• Welcome to the FREE TUGBBS forums! The absolute best place for owners to get help and advice about their timeshares for more than 32 years!

    Join Tens of Thousands of other owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 32 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 32nd anniversary: Happy 32nd Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    All subscribers auto-entered to win all free TUG membership giveaways!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Wish you could meet up with other TUG members? Well look no further as this annual event has been going on for years in Orlando! How to Attend the TUG January Get-Together!
  • Now through the end of the year you can join or renew your TUG membership at the lowest price ever offered! Learn More!
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

The chaotic and cinematic MGM casino hack, explained

DrQ

DrQ

TUG Member
Joined
Jun 13, 2005
Messages
7,085
Reaction score
4,763
Location
DFW
Resorts Owned
HICV, Westgate (second cousin, twice removed)

The chaotic and cinematic MGM casino hack, explained​

Are we in the middle of Ocean’s 14 or is this just another ransomware attack?
www.vox.com

The chaotic and cinematic MGM casino hack, explained

Are we in the middle of Ocean’s 14 or is this just another ransomware attack?
www.vox.com www.vox.com
 
Hands down, worst week of my (hospitalist) daughter's life was when their system was hacked. It was in the middle of covid, the electronic systems not being available was unreal stress for her. They were down for over a week. Only a blip in the news (people are getting to the hospital and being told they would need to reschedule appointments and surgeries - that was pretty much the jist of the news). She never knew, but assumed they eventually paid. As a doctor, no immediate lab results - to see exrays, physically go to the where they were developed, no history, etc. If they've figured out how to hack the casinos, maybe they'll leave the hospitals alone now?
 
  • Like
Reactions: DrQ
Sandi Bo said:
If they've figured out how to hack the casinos, maybe they'll leave the hospitals alone now?
Click to expand...

People don't take security seriously. If you leave a dozen thumb drives scattered around the employee parking lot, employees will pick them up and plug them into the first computer they encounter. Bam! Now the virus is in the system and can start worming its way to something important. If the person who picked up the thumb drive worked in the cash room, security, operations or some other critical area, the encryption and ransom was probably close to instantaneous.

And now, every single casino is re-writing their rules about computer usage.
 
Caesars rewards cards also hacked, they paid the ransom and crossed fingers the hackers deleted the stolen data. I think they have my Ss# and DOB since I've had a few hand pay wins.

I already have ID theft protection on, no activity yet. My wife had some Chase accounts tried with hers but got notified and blocked.
 
SmithOp said:
Caesars rewards cards also hacked, they paid the ransom and crossed fingers the hackers deleted the stolen data. I think they have my Ss# and DOB since I've had a few hand pay wins.

I already have ID theft protection on, no activity yet. My wife had some Chase accounts tried with hers but got notified and blocked.
Click to expand...

In both cases, apparently all it took was someone calling them and asking for a password reset.

People also do this to prank businesses. Call a fast food joint and tell them there's a radon, carbon monoxide, gas leak and they need to smash all the windows -- RIGHT NOW, and evacuate the building. People who work these sorts of jobs are used to doing what they're told and actually trash their own workplace.

Smashing Burger King's Windows hoax
 
ScoopKona said:
People don't take security seriously. If you leave a dozen thumb drives scattered around the employee parking lot, employees will pick them up and plug them into the first computer they encounter. Bam! Now the virus is in the system and can start worming its way to something important. If the person who picked up the thumb drive worked in the cash room, security, operations or some other critical area, the encryption and ransom was probably close to instantaneous.

And now, every single casino is re-writing their rules about computer usage.
Click to expand...
One of the big reasons the DoD (or at least the Army) blocks USB thumb and hard drives from working when plugged in to their managed computers. The other big reason is it stops people from downloading and sneaking files out.
 
sponger76 said:
One of the big reasons the DoD (or at least the Army) blocks USB thumb and hard drives from working when plugged in to their managed computers. The other big reason is it stops people from downloading and sneaking files out.
Click to expand...

I used to work on the Strip. The casinos are always reactive, never proactive. They're great at guarding money. But today, even after the October massacre (which happened close to where I worked), I absolutely guarantee you there are dozens of doors you could sneak in, if you knew where to look. They're supposed to be locked. But people prop the doors open because it's convenient.

It's the same in the schools where my wife worked -- even though they know they're a target, they behave like nothing ever happens in this country.
 
People really should get competent cyber security help, and at least follow industry best practices. But they won't because it costs "too much money" and causes "too much extra work". And I've seen it go beyond what most people would think is reasonable - there's a consulting company that it takes 45 minutes to turn on the laptop and log in because of all the security steps and network layers needed. It's impossible to get files on and off except (for some reason) via facebook and sharepoint. This place is probably pretty ransomware resilient, and I'd agree difficult to hack. But it costs all of their employees 45 minutes every day to get started and any time they need to reboot or lose the Internet for any reason with their laptop. They're paying something like a 15% productivity hit.

Most people and places won't burn employee time like that, but this is why they get hacked, and honestly - all that security still is pretty vulnerable if facebook is involved IMO. You can't leave a "weak spot" - because that is your security level - your weakest spot.

What's worse is you can't really do anything secured like you used to - Windows and MacOS both basically require the Internet for near constant patches, forget about the software *on* the computers. You're actively fighting Microsoft to lock stuff down, yet most software is developed for Microsoft, so you're kind of over a barrel. If you've got the will, skilled employees, and time, you can implement less well known software or home made software on a locked down Linux stack, but now you've got the problems of your software probably not being the most securely written - not that the commercial products are necessarily better - but you do get the economy of scale for getting bugs found, patched and deployed.

The other issue is almost no one prioritizes security in development - saying you made a big security push or implemented something like SELinux or AppLocker really only sounds interesting to a very small group of CyberSecurity people - and no customers are beating down your door about it unless it's reactive to a current problem. But a new feature or version or theme? All the money comes in. This leads to the horrible idea of Minimum Viable Product where it's basically a PoC sold as soon as it "runs", forget about looking for bugs or doing anything secure.
 
Brett said:
But IT professionals say they are 'proactive'
Click to expand...
Depends on what you mean by IT professionals. Lots of Operations / Sysadmin IT professionals are / want to be proactive, but they also aren't CIOs or CEOs etc. Meaning they don't get to set staffing levels, management priorities, and budgets. Like so many other failures, it's usually traceable to management decisions. Most programmers / developers seem to be interested in the MVP I talked about above - they get paid / promoted / bonus etc based on completing features and new software. They want it to "work" based on basic user acceptance testing, because then they can go on to the next task. And I get it, a lot of programming is like mechanics - you want to get the given job done so you can grab the next one for more money. Or if not freelance, you want to get the job done so you can get a better performance review. And with cybersecurity, it's kind of even easier to skip the security issues than working on a car because "bad work" is almost impossible for non-domain experts to identify (and the experts would need to deep dive in in many cases) - with cars a wheel falling off for instance the layperson notices. So there's less "comebacks" to weed out irresponsible workers too. In a lot of ways, bad cyber security practices are like bypassing emissions controls on the cars - the issues don't show up for a long time, and probably won't directly affect the employee, and in some ways make life cheaper and better for the customer. Until they maybe get caught and fined or don't pass an inspection.
 
You must log in or register to reply here.
Top