Las Vegas police arrested a teenage suspect who is believed to be responsible for a series of cyberattacks that targeted casinos in the area, stripping them of at least $800 million.
In a statement, the Las Vegas Metropolitan Police Department (LVMPD) said that the suspect, a teenage boy, was accused of multiple charges. These include extortion and unlawful acts involving a computer for a "sophisticated cyber crime" in 2023.
Teenager Arrested for Hacking Las Vegas Casinos
Financial filings revealed that the hacking attacks resulted in Caesars Entertainment losing sensitive customer data. MGM Resorts International properties also experienced significant operational disruptions.
Police said that several Las Vegas casinos were targeted from August to October 2023 by an "organized cyber threat-actor group." They allegedly used names such as "Scattered Spider," "Octo Tempest," "UNC3944," and "oktapus."
Additionally, authorities confirmed that the Federal Bureau of Investigation's (FBI) Las Vegas Task Force was the one that identified the suspect. Following the development, MGM Resorts International did not comment, and neither did Caesars Entertainment, according to USA Today.
Read more: New Jersey Middle School Teacher Arrested Over Possession, Distribution of Child Pornography
The teenager's arrest comes nearly a month after Nevada's public services became the victim of another cyberattack. State Gov. Joe Lombardo said that the "network security incident" took place on Aug. 25 and prompted officials to isolate and take some systems offline to contain the threat.
Lombardo also gave an update on the situation on Sept. 12, saying that no evidence was found that Nevadans' personal information was compromised in the attack. The governor said that "This kind of recovery is never easy," noting that it requires patience, precision, and constant vigilance.
A Relatively Simple Method
The suspect in the series of cyberattacks was identified as a 17-year-old from Illinois, who appeared in juvenile court earlier this month. The teen's attack method was relatively simple but effective. He and his accomplices reportedly used social engineering, specifically "vishing" or voice phishing, Acronis reported.
They use this method to impersonate employees and gain access to the victim casinos' internal systems. There is no sophisticated coding required with this kind of attack, and it only needs an individual with the ability to convince help desk staff that they are legitimate employees who need access.
Some of the effects of the cyberattacks on the casinos include hotel key cards and slot machines being disabled, and bookings being blocked. Additionally, employees were also locked out of their emails.
The LVMPD said that amid their investigation, the teenage suspect "surrendered himself" to the Clark County Juvenile Detention Center, as per People.
