www.itnews.com.au
Open in
urlscan Pro
203.176.102.69
Public Scan
URL:
https://www.itnews.com.au/news/fbi-struggled-to-disrupt-dangerous-casino-hacking-gang-602355
Submission: On November 15 via api from TR — Scanned from AU
Submission: On November 15 via api from TR — Scanned from AU
Form analysis
1 forms found in the DOMPOST /news/fbi-struggled-to-disrupt-dangerous-casino-hacking-gang-602355
<form id="frm-login" action="/news/fbi-struggled-to-disrupt-dangerous-casino-hacking-gang-602355" method="post">
<h3 class="section-header"><span>Log In</span></h3>
<div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
<div id="login-validation"></div>
<div id="login-response"></div>
<div class="form-label email-login">Email:</div>
<div class="form-input"><input id="username" name="username" type="text" required=""></div>
<div class="form-label password-login">Password:</div>
<div class="form-input"><input id="password" name="password" type="password" required=""></div>
<div class="row form-checkbox">
<input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span> | <a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
</div>
</form>
Text Content
Latest News CHELSEA MANNING: TECH MORE EFFICIENT THAN LAWS TO ENSURE PRIVACY EPA VICTORIA HUNTS FOR NEW CISO AZURE CLI CREDENTIAL LEAK PART OF MICROSOFT'S MONTHLY PATCH ROLLUP GOV TO CREATE SAFE HARBOUR FOR COMPANIES UNDER CYBER ATTACK SYDNEY METRO SEEKS PERMANENT CIO * Australia Edition * Asia Edition LOG IN SUBSCRIBE Search BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP State of Security State of Sustainability State of IT Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH * NEWS * GOVERNMENT * SECURITY * REPORTS * RESOURCES * PODCAST * BENCHMARKS NEWS BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP GOVERNMENT SECURITY REPORTS State of Security State of Sustainability State of IT RESOURCES Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH PODCAST BENCHMARKS Australia Edition Asia Edition LOG IN Email: Password: Remember me | Forgot password? Don't have an account? Register now! * Home * News * Technology * Security FBI STRUGGLED TO DISRUPT DANGEROUS CASINO HACKING GANG By Zeba Siddiqui, Christopher Bing and Raphael Satter Nov 15 2023 6:40AM HAS IDENTIFIED AT LEAST A DOZEN MEMBERS. The US Federal Bureau of Investigation (FBI) has struggled to stop a hyper-aggressive cybercrime gang that's been tormenting corporate America over the last two years, according to nine cyber security responders, digital crime experts and victims. For more than six months, the FBI has known the identities of at least a dozen members tied to the hacking group responsible for the devastating September break-ins at casino operators MGM Resorts International and Caesars Entertainment, according to four people familiar with the investigation. Industry executives have told Reuters they were baffled by an apparent lack of arrests despite many of the hackers being based in America. "I would love for somebody to explain it to me," said Michael Sentonas, president of CrowdStrike, one of the firms leading the response effort to the hacks. "For such a small group, they are absolutely causing havoc," Sentonas told Reuters in an interview last month. Sentonas said the hackers were "known" but didn't provide specifics. He did say, "I think there is a failure here." Asked who was responsible for the failure, Sentonas said, "law enforcement." The FBI has said it is investigating the gaming company hacks but a spokesperson for the agency declined to comment on the larger group responsible or where the investigation stands. A spokesman for the US Department of Justice also declined to comment. Dubbed by some security professionals as "Scattered Spider," the hacking group has been active since 2021 but it grabbed headlines following a series of intrusions at several high profile American companies. The MGM breach disrupted operations at its casinos and hotels for days and cost the company roughly US$100 million ($154 million) in damages, it said in a regulatory filing last month. Caesars paid around US$15 million in ransom to regain access to its systems from the hackers, according to reporting by the Wall Street Journal. Neither company responded to a request for comment. CrowdStrike, Mandiant, Palo Alto Networks, and Microsoft are among the main American cyber security firms responding to private company breaches by the hackers. Some have been collecting evidence leading to the hackers' identities and are assisting law enforcement, according to the five insiders. The sources say that, following the September casino hacks, the FBI's investigation took on new urgency. FBI officials first began looking at the hackers' operations more than a year ago. Security analysts tracking the breaches, meanwhile, have found a range of victims across nearly every industry – starting with telecoms and outsourcing firms to healthcare and financial service companies. In total, roughly 230 organisations have been hit since the beginning of last year, according to a tally by the Baltimore, Maryland-based cyber security firm ZeroFox, which has helped Caesars contain the fallout. ZeroFox's chief executive James Foster attributed law enforcement's sluggish response to a lack of manpower. Over the last several years, numerous press reports have suggested the bureau is losing many of its best cyber agents to the private sector, who offer them higher salaries. "Law enforcement, certainly at the federal level, has all the tools and resources they need to be successful in going after cyber criminals," Foster said. "They just don't have enough people." Another challenge has been the hesitancy of many victims to cooperate with the FBI. One of the sources, an executive involved with defending against the hackers, who declined to be named citing client confidentiality, said "several" victim companies never informed the bureau they were compromised – meaning prosecutors lost the chance to acquire potentially important evidence. This instinct to hide an intrusion isn't unusual, an ex-FBI official who requested anonymity and previously worked on ransomware investigations told Reuters. "What I encountered working on the ransomware stuff is basically nine out of 10 times the company did not want to cooperate," the ex-official said. A third challenge has been the loose-knit nature of the group, which is made up of small clusters of individuals who collaborate on-and-off on specific jobs. The gang's murky structure helped earn it the "Scattered" nickname, as well as another industry moniker, "Muddled Libra," among researchers. For example, the crew behind the casino job calls itself "Star Fraud," according to two analysts. It is part of a larger hacker collective made up of mostly young cybercriminals who use the name "The Com" as a slang for their community. Most of the group's members are based in Western countries, including the United States, cyber security companies say. T They typically discuss hacking projects in shared chat channels on social messaging apps, namely Telegram and Discord. A Telegram spokesperson did not respond to a request for comment on the hackers. A Discord spokesman declined to comment on them, but said the platform bars illegal activity and takes steps including banning or shutting down groups or users that engage in such practices. Historically, the group's amorphous shape made it difficult for the FBI to coordinate internally across its many field offices around the country, said three people familiar with the matter. For months, numerous field offices were each independently investigating individual hacks launched by the same group but were not immediately aware of their connection, delaying the process. Recently, the FBI's Newark, New Jersey field office has been handling an investigation into the hacking group and is making progress, according to those three people, who did not provide details. They added that a new special agent have been assigned to the case. In recent months, meanwhile, alarming details of The Com's aggressive tactics have come into public view. Its members are engaged in a range of illicit schemes, from sextortion and ransomware to phone-based scams and paying people to commit physical violence - also known as 'violence-as-a-service.' In a report published by Microsoft late last month, the tech firm quoted Scattered Spider-linked hackers as threatening to kill employees of a victim organisation unless they coughed up passwords. Reuters' attempts to contact the hackers for this story were not successful. "I think they are pathological," Kevin Mandia, the founder of Mandiant, said in an interview in September. "We have seen how they interact with victim companies. They are ruthless." Mandia didn't respond directly when asked whether Scattered Spider's identities were known to law enforcement. But he did say that there was no excuse for not arresting hackers who operated from the West. "If they're in democratised nations that work with the international community, you've got to catch them," he said. Got a news tip for our journalists? Share it with us anonymously here. © 2019 Thomson Reuters. Click for Restrictions. Tags: casinohacksecurity RELATED ARTICLES * Chelsea Manning: Tech more efficient than laws to ensure privacy * EPA Victoria hunts for new CISO * Azure CLI credential leak part of Microsoft's monthly patch rollup * Gov to create safe harbour for companies under cyber attack PARTNER CONTENT Partner Content Understanding cloud data is the key to achieving a single pane of glass view and avoiding swivel-chair analysis State of Security 2023 Partner Content Modern thinking is needed to counter modern security threats As transformation accelerates, sustainability has never been more important SPONSORED WHITEPAPERS How Mainframe Modernization Begins with Application Modernization Insights Driven by Data. Verify, and keep verifying: Cybersecurity in a zero-trust world The Healthcare CISO’s Guide to Medical IoT Security The Enterprise Buyer's Guide to IoT Security. 5 Must-Haves for Comprehensive Zero Trust IoT Security How to reach the ‘Holy Grail’ of security and performance with SASE MOST READ ARTICLES AUSTRALIAN PORTS OPERATOR SUFFERS 'CYBER SECURITY INCIDENT' GOVERNMENT LOOKS AT PASSWORDLESS ACCESS FOR MYGOV CONFLUENCE VULNERABILITIES UNDER ACTIVE RANSOMWARE EXPLOITATION TELCOS TO BE ADDED TO SOCI REGIME Please enable JavaScript to view the comments powered by Disqus. DIGITAL NATION How eBay uses interaction analytics to improve CX Health tech startup Kismet raises $4m in pre-seed funding State of Security 2023 More than half of loyalty members concerned about their data COVER STORY: What AI regulation might look like in Australia Sponsored Links * Rittal All-in-one Micro Data Centre Solutions for all on-premise applications – Rack, Power, Cooling, Security & Monitoring. MOST POPULAR TECH STORIES * STATE OF SECURITY 2023 COVER STORY: SUSTAINABILITY AND AI, A PROMISING PARTNERSHIP OR AN ENVIRONMENTAL GREY AREA? FYAI: WHAT IS AN AI HALLUCINATION AND HOW DOES IT IMPACT BUSINESS LEADERS? CASE STUDY: WARREN AND MAHONEY ADOPTS DIGITAL TOOLS TO REDUCE ITS CARBON FOOTPRINT CRICKET AUSTRALIA AUTOMATES EXPERIENCES FOR FANS AND PLAYERS * OPTUS NETWORK OUTAGE CUTS OFF MILLIONS OF AUSTRALIANS APRA WARNS FINANCE SECTOR ON CYBERSECURITY NON-COMPLIANCE GOVERNMENT SAYS PORTS OPERATOR DP WORLD CYBER INCIDENT "SERIOUS" THE 2023 CRN FAST50 COMPANIES: SEE THE LIST OPTUS OUTAGE CAUSES CHAOS IN AUSTRALIA BEFORE SERVICES RESTORED * RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND THEY SHOULD SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE VENOM BLACKBOOK ZERO 15 PHANTOM HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT? * WHEN MINUTES SAVE LIVES: IOT DELIVERS EARLIER FLOOD WARNINGS SAMSUNG, WHIRLPOOL BANK ON SMART FRIDGE RENAISSANCE ANNOUNCING THE 2022-23 IOT AWARDS FINALISTS QUINBROOK ANNOUNCES PLATFORM FOR REAL-TIME TRACKING AND REPORTING OF RENEWABLE ENERGY CONSUMPTION ORANGE BUSINESS AND MACHINEMAX PARTNER TO OPTIMISE HEAVY MACHINERY Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS © 2023 nextmedia Pty Ltd. OTHER TECH SITES: BIT | CRN Australia | Digital Nation | IoT Hub All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation. Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions. Powered By Ad will close in 11s Accept By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information. Close LOG IN Don't have an account? Register now! Email: Password: Remember me | Forgot your password? Log InCancel