an official comment.
“Nobody wants to show where they’re weak,” Narveson said. “And I think that’s one of the problems that we have in terms of responding to cybersecurity threats.”
Naveson is a managing director at Accenture, a global company which helps businesses with technology.
“Whether you’re talking industry-wide in banking, in insurance, in casinos, across the board, cybercrime is a very existential threat to the livelihood of those firms,” he said.
Turns out Iranian hackers may have been to blame for the attack against international gaming giant Las Vegas Sands.
The Venetian and Palazzo websites were taken down and employee personal information was stolen, according to Bloomberg, damage was estimated at $40 million.
“We see it from the cyber activists who want to make a demonstration or even the lone wolf kind of thing where it’s you know, the old classic college guy in a bedroom, in his basement who’s doing the attacks,” Narveson said.
However, arresting the hackers rarely happens.
“How many we can actually get our hands on, that’s become harder and harder because the nature of the Internet is such that you know every corner of the world can attack anyone anywhere else so Vegas isn’t immune to that.
Supervisory Special Agent Adam Pranter runs the FBI cyber squad in Las Vegas. He says cyber attacks have cost businesses in the valley millions and the I-Team has learned that’s for a variety of reasons.
Reporter Vanessa Murphy: “Are companies paying ransom to hackers?”
FBI Special Agent Adam Pranter: “I believe some companies are paying ransom to hackers. Yes.”
Vanessa Murphy: “Under the FBI’s suggestion?”
Adam Pranter: “We never, we never advise companies on whether they should or shouldn’t pay ransom. we, well, let me put it this way. We advise that they not pay ransom you know for the same reason we don’t want to keep that — because they’re making money off these — we don’t want to keep that organization having money.”
Often, hackers will lock information until digital currency is transferred in a nearly untraceable way and when a company’s livelihood is threatened, well they send the money.
Vanessa Murphy: “Have any of your local clients paid ransom?”
Troy Wilkinson: “Yes.”
Wilkinson runs Axiom Cyber Solutions which provides security for businesses in Las Vegas and across the country.
“We never recommend paying the ransom simply because we’re going to encourage this behavior and if you pay the ransom, then the hackers are going to find a way to monetize and they’re going to keep coming,” he said.
The businesses end up funding the enemy and since there’s no requirement to report any attack or whether ransom is paid, the problem is difficult to get ahold of and fight.
“It’s difficult for me as well to quantify a lot of what is going on out there,” Pranter said.
The head of the Nevada Gaming Control Board would not agree to an on camera interview but he said, so far, no cyber attack at a casino property has affected gaming operations and businesses are encouraged to report any attacks, but again they are not required.
“It’s the perfect storm of hackers having the ability to take advantage of open vulnerabilities,” Wilkinson said.