Biggest Las Vegas Casino Network hacked by Iranian Hackers

Iranian hackers used a 150 line code to wipe out the entire network of Sands Corp

All that majority share owner of the Las Vegas Sands Corp. did was to call upon United States to nuke Iran to stop its nuclear program and what he got in return would become the worst nightmare for him, his company and other stakeholders.

Las Vegas Sands Corp. is a casino operating company, which operates some of the biggest casinos in the world on Las Vegas Strip like Sands, Venetian, and Palazzo hotels and casinos.  And Sheldon Adelson owns 52 percent of the Las Vegas Sands Corp. and a Israeli resident. In October, 2013, while making a appearance on a panel at the Manhattan campus of Yeshiva University, he called for a nuclear attack on Iran to get the country to abandon its own nuclear program according to Bloomberg Businessweek.

“What I would do,” he said during the panel, rather than negotiating, “would be to say, ‘Do you see that desert over there? I want to show you something.’ You pick up your cell phone and you call somewhere in Nebraska and you say ‘Ok let it go.’…Then you say, ‘See? The next one is in the middle of Tehran.”  In reply to Sheldon’s speech, the Iran’s  Supreme Leader Ayatollah Ali Khamenei asked the US government to  “slap these prating people in the mouth and crush their mouths,” in a fiery speech.

Three months later, the Iranian hackers struck his company, Las Vegas Sands Corp’s network and wiped  its contents, shut down its hard drives and email servers and phone systems.

“Unbeknownst to Sands, one month after Khamenei’s fiery speech, hackers began to poke around the perimeter of its computer networks, looking for weaknesses. Only later, after the attack, were investigators able to sift through computer logs and reconstruct their movements. These details appear in internal documents describing “Yellowstone 1,” the company’s code name for the incident, and have been corroborated in interviews with a half-dozen people familiar with the breach and its aftermath. Ron Reese, a spokesman for Sands, declined to answer specific questions about the attack or to make Adelson available.”

Inspired by his fiery speech, the cyber warriors of Iran started probing the Casino Networks weaknesses and launched a brute force attack on Jan. 8, 2014, on Sands Bethlehem, a 3,000-slot-machine casino and resort in Bethlehem, Pennsylvania which has its own website and computer network. From there the hackers launched their first attack into the main Sands Bethlehem virtual private network, or VPN, which gives employees access to their files from home or on the road.

After probing and prying at other Sand Corp. networks, the hackers found a weakness in the Web development server used by Sands Bethlehem on Feb. 1.  This server was used by the Casino to review and test their web pages before publishing them. They breach this Microsoft IIS development and staging server and used a open tool called mimikatz to obtain usernames and passwords. After a lot of probing, they found the credentials of a senior systems engineer.  Now the entire Las Vegas Sands Corp. network was accessible to the hackers. They then compiled a 150 lines long malware in Visual Basic to wipe out the computer and steal the details at the same time ala Sony hack attack.

“The malware written by them is so powerful that it Not only does it wipe the data stored on computers and servers, but it also automatically reboots them, a clever trick that exposes data that’s untouchable while a machine is still running. Even worse, the script writes over the erased hard drives with a random pattern of ones and zeros, making data so difficult to recover that it is more cost-effective to buy new machines and toss the hacked ones in the trash.”

Las Vegas Sands Corp. immediately called in Dell SecureWorks to investigate and clean up the after effects of hack attack. Dell SecureWorks said that the hack attack most likely belonged to “hacktivists” based in Iran  and were in no way connected to the Iranian government.

The hackers apparently took control of all Las Vegas Sands Corp network and stole almost all important files and information the network held but luckily for the Sands Corp. they couldnt breach the IBM mainframe or else the guest at the Sand Corp. hotels woulnt have managed even to open their hotel rooms with the swipe cards.

They then turned their eyes on the Sand Corps websites  which were hosted by a third party and still up and running at that point of time.  The hackers defaced them, posting a photograph of Adelson chumming around with Netanyahu, as well as images of flames on a map of Sands’ U.S. casinos. At one point, they posted an admonition: “Encouraging the use of Weapons of Mass Destruction, UNDER ANY CONDITION, is a Crime,” signing it “Anti WMD Team.” The hackers left a message for Sheldon also, the message read, “Damn A, Don’t let your tongue cut your throat.”

Dell SecureWorks and Las Vegas Sands Corp are still tallying the damaged caused by the hackers.  The hackers may have wiped out almost three-quarters of the company’s Las Vegas computer servers. The Company has estimated that this hack attack may cost it around $40 million or more.

Bloomberg Businessweek has posted a 5 page long article on this hack attack detailing each and every move that the hacker made.  You can read the entire article here.

Resource : Ars Technica

LEAVE A REPLY

Please enter your comment!
Please enter your name here