autotldr@lemmings.world
on 16 Sep 2023 18:05
nextcollapse
This is the best summary I could come up with:
LAS VEGAS (AP) — A persistent error message greeted Dulce Martinez on Monday as she tried to access her casino rewards account to book accommodations for an upcoming business trip.
Unsettled by the thought of what other information the hackers may have stolen, Martinez, a publicist from Los Angeles, said she signed up for a credit report monitoring program, which will cost her $20 monthly.
The situation entered its sixth day on Friday, with booking capabilities still down and MGM Resorts offering penalty-free room cancelations through Sept. 17.
Tony Anscombe, the chief security official with the San Diego-based cybersecurity company ESET, said it appears the invasions may have been carried out as a “socially engineered attack,” meaning the hackers used tactics like a phone call, text messages or phishing emails to breach the system.
“Security is only as good as the weakest link, and unfortunately, as in many cyberattacks, human behavior is the method used by cybercriminals to gain the access to a company’s crown jewels,” Anscombe said.
As the security break-ins left some Las Vegas casino floors deserted this week, a hacker group emerged online, claiming responsibility for the attack on Caesars Entertainment’s systems and saying it had asked the company to pay a $30 million ransom fee.
The original article contains 636 words, the summary contains 209 words. Saved 67%. I’m a bot and I’m open source!
CookieJarObserver@sh.itjust.works
on 16 Sep 2023 18:17
nextcollapse
Corporations are just mafias with a bigger payroll
Hiccup@lemmy.dbzer0.com
on 16 Sep 2023 18:44
collapse
They don’t operate in good faith and take advantage of people. Fuck them. Good on the hackers/thieves. Nobody is crying that casinos lost money.
WeDoTheWeirdStuff@kbin.social
on 16 Sep 2023 19:15
nextcollapse
But it sucks for all the people who have had their info stolen.
stephen01king@lemmy.zip
on 17 Sep 2023 02:14
collapse
While I’m not crying over casinos losing money, I don’t agree with praising the hackers, either. Stealing from the bad doesn’t automatically make you good.
Hopefully the hackers use the money for something that benefits a lot of people.
RubberElectrons@lemmy.world
on 17 Sep 2023 15:18
collapse
Meh, Robin hood.
excel@lemmy.megumin.org
on 16 Sep 2023 18:32
nextcollapse
If you think they had impenetrable security before this, I’ve got some bad news for you…
Kalkaline@programming.dev
on 16 Sep 2023 19:18
nextcollapse
I would hope a company handling the volume of money like casinos do, would at least have small regional bank level cyber security.
SpaceNoodle@lemmy.world
on 16 Sep 2023 19:27
nextcollapse
Meanwhile, small regional banks have their entire database in a single FoxPro file with the password on a post-it on the monitor
SmoothLiquidation@lemmy.world
on 16 Sep 2023 20:34
nextcollapse
I have had national banks tell me I can’t use a space in my password.
SpaceNoodle@lemmy.world
on 16 Sep 2023 22:20
collapse
What’s worse is when they call you on the phone to tell you.
DLSchichtl@lemmy.world
on 17 Sep 2023 16:28
collapse
I work with a lot of banks; local, regional, and national. Lemme tell you, the local banks have some of the most difficult security I’ve had to deal with, from an IT standpoint.
SpaceNoodle@lemmy.world
on 17 Sep 2023 17:00
collapse
Except for the specific one I was referencing.
MajorHavoc@lemmy.world
on 17 Sep 2023 12:52
collapse
would at least have small regional bank level of cyber security
Lol. Nice.
Alex Trebeck: Casinos and small regional banks have this in common.
What is “enough money to pay to down-play their cyber breeches?”
<img alt="they’re the same picture" src="https://cdn.eldeforma.com/wp-content/uploads/2020/08/theyre-the-same-picture-pam-the-office-meme-1536x871.png">
altima_neo@lemmy.zip
on 16 Sep 2023 20:32
collapse
Right who the heck thinks that this day in age? Given for frequently everything gets hacked
HellAwaits@lemm.ee
on 16 Sep 2023 18:54
nextcollapse
Did people think casinos had impenetrable cyber security??? On what reasonable basis?? People will literally believe anything these days.
cmbabul@lemmy.world
on 16 Sep 2023 19:01
nextcollapse
No but casinos historically have had a reputation for having an extremely tight normal security operation because of all the money they handle. It’s why the target in Ocean’s 11 was a Vegas casino. May not have any basis in fact but that’s where the assumption comes from
sethboy66@kbin.social
on 16 Sep 2023 19:41
collapse
No, this is the media conflating the publics perception of physical security and cybersecurity to make a story. If you ask an average person how hard it is to steal money from a casino they'd say it's next to impossible, but if instead you asked them how hard it was to hack their attached hotel's booking system they'd say they had no idea.
chaogomu@kbin.social
on 16 Sep 2023 21:19
collapse
Apparently, all it takes is a single call to the helpdesk.
Varyk@sh.itjust.works
on 16 Sep 2023 19:11
nextcollapse
The public perception of impenetrable casino security?
I saw ocean’s 11.
mykneedoesnthurt@kbin.social
on 16 Sep 2023 23:14
collapse
Actually you would be very surprised to hear the kind of stuff casinos have deployed. Check it out here: https://youtu.be/sdSai09_jzc
netburnr@lemmy.world
on 16 Sep 2023 19:34
nextcollapse
Casinos run their IT with the cheapest, oldest technology available. Upgrading is expensive and cuts into profits, duh
sturmblast@lemmy.world
on 17 Sep 2023 12:39
nextcollapse
“Shattering the image…” Every couple years someone at Defcon hacks a casino… there is no “image” to break in this context.
stevedidWHAT@lemmy.world
on 17 Sep 2023 13:49
nextcollapse
Statement from group:
Statement on MGM Resorts International: Setting the record straight
9/14/2023, 7:46:49 PM
We have made multiple attempts to reach out to MGM Resorts International, “MGM”. As reported, MGM shutdown computers inside their network as a response to us. We intend to set the record straight.
No ransomware was deployed prior to the initial take down of their infrastructure by their internal teams.
MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking on their Okta Agent servers sniffing passwords of people whose passwords couldn’t be cracked from their domain controller hash dumps. Resulting in their Okta being completely locked out. Meanwhile we continued having super administrator privileges to their Okta, along with Global Administrator privileges to their Azure tenant. They made an attempt to evict us after discovering that we had access to their Okta environment, but things did not go according to plan.
On Sunday night, MGM implemented conditional restrictions that barred all access to their Okta (MGMResorts.okta.com) environment due to inadequate administrative capabilities and weak incident response playbooks. Their network has been infiltrated since Friday. Due to their network engineers’ lack of understanding of how the network functions, network access was problematic on Saturday. They then made the decision to “take offline” seemingly important components of their infrastructure on Sunday.
After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident.
In our MGM victim chat, a user suddenly surfaced a few hours after the ransomware was deployed. As they were not responding to our emails with the special link provided (In order to prevent other IT Personnel from reading the chats) we could not actively identify if the user in the victim chat was authorized by MGM Leadership to be present.
We posted a link to download any and all exfiltrated materials up until September 12th, on September 13th in the same discussion. Since the individual in the conversation did not originate from the email but rather from the hypervisor note, as was already indicated, we were unable to confirm whether they had permission to be there.
To guard against any unneeded data leaking, we added a password to the data link we provided them. Two passwords belonging to senior executives were combined to create the password. Which was clearly hinted to them with asterisks on the bulk of the password characters so that the authorized individuals would be able to view the files. The employee ids were also provided for the two users for identification purposes.
The user has consistently been coming into the chat room every several hours, remaining for a few hours, and then leaving. About seven hours ago, we informed the chat user that if they do not respond by 11:59 PM Eastern Standard Time, we will post a statement. Even after the deadline passed, they continued to visit without responding. We are unsure if this activity is automated but would likely assume it is a human checking it.
We are unable to reveal if PII information has been exfiltrated at this time. If we are unable to reach an agreement with MGM and we are able to establish that there is PII information contained in the exfiltrated data, we will take the first steps of notifying Troy Hunt from HaveIBeenPwned.com. He is free to disclose it in a responsible manner if he so chooses.
We believe MGM will not agree to a deal with us. Simply observe their insider trading behavior. You believe that this company is concerned for your privacy and well-being while visiting one of their resorts?
We are not sure about anyone else, but it is evident from this that no insiders have purchased any stock in the past 12 months, while 7 insiders have sold shares for a combined 33 MILLION dollars. (www.marketbeat.com/stocks/NYSE/…/insider-trades/ (www.marketbeat.com/stocks/NYSE/…/insider-trades/)). This corporation is riddled with greed, incompetence, and corruption.
We recognize that MGM is mistreating the hotel’s customers and really regret that it has taken them five years to get their act together. Other lodging options, including casinos, are undoubtedly open and happy to assist you.
At this point, we have no choice but to criticize VX Underground for falsely reporting events that never happened. We typically consider their information to be highly reliable and timely, but we did not attempt to tamper with MGM’s slot machines to spit out money because doing so would not be to our benefit and would decrease the chances
uranibaba@lemmy.world
on 17 Sep 2023 14:40
collapse
That’s a wall of text without any line breaks. Can you give me a tldr or at least an easier-to-read version?
Potatos_are_not_friends@lemmy.world
on 17 Sep 2023 18:16
collapse
Hackers (Alphv / BlackCat) reached out multiple times.
Over the weekend, MGM decided to shut down their service that syncs accounts globally when they realized the hackers were sniffing passwords. But the hackers had admin access already
In the MGM victim chat, a random person kept showing up but no responses. The hackers could not verify if they belonged to MGM.
To reveal that the hackers had exfiltrated data, they created a data link that was password protected by combining two senior exec’s password.
The hackers are uncertain if the data has PII.
The hackers plan to disclose the data to Troy Hunt of HaveIBeenPwned.com
The hackers rant about MGM’s mistreatment, VX Underground reporting false reports, and the news grouping various hackers into one single entity, as well as false claiming the hacking group claimed responsibility before the attack took place.
Tech Crunch did not contact the hacker and the hackers make a request to verify their sources better.
uranibaba@lemmy.world
on 17 Sep 2023 21:55
collapse
That is very nice of you, thanks.
01189998819991197253@infosec.pub
on 17 Sep 2023 22:18
collapse
If this shatters the “public perception that casino security requires an ‘Oceans 11’-level effort to defeat it”, then the public wasn’t paying attention during the past decade.
threaded - newest
This is the best summary I could come up with:
LAS VEGAS (AP) — A persistent error message greeted Dulce Martinez on Monday as she tried to access her casino rewards account to book accommodations for an upcoming business trip.
Unsettled by the thought of what other information the hackers may have stolen, Martinez, a publicist from Los Angeles, said she signed up for a credit report monitoring program, which will cost her $20 monthly.
The situation entered its sixth day on Friday, with booking capabilities still down and MGM Resorts offering penalty-free room cancelations through Sept. 17.
Tony Anscombe, the chief security official with the San Diego-based cybersecurity company ESET, said it appears the invasions may have been carried out as a “socially engineered attack,” meaning the hackers used tactics like a phone call, text messages or phishing emails to breach the system.
“Security is only as good as the weakest link, and unfortunately, as in many cyberattacks, human behavior is the method used by cybercriminals to gain the access to a company’s crown jewels,” Anscombe said.
As the security break-ins left some Las Vegas casino floors deserted this week, a hacker group emerged online, claiming responsibility for the attack on Caesars Entertainment’s systems and saying it had asked the company to pay a $30 million ransom fee.
The original article contains 636 words, the summary contains 209 words. Saved 67%. I’m a bot and I’m open source!
I kinda don’t feel sorry for them at all
They operate like mafias, fuck them.
They are literally run by cartels for money laundering.
While both Mafia ties and money laundering were true, these days the strip is almost completely corporate owned, which is somehow worse.
Yeah and those cooperations are Subcontractors of shell companies wich are owned by some Mafiosi.
Actually, it's the Mormon Church for a lot of them.
Wich is a Mafia…
You really are keen on calling it a mafia.
I mean it is, call it religion or whatever but that doesn’t make it less of a Mafia/Cartel
Corporations are just mafias with a bigger payroll
They don’t operate in good faith and take advantage of people. Fuck them. Good on the hackers/thieves. Nobody is crying that casinos lost money.
But it sucks for all the people who have had their info stolen.
While I’m not crying over casinos losing money, I don’t agree with praising the hackers, either. Stealing from the bad doesn’t automatically make you good.
Hopefully the hackers use the money for something that benefits a lot of people.
Meh, Robin hood.
If you think they had impenetrable security before this, I’ve got some bad news for you…
I would hope a company handling the volume of money like casinos do, would at least have small regional bank level cyber security.
Meanwhile, small regional banks have their entire database in a single FoxPro file with the password on a post-it on the monitor
I have had national banks tell me I can’t use a space in my password.
What’s worse is when they call you on the phone to tell you.
I work with a lot of banks; local, regional, and national. Lemme tell you, the local banks have some of the most difficult security I’ve had to deal with, from an IT standpoint.
Except for the specific one I was referencing.
Lol. Nice.
Alex Trebeck: Casinos and small regional banks have this in common.
<img alt="they’re the same picture" src="https://cdn.eldeforma.com/wp-content/uploads/2020/08/theyre-the-same-picture-pam-the-office-meme-1536x871.png">
Right who the heck thinks that this day in age? Given for frequently everything gets hacked
.
Did people think casinos had impenetrable cyber security??? On what reasonable basis?? People will literally believe anything these days.
No but casinos historically have had a reputation for having an extremely tight normal security operation because of all the money they handle. It’s why the target in Ocean’s 11 was a Vegas casino. May not have any basis in fact but that’s where the assumption comes from
They also have a reputation of being run by people who will kill you if you steal from them.
Or at the very least break you hand
No, this is the media conflating the publics perception of physical security and cybersecurity to make a story. If you ask an average person how hard it is to steal money from a casino they'd say it's next to impossible, but if instead you asked them how hard it was to hack their attached hotel's booking system they'd say they had no idea.
Apparently, all it takes is a single call to the helpdesk.
The public perception of impenetrable casino security?
I saw ocean’s 11.
Actually you would be very surprised to hear the kind of stuff casinos have deployed. Check it out here: https://youtu.be/sdSai09_jzc
Casinos run their IT with the cheapest, oldest technology available. Upgrading is expensive and cuts into profits, duh
Which makes the Ocean movies hilarious with the super advanced Greko security system.
Ocean One
mental outlaw video got to the news first
I haven’t looked into who might be behind it, but maybe North Korea needs some cash.
The trick is to assemble a dream team of specialists played by famous actors.
Like some kind of… Suicide Squad?
Username checks out
Yeah… username…
It reminds me of my favourite Matt Damon quote:
“What are we, some kind of Ocean’s Eleven?”
“Shattering the image…” Every couple years someone at Defcon hacks a casino… there is no “image” to break in this context.
Statement from group:
Statement on MGM Resorts International: Setting the record straight 9/14/2023, 7:46:49 PM We have made multiple attempts to reach out to MGM Resorts International, “MGM”. As reported, MGM shutdown computers inside their network as a response to us. We intend to set the record straight. No ransomware was deployed prior to the initial take down of their infrastructure by their internal teams. MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking on their Okta Agent servers sniffing passwords of people whose passwords couldn’t be cracked from their domain controller hash dumps. Resulting in their Okta being completely locked out. Meanwhile we continued having super administrator privileges to their Okta, along with Global Administrator privileges to their Azure tenant. They made an attempt to evict us after discovering that we had access to their Okta environment, but things did not go according to plan. On Sunday night, MGM implemented conditional restrictions that barred all access to their Okta (MGMResorts.okta.com) environment due to inadequate administrative capabilities and weak incident response playbooks. Their network has been infiltrated since Friday. Due to their network engineers’ lack of understanding of how the network functions, network access was problematic on Saturday. They then made the decision to “take offline” seemingly important components of their infrastructure on Sunday. After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident. In our MGM victim chat, a user suddenly surfaced a few hours after the ransomware was deployed. As they were not responding to our emails with the special link provided (In order to prevent other IT Personnel from reading the chats) we could not actively identify if the user in the victim chat was authorized by MGM Leadership to be present. We posted a link to download any and all exfiltrated materials up until September 12th, on September 13th in the same discussion. Since the individual in the conversation did not originate from the email but rather from the hypervisor note, as was already indicated, we were unable to confirm whether they had permission to be there. To guard against any unneeded data leaking, we added a password to the data link we provided them. Two passwords belonging to senior executives were combined to create the password. Which was clearly hinted to them with asterisks on the bulk of the password characters so that the authorized individuals would be able to view the files. The employee ids were also provided for the two users for identification purposes. The user has consistently been coming into the chat room every several hours, remaining for a few hours, and then leaving. About seven hours ago, we informed the chat user that if they do not respond by 11:59 PM Eastern Standard Time, we will post a statement. Even after the deadline passed, they continued to visit without responding. We are unsure if this activity is automated but would likely assume it is a human checking it. We are unable to reveal if PII information has been exfiltrated at this time. If we are unable to reach an agreement with MGM and we are able to establish that there is PII information contained in the exfiltrated data, we will take the first steps of notifying Troy Hunt from HaveIBeenPwned.com. He is free to disclose it in a responsible manner if he so chooses. We believe MGM will not agree to a deal with us. Simply observe their insider trading behavior. You believe that this company is concerned for your privacy and well-being while visiting one of their resorts? We are not sure about anyone else, but it is evident from this that no insiders have purchased any stock in the past 12 months, while 7 insiders have sold shares for a combined 33 MILLION dollars. (www.marketbeat.com/stocks/NYSE/…/insider-trades/ (www.marketbeat.com/stocks/NYSE/…/insider-trades/)). This corporation is riddled with greed, incompetence, and corruption. We recognize that MGM is mistreating the hotel’s customers and really regret that it has taken them five years to get their act together. Other lodging options, including casinos, are undoubtedly open and happy to assist you. At this point, we have no choice but to criticize VX Underground for falsely reporting events that never happened. We typically consider their information to be highly reliable and timely, but we did not attempt to tamper with MGM’s slot machines to spit out money because doing so would not be to our benefit and would decrease the chances
That’s a wall of text without any line breaks. Can you give me a tldr or at least an easier-to-read version?
Here’s one with line breaks: reddit.com/…/alphv_blackcat_just_released_an_anno…
the tl;dr:
That is very nice of you, thanks.
If this shatters the “public perception that casino security requires an ‘Oceans 11’-level effort to defeat it”, then the public wasn’t paying attention during the past decade.