Teenager Arrested Following Major Cyberattack on MGM Resort
A teenager has surrendered to authorities in Las Vegas on September 17, facing charges related to a significant cyberattack on a casino, which reportedly cost the MGM resort around $100 million.
The suspect is now in the custody of the Clark County Juvenile Detention Center, as noted by the Las Vegas Metropolitan Police Department (LVMPD). He has been booked on six charges, including acquiring and using someone else’s personal information for deceptive purposes. Additionally, he faces accusations related to conspiracy and illegal computer activities.
The Clark County District Attorney’s Office plans to transfer the juvenile to the Criminal Division where he will be tried as an adult.
Police indicated that the teen is connected to a broader series of attacks targeting various casinos from August to October 2023, utilizing a sophisticated network intrusion linked to a cyber group known as “scattered spiders.” This group is also referred to by other names such as “Octo Tempest,” “UNC3944,” and “Oktapus,” according to law enforcement sources.
The federal FBI Cyber Task Force in Las Vegas, which works alongside the LVMPD Cyber Research Group, led the investigation into these incidents. Authorities have not revealed the suspect’s identity due to his minor status.
Reports suggest that hackers disabled hotel key cards and slot machines, blocked reservation systems, and denied employees access to their email accounts. MGM disclosed to the Securities and Exchange Commission that the costs associated with the cyberattack would be approximately $100 million.
The attack was facilitated through seemingly simple tactics. Attackers reportedly tracked MGM employees on LinkedIn, impersonated them, and contacted companies to request password resets, managing to gain system access within a mere ten minutes.
Similar incidents were noted at Caesars Palace during the same timeframe. The company indicated in an SEC filing that it has taken measures to eliminate any stolen data, although it could not guarantee complete success.
Cybersecurity experts have suggested that this may indicate that the company made payments to the perpetrators, according to NBC News.
