A teenage hacker suspected of launching a costly cyberattack on MGM Resorts in Las Vegas, which resulted in a $100 million loss, has been arrested, as reported by SFGate. In a scheme deemed sophisticated by authorities, the teenager allegedly impersonated an MGM Grand employee found on LinkedIn, persuading the IT department to reset the employee's password, subsequently gaining access to MGM's internal systems.
The teen, whose identity remains protected due to his minor status, turned himself in to the Clark County Juvenile Detention Center on September 17. Charged with extortion, obtaining and using another person's identifying information, and unlawful acts regarding computers, his case has caught the attention of the Clark County District Attorney's Office which, according to a FOX5 Vegas report, is pushing for him to be tried as an adult.
The attacks, apparently led by the provocatively named "Scattered Spider" collective, wreaked havoc on the Vegas Strip's electronic infrastructure from August through October of 2023. They brought slot machines to a standstill, took down hotel check-in systems and locked employees out of their email accounts, as per SFGate. MGM Resorts acknowledged the significant financial impact of the cyberattack in a Securities and Exchange Commission filing.
Operated by MGM Resorts, several other notable properties, including the Bellagio, Luxor, Excalibur, and the Cosmopolitan, were impacted. Around the same period, Caesars experienced a similar cyber onslaught, leading to speculation that the attacks were related. Refusing to bow to the hackers, Caesars reported in an SEC filing that it took "steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result," which, as cyber security experts have suggested, hints at a possible payoff to the hackers, as noted by SFGate.
Nevada's issue with cyberattacks extends beyond the glitzy facades of its casinos. The state is still grappling with the aftermath of a major cyberattack that resulted in the shutdown of the DMV and other statewide agencies last month. As mentioned by FOX5 Las Vegas, Nevada Medicaid, the housing division, and DPS are still facing operational issues due to this cyber onslaught. Additionally, the Clark County School District also fell victim to cyberattacks in fall 2023, which saw confidential student information leaked on the dark web. Unlike the high-profile MGM and Caesars cases, no arrests have been made in connection with the school district attacks thus far.
