www.itnews.com.au Open in urlscan Pro
203.176.102.69  Public Scan

Form analysis
1 forms found in the DOM

POST /news/fbi-struggled-to-disrupt-dangerous-casino-hacking-gang-602355

<form id="frm-login" action="/news/fbi-struggled-to-disrupt-dangerous-casino-hacking-gang-602355" method="post">
  <h3 class="section-header"><span>Log In</span></h3>
  <div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
  <div id="login-validation"></div>
  <div id="login-response"></div>
  <div class="form-label email-login">Email:</div>
  <div class="form-input"><input id="username" name="username" type="text" required=""></div>
  <div class="form-label password-login">Password:</div>
  <div class="form-input"><input id="password" name="password" type="password" required=""></div>
  <div class="row form-checkbox">
    <input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span>&nbsp; | &nbsp;<a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
  </div>
</form>

Text Content

Latest News


CHELSEA MANNING: TECH MORE EFFICIENT THAN LAWS TO ENSURE PRIVACY


EPA VICTORIA HUNTS FOR NEW CISO


AZURE CLI CREDENTIAL LEAK PART OF MICROSOFT'S MONTHLY PATCH ROLLUP


GOV TO CREATE SAFE HARBOUR FOR COMPANIES UNDER CYBER ATTACK


SYDNEY METRO SEEKS PERMANENT CIO

 * Australia Edition

 * Asia Edition



LOG IN SUBSCRIBE  
Search
BUSINESS CLOUD DATA CENTRE
EDUCATION FINANCE HARDWARE
HEALTHCARE INDUSTRIAL NETWORKING
PROJECTS SOFTWARE STORAGE
STRATEGY TECHNOLOGY TELCO/ISP
State of Security State of Sustainability State of IT
Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH
 * NEWS
 * GOVERNMENT
 * SECURITY
 * REPORTS
 * RESOURCES
 * PODCAST
 * BENCHMARKS

NEWS

BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL
NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP
GOVERNMENT SECURITY REPORTS

State of Security State of Sustainability State of IT
RESOURCES

Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH
PODCAST BENCHMARKS
Australia Edition

Asia Edition



LOG IN

Email:

Password:

Remember me |  Forgot password?



Don't have an account? Register now!
 * Home
 * News
 * Technology
 * Security


FBI STRUGGLED TO DISRUPT DANGEROUS CASINO HACKING GANG

By Zeba Siddiqui, Christopher Bing and Raphael Satter

Nov 15 2023 6:40AM



HAS IDENTIFIED AT LEAST A DOZEN MEMBERS.

The US Federal Bureau of Investigation (FBI) has struggled to stop a
hyper-aggressive cybercrime gang that's been tormenting corporate America over
the last two years, according to nine cyber security responders, digital crime
experts and victims.



For more than six months, the FBI has known the identities of at least a dozen
members tied to the hacking group responsible for the devastating September
break-ins at casino operators MGM Resorts International and Caesars
Entertainment, according to four people familiar with the investigation.

Industry executives have told Reuters they were baffled by an apparent lack of
arrests despite many of the hackers being based in America.



"I would love for somebody to explain it to me," said Michael Sentonas,
president of CrowdStrike, one of the firms leading the response effort to the
hacks.

"For such a small group, they are absolutely causing havoc," Sentonas told
Reuters in an interview last month.



Sentonas said the hackers were "known" but didn't provide specifics. He did say,
"I think there is a failure here." Asked who was responsible for the failure,
Sentonas said, "law enforcement."

The FBI has said it is investigating the gaming company hacks but a spokesperson
for the agency declined to comment on the larger group responsible or where the
investigation stands.

A spokesman for the US Department of Justice also declined to comment.

Dubbed by some security professionals as "Scattered Spider," the hacking group
has been active since 2021 but it grabbed headlines following a series of
intrusions at several high profile American companies.

The MGM breach disrupted operations at its casinos and hotels for days and cost
the company roughly US$100 million ($154 million) in damages, it said in a
regulatory filing last month.



Caesars paid around US$15 million in ransom to regain access to its systems from
the hackers, according to reporting by the Wall Street Journal.

Neither company responded to a request for comment.

CrowdStrike, Mandiant, Palo Alto Networks, and Microsoft are among the main
American cyber security firms responding to private company breaches by the
hackers.

Some have been collecting evidence leading to the hackers' identities and are
assisting law enforcement, according to the five insiders.

The sources say that, following the September casino hacks, the FBI's
investigation took on new urgency. FBI officials first began looking at the
hackers' operations more than a year ago.

Security analysts tracking the breaches, meanwhile, have found a range of
victims across nearly every industry – starting with telecoms and outsourcing
firms to healthcare and financial service companies.

In total, roughly 230 organisations have been hit since the beginning of last
year, according to a tally by the Baltimore, Maryland-based cyber security firm
ZeroFox, which has helped Caesars contain the fallout.

ZeroFox's chief executive James Foster attributed law enforcement's sluggish
response to a lack of manpower.

Over the last several years, numerous press reports have suggested the bureau is
losing many of its best cyber agents to the private sector, who offer them
higher salaries.

"Law enforcement, certainly at the federal level, has all the tools and
resources they need to be successful in going after cyber criminals," Foster
said. "They just don't have enough people."

Another challenge has been the hesitancy of many victims to cooperate with the
FBI.

One of the sources, an executive involved with defending against the hackers,
who declined to be named citing client confidentiality, said "several" victim
companies never informed the bureau they were compromised – meaning prosecutors
lost the chance to acquire potentially important evidence.

This instinct to hide an intrusion isn't unusual, an ex-FBI official who
requested anonymity and previously worked on ransomware investigations told
Reuters.

"What I encountered working on the ransomware stuff is basically nine out of 10
times the company did not want to cooperate," the ex-official said.

A third challenge has been the loose-knit nature of the group, which is made up
of small clusters of individuals who collaborate on-and-off on specific jobs.

The gang's murky structure helped earn it the "Scattered" nickname, as well as
another industry moniker, "Muddled Libra," among researchers.

For example, the crew behind the casino job calls itself "Star Fraud," according
to two analysts. It is part of a larger hacker collective made up of mostly
young cybercriminals who use the name "The Com" as a slang for their community.

Most of the group's members are based in Western countries, including the United
States, cyber security companies say. T

They typically discuss hacking projects in shared chat channels on social
messaging apps, namely Telegram and Discord.

A Telegram spokesperson did not respond to a request for comment on the hackers.

A Discord spokesman declined to comment on them, but said the platform bars
illegal activity and takes steps including banning or shutting down groups or
users that engage in such practices.

Historically, the group's amorphous shape made it difficult for the FBI to
coordinate internally across its many field offices around the country, said
three people familiar with the matter.

For months, numerous field offices were each independently investigating
individual hacks launched by the same group but were not immediately aware of
their connection, delaying the process.

Recently, the FBI's Newark, New Jersey field office has been handling an
investigation into the hacking group and is making progress, according to those
three people, who did not provide details. They added that a new special agent
have been assigned to the case.

In recent months, meanwhile, alarming details of The Com's aggressive tactics
have come into public view. Its members are engaged in a range of illicit
schemes, from sextortion and ransomware to phone-based scams and paying people
to commit physical violence - also known as 'violence-as-a-service.'

In a report published by Microsoft late last month, the tech firm quoted
Scattered Spider-linked hackers as threatening to kill employees of a victim
organisation unless they coughed up passwords.

Reuters' attempts to contact the hackers for this story were not successful.

"I think they are pathological," Kevin Mandia, the founder of Mandiant, said in
an interview in September. "We have seen how they interact with victim
companies. They are ruthless."

Mandia didn't respond directly when asked whether Scattered Spider's identities
were known to law enforcement. But he did say that there was no excuse for not
arresting hackers who operated from the West.

"If they're in democratised nations that work with the international community,
you've got to catch them," he said.

Got a news tip for our journalists? Share it with us anonymously here.
© 2019 Thomson Reuters. Click for Restrictions.
Tags:
casinohacksecurity



RELATED ARTICLES

 * Chelsea Manning: Tech more efficient than laws to ensure privacy
 * EPA Victoria hunts for new CISO
 * Azure CLI credential leak part of Microsoft's monthly patch rollup
 * Gov to create safe harbour for companies under cyber attack


PARTNER CONTENT


Partner Content Understanding cloud data is the key to achieving a single pane
of glass view and avoiding swivel-chair analysis

State of Security 2023

Partner Content Modern thinking is needed to counter modern security threats

As transformation accelerates, sustainability has never been more important


SPONSORED WHITEPAPERS


How Mainframe Modernization Begins with Application Modernization

Insights Driven by Data. Verify, and keep verifying: Cybersecurity in a
zero-trust world

The Healthcare CISO’s Guide to Medical IoT Security

The Enterprise Buyer's Guide to IoT Security. 5 Must-Haves for Comprehensive
Zero Trust IoT Security

How to reach the ‘Holy Grail’ of security and performance with SASE





MOST READ ARTICLES


AUSTRALIAN PORTS OPERATOR SUFFERS 'CYBER SECURITY INCIDENT'


GOVERNMENT LOOKS AT PASSWORDLESS ACCESS FOR MYGOV


CONFLUENCE VULNERABILITIES UNDER ACTIVE RANSOMWARE EXPLOITATION


TELCOS TO BE ADDED TO SOCI REGIME


Please enable JavaScript to view the comments powered by Disqus.


DIGITAL NATION


How eBay uses interaction analytics to improve CX

Health tech startup Kismet raises $4m in pre-seed funding

State of Security 2023

More than half of loyalty members concerned about their data

COVER STORY: What AI regulation might look like in Australia


Sponsored Links
 * Rittal All-in-one Micro Data Centre Solutions for all on-premise applications
   – Rack, Power, Cooling, Security & Monitoring.


MOST POPULAR TECH STORIES

 *  
   
   
   STATE OF SECURITY 2023
   
   
   COVER STORY: SUSTAINABILITY AND AI, A PROMISING PARTNERSHIP OR AN
   ENVIRONMENTAL GREY AREA?
   
   
   FYAI: WHAT IS AN AI HALLUCINATION AND HOW DOES IT IMPACT BUSINESS LEADERS?
   
   
   CASE STUDY: WARREN AND MAHONEY ADOPTS DIGITAL TOOLS TO REDUCE ITS CARBON
   FOOTPRINT
   
   
   CRICKET AUSTRALIA AUTOMATES EXPERIENCES FOR FANS AND PLAYERS

 *  
   
   
   OPTUS NETWORK OUTAGE CUTS OFF MILLIONS OF AUSTRALIANS
   
   
   APRA WARNS FINANCE SECTOR ON CYBERSECURITY NON-COMPLIANCE
   
   
   GOVERNMENT SAYS PORTS OPERATOR DP WORLD CYBER INCIDENT "SERIOUS"
   
   
   THE 2023 CRN FAST50 COMPANIES: SEE THE LIST
   
   
   OPTUS OUTAGE CAUSES CHAOS IN AUSTRALIA BEFORE SERVICES RESTORED

 *  
   
   
   RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND
   THEY SHOULD
   
   
   SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE
   
   
   BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE
   
   
   VENOM BLACKBOOK ZERO 15 PHANTOM
   
   
   HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT?

 *  
   
   
   WHEN MINUTES SAVE LIVES: IOT DELIVERS EARLIER FLOOD WARNINGS
   
   
   SAMSUNG, WHIRLPOOL BANK ON SMART FRIDGE RENAISSANCE
   
   
   ANNOUNCING THE 2022-23 IOT AWARDS FINALISTS
   
   
   QUINBROOK ANNOUNCES PLATFORM FOR REAL-TIME TRACKING AND REPORTING OF
   RENEWABLE ENERGY CONSUMPTION
   
   
   ORANGE BUSINESS AND MACHINEMAX PARTNER TO OPTIMISE HEAVY MACHINERY

Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS
  © 2023 nextmedia Pty Ltd.
OTHER TECH SITES: BIT  |  CRN Australia  |  Digital Nation  |  IoT Hub
All rights reserved. This material may not be published, broadcast, rewritten or
redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy
and Terms & Conditions.
Powered By
Ad will close in 11s




Accept
By using our site you accept that we use and share cookies and similar
technologies to perform analytics and provide content and ads tailored to your
interests. By continuing to use our site, you consent to this. Please see our
Cookie Policy for more information.


 Close


LOG IN

Don't have an account? Register now!


Email:

Password:

Remember me  |  Forgot your password?
Log InCancel