68°F
weather icon Clear
Las Vegas, NV
Casinos & Gaming

Russian hackers claim MGM Resorts breach, irritating visitors

Russian hackers claim MGM Resorts breach
A sign warns guests of difficulties with gambling machines following a hack targeted at MGM Res ...
A sign warns guests of difficulties with gambling machines following a hack targeted at MGM Resorts at Luxor hotel-casino on Wednesday, Sept. 13, 2023, in Las Vegas. (Madeline Carter/Las Vegas Review-Journal)
The line to check in at Aria late Wednesday afternoon, Sept. 13, 2023. Staff members were passi ...
The line to check in at Aria late Wednesday afternoon, Sept. 13, 2023. Staff members were passing out complimentary champagne, mimosas, juice and water. (Sean Hemmersmeier/Las Vegas Review-Journal)
Gambling machines are out of service following a hack targeted at MGM Resorts at Luxor hotel-ca ...
Gambling machines are out of service following a hack targeted at MGM Resorts at Luxor hotel-casino on Wednesday, Sept. 13, 2023, in Las Vegas. (Madeline Carter/Las Vegas Review-Journal)
A crowd of people wait to check in with the front desk at the Bellagio on Wednesday Sept. 13, 2 ...
A crowd of people wait to check in with the front desk at the Bellagio on Wednesday Sept. 13, 2023, in Las Vegas.
The MGM Grand sports book reopened Wednesday, Sept. 13, 2023, after being closed the day before ...
The MGM Grand sports book reopened Wednesday, Sept. 13, 2023, after being closed the day before during a cybersecurity event at the casino-resort. However, about half of the kiosks could not take wagers. (Marvin Clemons/Las Vegas Review-Journal)
About half of the slot kiosks show out of service or offline signs at MGM Grand on the Las Vega ...
About half of the slot kiosks show out of service or offline signs at MGM Grand on the Las Vegas Strip during the fourth day of a cybersecurity issue on Wednesday, Sept. 13, 2023. (Marvin Clemons/Las Vegas Review-Journal)
A crowd of people wait to check in with the front desk at the Bellagio on Wednesday Sept. 13, 2 ...
A crowd of people wait to check in with the front desk at the Bellagio on Wednesday Sept. 13, 2023, in Las Vegas.
A sign warns guests of difficulties with gambling machines following a hack targeted at MGM Res ...
A sign warns guests of difficulties with gambling machines following a hack targeted at MGM Resorts at Luxor hotel-casino on Wednesday, Sept. 13, 2023, in Las Vegas. (Madeline Carter/Las Vegas Review-Journal)
More Stories
Demolition work continues on the Tropicana hotel-casino as a crew removes concrete and pavement ...
Tropicana was profitable right up until it closed, landowner says
Smoke free slot area is seen at the Plaza hotel and casino, on Thursday, June 8, 2023, in downt ...
Smoke-free casino advocates take fight to shareholders
The Downtown Grand Hotel and Casino, as seen on Friday, Dec. 15, 2023, in Las Vegas. (Daniel Pe ...
Downtown Las Vegas casino to pay $720K to settle disability discrimination claims
Nevada records first decline in gaming win in 8 months
By / Las Vegas Review-Journal
September 13, 2023 - 11:19 am
 
Updated September 14, 2023 - 4:51 pm

A collaboration of Russian ransomware hacker gangs may have been responsible for MGM Resorts International’s cybersecurity issue that has plagued the company for four days.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.

ALPHV provided the ransomware and the infrastructure and affiliate groups have used it to carry out the attacks, experts said. A group calling itself Scattered Spider is believed to have carried out the attack, according to Brett Callow, a threat analyst for Emsisoft, an anti-malware software company.

MGM has not commented on the cause of the issue, which it hasn’t characterized as a cyberattack.

MGM, the state’s largest employer, has a major presence on the Strip with 10 resorts under its control. In addition to hosting thousands of visitors each night, MGM properties are major destinations for conventioneers with its Mandalay Bay Convention Center and sports fans with affiliations with multiple arenas, including T-Mobile Arena.

Some Cosmopolitan of Las Vegas employees who asked for anonymity said they’ve been told by supervisors that the outage could take seven to 10 days to resolve.

Meanwhile, a report published Wednesday said another casino giant, Reno-based Caesars Entertainment Inc., also was hacked in late August.

Bloomberg reported that Caesars paid millions of dollars in ransom after being cyberattacked by a group known as Scattered Spider or UNC 3944. The report said Caesars would soon issue a regulatory filing addressing the incident.

Another Las Vegas resort, Westgate Las Vegas, experienced some computer issues in mid-August, but it turned out that a construction crew had sliced through a fiber-optic cable, rendering some computer systems inoperable. A Westgate spokesman said systems were back online within 24 hours.

SEC filing

For MGM, the incident was financially material enough for the company to issue a Securities and Exchange Commission filing late Tuesday, which didn’t elaborate on the cybersecurity issue.

Companies generally disclose material information on the SEC’s Form 8-K, a report to announce major events shareholders should know about.

The SEC recently approved new cyber disclosure rules that require companies to disclose hacking and data loss circumstances, but those rules don’t take effect until the end of the year so MGM is not obligated to provide more information.

In addition, the major American credit rating institution Moody’s Corp. indicated the incident could negatively affect MGM’s credit rating because it said the attack showed “key risks” within the company.

MGM shares, traded on the New York Stock Exchange, fell 52 cents or 1.2 percent to $41.47 a share in average volume trading Wednesday. Since Monday, MGM’s stock price has fallen $2.74 a share, a 6.2 percent decline.

The financial and reputational damage to MGM has been extensive and experts believe the company may be losing millions of dollars as a result of the outage.

With computer systems offline, MGM has not been able to use the technological advantages it maintains over some other companies.

Since the incident occurred Sunday, the company has been directing customers seeking hotel reservations to call properties directly because the online reservation system is inoperative.

Hotel check-ins nationwide are offline resulting in front-desk personnel checking people into their rooms manually. Because the MGM app that enables customers to enter their rooms is down, front-desk personnel have issued key cards for room access.

Some slot machines that use “ticket in-ticket out” technology aren’t functioning, requiring slot runners to pay out slot machine balances manually. The company reportedly took some slot machines offline because they didn’t have enough employees to pay machine balances manually. Some retail outlets and restaurants have not been able to manage credit card transactions and on-property ATMs are not able to dispense cash.

Sportsbooks at MGM Grand and New York-New York were closed earlier in the week, but have reopened, although about half of the automated kiosks remain offline and can’t take wagers.

Properties haven’t been able to collect parking garage revenue because those computerized systems aren’t working.

Customers experience issues

The scene at Aria on Wednesday afternoon was typical of other MGM Strip properties.

While parking is typically only free for Nevada residents, parking at Aria was free for all on Wednesday afternoon. An attendant waved in cars that entered the parking lot.

The line to check in at Aria started to grow in the late afternoon, with staff members handing out complimentary champagne, mimosas, juice, soda and water.

Ayelsha Murphy, 35, waited with several large bags for her husband, Heerak, 35, to check in to the Aria for about a half-hour midafternoon Wednesday and wasn’t happy with the situation.

The couple is visiting the western United States from London and drove from Southern California for a three-day stay in Las Vegas.

“We walked at least a mile though the back parts of the hotel to get here,” Murphy said, with a complimentary pink champagne drink in her hand.

The couple heard about the issues at MGM properties on Monday but didn’t consider booking another hotel since they had prepaid for their stay at the Aria.

“It is what it is, I just hope they get on with it and get these cybersecurity issues fixed,” Murphy said.

Murphy also said a car rental return center at Aria was closed Wednesday.

Patsy Byrd, 69, and Rosanne Barrows, 69, were sitting at out-of service slot machines in the Luxor casino late Wednesday afternoon. They have been on vacation since last Thursday, traveling from Greensboro, North Carolina and to celebrate Byrd’s and another friend’s birthday over the weekend. They decided to stay a few extra days to enjoy the city, but they wished they hadn’t.

“We could’ve gone home and saved a lot of money,” Byrd said.

The pair said they spent Monday away from the Luxor and didn’t notice any issues right away and MGM Resorts didn’t formally notify them of any problems. But Burrows said the first indication they got was when they walked past the lobby and it was unusually crowded and seeing all the out-of-order slot machines.

The pair like to gamble while in Las Vegas but say the issues have been disruptive.

“The whole process has changed and you may have to leave money in the machines since you have to wait for someone to come over,” Burrows said. “If it’s under a dollar you may as well just leave it and where does that money go.”

The pair said they looked into moving hotels and went to the Excalibur but found the same issues as the Luxor.

How hackers got in

The alleged hackers reportedly gained access to MGM systems after a phone call.

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” vx-underground posted on X. “A company valued at $33.9 billion was defeated by a 10-minute conversation.”

“The threat actors themselves” provided this information, according to vx-underground, which describes itself as the largest collection of malware source code, samples and papers on the internet.

“The comments made to VXU do not sound at all improbable,” Callow said in an email. ALPHV is “not an unlikely suspect — but the fact the comments were made at all is a little peculiar.”

“Cybercriminals typically don’t discuss attacks until they’ve given up on being able to monetize them,” he wrote. “This is mainly because they want their targets to have the option to pay to make the problem go away as quickly and as quietly as possible.”

MGM issued a statement late Tuesday reiterating most of its comments made since Monday, a day after multiple systems failed, including those for room and restaurant reservations, mobile app room access, company email and some networked slot machines.

“MGM Resorts recently identified a cybersecurity issue affecting certain (number) of the company’s systems,” the company’s latest statement issued from a Gmail account said.

“Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts,” the statement said. “We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to resolve the matter. The company will continue to implement measures to secure its business operations and take additional steps as appropriate.”

On Tuesday, the Las Vegas field office of the FBI affirmed it is investigating the matter. Representatives of the U.S. Department of Homeland Security, which investigates cyberterrorism and other terrorist activity, referred a reporter to MGM.

Government leaders in the loop

Nevada elected officials have been monitoring the incident involving MGM.

“We’ve reached out to MGM and are monitoring the situation and response closely,” a representative of the office of Rep. Dina Titus, D-Nev., said Wednesday. “The attack highlights the emerging threat of cyberattacks to the gaming industry and businesses in Southern Nevada and across the country.”

Titus heads the House’s gaming caucus.

The office of Sen. Jacky Rosen, D-Nev., added, “Sen. Rosen has been closely monitoring the situation and she’s been in touch with MGM leadership, as well as federal law enforcement.”

Gov. Joe Lombardo, a former Clark County sheriff, also is keeping an eye on the situation.

“Gov. Lombardo and the Nevada Gaming Control Board are monitoring the cybersecurity incident with MGM Resorts and are in communication with company executives,” Lombardo spokeswoman Elizabeth Ray told the Review-Journal. “Additionally, the Nevada Gaming Control Board remains in communication with other law enforcement agencies.”

Contacted Wednesday afternoon, the Gaming Control Board said it would have no additional comments about the incidents involving MGM and Caesars.

Contact Richard N. Velotta at rvelotta@reviewjournal.com or 702-477-3893. Follow @RickVelotta on X. Review-Journal reporters Sean Hemmersmeier and Mary Hynes contributed to this report.

MOST READ
1
Taylor Swift returns to Las Vegas Strip; album rockets to No. 1
Taylor Swift returns to Las Vegas Strip; album rockets to No. 1
2
VICTOR DAVIS HANSON: Iran’s muscle flexing turns into the country’s nightmare
VICTOR DAVIS HANSON: Iran’s muscle flexing turns into the country’s nightmare
3
A closer look at all 8 players drafted by the Raiders
A closer look at all 8 players drafted by the Raiders
4
Fatal hit-and-run crash kills man near 215 Beltway in Summerlin
Fatal hit-and-run crash kills man near 215 Beltway in Summerlin
5
Tropicana was profitable right up until it closed, landowner says
Tropicana was profitable right up until it closed, landowner says
THE LATEST
Smoke free slot area is seen at the Plaza hotel and casino, on Thursday, June 8, 2023, in downt ...
Smoke-free casino advocates take fight to shareholders
By McKenna Ross / RJ

Shareholder proposals are pushing Las Vegas casino operators like Caesars Entertainment and Boyd Gaming to study the business impact of smoke-free casinos.

 
Do Nevadans support smoke-free casinos? New poll gives insight
By McKenna Ross / RJ

A new poll looks at whether voters would support a potential law that made all workplaces in Nevada, including casinos, completely smoke free while indoors. Unions also weigh in.