1 00:00:04,440 --> 00:00:12,520 Speaker 1: Welcome to tech Stuff, a production from iHeartRadio. Hey there, 2 00:00:12,560 --> 00:00:15,720 Speaker 1: and welcome to tech Stuff. I am your host, Jonathan Strickland. 3 00:00:15,760 --> 00:00:19,000 Speaker 1: I am an executive producer with iHeartRadio. And how the 4 00:00:19,040 --> 00:00:22,760 Speaker 1: tech are you? I am recording live here from the 5 00:00:22,960 --> 00:00:26,360 Speaker 1: iHeart Podcast studio powered by Bose at the House of 6 00:00:26,480 --> 00:00:30,440 Speaker 1: Music at the iHeartRadio Music Festival. I'm sure you're gonna 7 00:00:30,440 --> 00:00:33,560 Speaker 1: be able to hear some of the ambience, let's call 8 00:00:33,600 --> 00:00:36,640 Speaker 1: it here at the festival. And that's just proof that 9 00:00:36,680 --> 00:00:41,040 Speaker 1: I'm actually here. I don't know how that happened. I 10 00:00:41,080 --> 00:00:44,240 Speaker 1: am nowhere near cool enough to have been invited here. 11 00:00:45,159 --> 00:00:48,360 Speaker 1: I guess they didn't listen to the show first. That's 12 00:00:48,400 --> 00:00:51,480 Speaker 1: fine with me, though. There's some pretty incredible musical acts 13 00:00:51,479 --> 00:00:53,400 Speaker 1: that are going to be rocking out in the arena 14 00:00:53,440 --> 00:00:55,800 Speaker 1: that's right in front of me, and I will sit 15 00:00:55,800 --> 00:00:58,320 Speaker 1: here and talk about geeky tech stuff. So the question 16 00:00:58,480 --> 00:01:01,680 Speaker 1: is then, what topic should I cover for this episode? 17 00:01:01,680 --> 00:01:03,480 Speaker 1: And I asked myself that several times. I had a 18 00:01:03,520 --> 00:01:06,280 Speaker 1: lot of possible answers. Maybe I could talk about the 19 00:01:06,319 --> 00:01:08,640 Speaker 1: tech of running a concert, for example, there's a lot 20 00:01:08,680 --> 00:01:11,039 Speaker 1: of tech involved in that. Maybe I could just talk 21 00:01:11,040 --> 00:01:13,800 Speaker 1: about the tech needed to make sure a band's equipment's 22 00:01:14,040 --> 00:01:18,320 Speaker 1: all working properly. I could talk about sound systems, or lasers, 23 00:01:18,400 --> 00:01:23,400 Speaker 1: or pyrotechnics or all sorts of stuff, but I'm in Vegas, baby, 24 00:01:23,920 --> 00:01:26,240 Speaker 1: And what's more, I'm staying at a hotel that's owned 25 00:01:26,240 --> 00:01:29,840 Speaker 1: by MGM Resorts. So I think the topic to tackle 26 00:01:30,040 --> 00:01:32,840 Speaker 1: is the recent hacker attack on that company. So what 27 00:01:32,959 --> 00:01:36,520 Speaker 1: exactly happened, who is responsible or who do we think 28 00:01:37,000 --> 00:01:40,280 Speaker 1: is responsible, how did it unfold, and what are the 29 00:01:40,319 --> 00:01:43,880 Speaker 1: ongoing consequences. So sit back, folks, it's time to do 30 00:01:43,920 --> 00:01:49,800 Speaker 1: a casino heist podcast episode tech stuff style. Now, Originally 31 00:01:49,840 --> 00:01:53,520 Speaker 1: I thought I do a quick history of MGM Resorts International, 32 00:01:53,640 --> 00:01:56,560 Speaker 1: you know, the company that became the target of the hackers. 33 00:01:57,040 --> 00:02:00,880 Speaker 2: But as it turns out, that company's history is, let's say, 34 00:02:00,880 --> 00:02:05,400 Speaker 2: it's super complicated, and it overlaps the history of MGM Studios, 35 00:02:05,600 --> 00:02:08,800 Speaker 2: the film company, as well as numerous other companies both 36 00:02:09,080 --> 00:02:11,280 Speaker 2: within the gambling world and beyond. 37 00:02:11,840 --> 00:02:14,480 Speaker 1: So rather than go through all of that, which would 38 00:02:14,520 --> 00:02:17,640 Speaker 1: be confusing in an entire episode by itself, I'm just 39 00:02:17,680 --> 00:02:21,840 Speaker 1: gonna kind of give you a summary. So, since the 40 00:02:21,880 --> 00:02:25,160 Speaker 1: mid nineteen eighties, the company that we now call MGM 41 00:02:25,200 --> 00:02:29,040 Speaker 1: Resorts International has had some major ups and downs. It 42 00:02:29,120 --> 00:02:32,639 Speaker 1: has also over time swallowed up other companies that operated 43 00:02:32,680 --> 00:02:36,320 Speaker 1: resorts and casinos in Vegas and in other places. Today, 44 00:02:36,520 --> 00:02:40,840 Speaker 1: MGM Resorts International operates but does not own, numerous resorts 45 00:02:40,840 --> 00:02:44,440 Speaker 1: in Vegas and beyond. Among the Vegas properties are the 46 00:02:44,560 --> 00:02:50,520 Speaker 1: MGM Grand and assorted MGM properties like Park MGM, the Blagio, 47 00:02:51,080 --> 00:02:55,959 Speaker 1: the Aria, the Cosmopolitan New York, New York, Excalibur, the Luxor, 48 00:02:56,320 --> 00:02:59,240 Speaker 1: Mandalay Bay, and some more. And it also has a 49 00:02:59,280 --> 00:03:02,280 Speaker 1: more than forty ownership of the T Mobile Arena, the 50 00:03:02,280 --> 00:03:05,639 Speaker 1: building that is directly in front of me, just the building. However, 51 00:03:05,680 --> 00:03:10,160 Speaker 1: they do not own the land. The company made somewhere 52 00:03:10,160 --> 00:03:14,600 Speaker 1: in the neighborhood of thirteen billion dollars in revenue last year. 53 00:03:14,880 --> 00:03:17,800 Speaker 1: That was an increase from nearly nine point seven billion 54 00:03:17,919 --> 00:03:20,799 Speaker 1: from the year before, and it seems that twenty twenty 55 00:03:20,840 --> 00:03:23,679 Speaker 1: two saw the highest revenues in the company's history so far. 56 00:03:24,040 --> 00:03:27,160 Speaker 1: Of course, revenue is not the same as income. That's 57 00:03:27,280 --> 00:03:30,160 Speaker 1: more to the tune of one point four billion dollars 58 00:03:30,160 --> 00:03:34,119 Speaker 1: for twenty twenty two. That's a lot of money, princely 59 00:03:34,400 --> 00:03:38,280 Speaker 1: sum as I might say they own more than thirty 60 00:03:38,440 --> 00:03:41,920 Speaker 1: billion dollars worth of assets. So, in other words, to 61 00:03:42,280 --> 00:03:48,360 Speaker 1: enterprising thieves, MGM Resorts International is a tempting target. Heck, 62 00:03:48,760 --> 00:03:51,520 Speaker 1: that's the stuff of heist movies, right, except a heist 63 00:03:52,120 --> 00:03:55,000 Speaker 1: is typically a high risk endeavor and it's almost bound 64 00:03:55,040 --> 00:03:58,120 Speaker 1: to fail. Successful heists have happened in the past, even 65 00:03:58,160 --> 00:04:01,480 Speaker 1: in Vegas, but more often not, the house comes out 66 00:04:01,480 --> 00:04:05,760 Speaker 1: on top. Moving the heist into the realm of computer 67 00:04:05,840 --> 00:04:10,120 Speaker 1: systems becomes a different matter. However, it's more likely that 68 00:04:10,160 --> 00:04:12,400 Speaker 1: you can find a way to pull off your crimes 69 00:04:12,440 --> 00:04:15,480 Speaker 1: while you protect yourself. Now, before we move on to 70 00:04:15,560 --> 00:04:18,839 Speaker 1: the actual hacking attack, I also need to mention the 71 00:04:18,920 --> 00:04:24,400 Speaker 1: company Caesar's Entertainment. Like MGM, Caesar's has a really, really 72 00:04:24,440 --> 00:04:28,719 Speaker 1: complicated history. It's filled with mergers and acquisitions and sales 73 00:04:28,760 --> 00:04:33,000 Speaker 1: and even bankruptcies. It gets bonkers. The most recent move 74 00:04:33,080 --> 00:04:35,479 Speaker 1: of that company was in twenty twenty. That's when another 75 00:04:35,520 --> 00:04:40,800 Speaker 1: company called El Dorado Resorts Incorporated acquired Caesar's Entertainment Corporation. 76 00:04:41,360 --> 00:04:45,159 Speaker 1: Then El Dorado Resorts changed its own name to Caesar's Entertainment. 77 00:04:45,560 --> 00:04:47,760 Speaker 1: But there are other companies that are lumped in there. 78 00:04:47,800 --> 00:04:51,479 Speaker 1: As well, like Hera's Entertainment is part of that. Anyway. 79 00:04:51,480 --> 00:04:54,520 Speaker 1: In twenty fifteen, Caesar's went into bankruptcy, and as part 80 00:04:54,520 --> 00:04:56,920 Speaker 1: of the effort to get out of bankruptcy, the company 81 00:04:57,000 --> 00:05:00,039 Speaker 1: split into two entities. One would be a company that 82 00:05:00,040 --> 00:05:04,039 Speaker 1: would actually operate the various resorts and casinos. The other 83 00:05:04,080 --> 00:05:06,760 Speaker 1: would be what is called a real estate investment trust 84 00:05:06,839 --> 00:05:11,599 Speaker 1: or REIT, which would actually own all the properties. To 85 00:05:11,640 --> 00:05:14,320 Speaker 1: get into riits is beyond the scope of the show, 86 00:05:14,320 --> 00:05:18,280 Speaker 1: but y'all, they can be monsters anyway. The spin off 87 00:05:18,480 --> 00:05:23,039 Speaker 1: OREIT took the name VICH after Vinnie vid Vic. You know, 88 00:05:23,120 --> 00:05:27,040 Speaker 1: I came, I saw I conquered, So VICH technically owns 89 00:05:27,080 --> 00:05:31,800 Speaker 1: many nineteen in fact of Caesar's properties. Here's the wild thing. 90 00:05:32,080 --> 00:05:36,680 Speaker 1: Last year VICH acquired ownership of thirteen MGM properties. So 91 00:05:36,800 --> 00:05:40,960 Speaker 1: both Caesar's Entertainment and MGM Resorts International pay rent to 92 00:05:41,040 --> 00:05:44,760 Speaker 1: VICE in order to operate their respective casinos. So you 93 00:05:44,800 --> 00:05:46,880 Speaker 1: want to know what the power behind the throne is, 94 00:05:47,560 --> 00:05:52,120 Speaker 1: look to vch. Anyway, while all those dealings are worthy 95 00:05:52,200 --> 00:05:54,960 Speaker 1: of a deep and engrossing podcast series, this is a 96 00:05:55,040 --> 00:05:59,400 Speaker 1: hint somebody make a podcast series about these real estate 97 00:05:59,440 --> 00:06:04,560 Speaker 1: companies and their involvement in Las Vegas because it is fascinating, 98 00:06:05,000 --> 00:06:07,920 Speaker 1: but our focus should really be on the hacker attacks. Now. 99 00:06:07,960 --> 00:06:10,440 Speaker 1: It is important that I mentioned Caesar's because while the 100 00:06:10,480 --> 00:06:14,080 Speaker 1: attack on MGM's properties was the major attack that's been 101 00:06:14,080 --> 00:06:16,320 Speaker 1: in the news for a couple of weeks, now, those 102 00:06:16,320 --> 00:06:20,120 Speaker 1: same hackers, or at least some of them, first targeted 103 00:06:20,120 --> 00:06:24,120 Speaker 1: Caesar's Entertainment a little earlier. Two of the biggest gambling 104 00:06:24,160 --> 00:06:26,960 Speaker 1: companies in the world have fallen prey to hackers, and 105 00:06:27,040 --> 00:06:30,600 Speaker 1: it appears that the foothold the hackers established came courtesy 106 00:06:30,640 --> 00:06:34,560 Speaker 1: of a third party security firm and also involves a 107 00:06:34,680 --> 00:06:41,240 Speaker 1: very important company in tech, namely Octa. Now, y'all, the 108 00:06:41,279 --> 00:06:43,960 Speaker 1: hacker attack is bad news for MGM, there's no way 109 00:06:44,000 --> 00:06:46,680 Speaker 1: around it. But I would actually argue it could be 110 00:06:46,760 --> 00:06:49,560 Speaker 1: way worse for Octa, at least as far as reputations go. 111 00:06:49,640 --> 00:06:54,160 Speaker 1: And that's because Octa is an identity and access management company. 112 00:06:54,200 --> 00:06:57,880 Speaker 1: This is the company that markets the user authentication system 113 00:06:58,000 --> 00:07:02,000 Speaker 1: that tons of other companies rely upon. With Octa, a 114 00:07:02,040 --> 00:07:06,120 Speaker 1: company can hand over the trickier elements of user authentication. 115 00:07:06,960 --> 00:07:10,120 Speaker 1: So as companies grow more complex, they might add more 116 00:07:10,200 --> 00:07:13,160 Speaker 1: systems that employees rely upon, and it can be a 117 00:07:13,200 --> 00:07:15,679 Speaker 1: hassle if you need a different log in for every 118 00:07:15,720 --> 00:07:19,320 Speaker 1: single service you use. A service like single sign on 119 00:07:19,440 --> 00:07:22,760 Speaker 1: really simplifies things. You have a username and password and 120 00:07:22,800 --> 00:07:25,680 Speaker 1: that gives you access to a suite of different services 121 00:07:26,200 --> 00:07:29,640 Speaker 1: all with just one log in, So you can see 122 00:07:29,640 --> 00:07:33,520 Speaker 1: where the value of that is right well, with Octa, 123 00:07:33,840 --> 00:07:37,360 Speaker 1: a company can hand over all of this and Octa 124 00:07:37,440 --> 00:07:41,240 Speaker 1: handles it, and you pretty much have to just trust 125 00:07:41,280 --> 00:07:45,960 Speaker 1: Octa to be a good steward of this process now. 126 00:07:46,040 --> 00:07:49,600 Speaker 1: Todd McKinnon and Frederick Krist co founded Octa back in 127 00:07:49,640 --> 00:07:51,960 Speaker 1: two thousand and nine. The company has been the focus 128 00:07:52,000 --> 00:07:55,200 Speaker 1: of a couple of security incidences since it's founding. In 129 00:07:55,240 --> 00:07:58,360 Speaker 1: twenty twenty one, a hacker group secured limited access to 130 00:07:58,400 --> 00:08:02,320 Speaker 1: octasystems by compromising a camera network inside the Octa offices, 131 00:08:02,640 --> 00:08:06,440 Speaker 1: specifically a system designed by Verkaida, a company that I 132 00:08:06,440 --> 00:08:09,400 Speaker 1: should probably talk about in a future episode. In early 133 00:08:09,440 --> 00:08:13,320 Speaker 1: twenty twenty two, a different hacker group known as Lapsus 134 00:08:13,360 --> 00:08:16,760 Speaker 1: accessed OCTA's systems. This time, the attack vector was a 135 00:08:16,800 --> 00:08:23,160 Speaker 1: third party support engineer. Lapsus shared information suggesting that the 136 00:08:23,480 --> 00:08:26,120 Speaker 1: data breach was far greater than what Octa was telling 137 00:08:26,200 --> 00:08:29,720 Speaker 1: the public. But Octa executives really held their ground. They 138 00:08:29,720 --> 00:08:31,800 Speaker 1: said that are only around two point five percent of 139 00:08:31,800 --> 00:08:35,800 Speaker 1: OCTA's customers were potentially impacted by this data breach, and 140 00:08:35,840 --> 00:08:39,200 Speaker 1: that the hackers had limited access to customer data. Octa 141 00:08:39,280 --> 00:08:42,160 Speaker 1: said the data breach lasted for less than half an 142 00:08:42,160 --> 00:08:45,720 Speaker 1: hour and it only hit two customers, whereas Lapses claimed 143 00:08:45,760 --> 00:08:49,960 Speaker 1: and maintained a presence in OCTA's systems or this client 144 00:08:50,040 --> 00:08:53,439 Speaker 1: of OCTA's systems for the better part of a week. Now, 145 00:08:53,480 --> 00:08:56,120 Speaker 1: that attack was bad, but it could have been worse, 146 00:08:56,440 --> 00:08:58,720 Speaker 1: And to be totally fair to Octa, it was really 147 00:08:58,760 --> 00:09:01,679 Speaker 1: the third party security person who was at fault for 148 00:09:01,720 --> 00:09:05,559 Speaker 1: the breach. Though I never really saw details on exactly 149 00:09:05,600 --> 00:09:08,160 Speaker 1: what happened with that one, I imagine it was something 150 00:09:08,200 --> 00:09:11,280 Speaker 1: fairly similar to what we are talking about today. So 151 00:09:11,400 --> 00:09:14,640 Speaker 1: let's set the scene. We're not going to go strictly 152 00:09:14,679 --> 00:09:19,079 Speaker 1: chronologically because some information we wouldn't know about until later, 153 00:09:19,600 --> 00:09:21,680 Speaker 1: so we're going to be jumping around a little bit 154 00:09:22,200 --> 00:09:25,520 Speaker 1: for the purposes of our story. Will begin on September tenth, 155 00:09:25,760 --> 00:09:30,480 Speaker 1: twenty twenty three. That day, some folks who were staying 156 00:09:30,520 --> 00:09:34,440 Speaker 1: at MGM Resort International properties began to encounter errors while 157 00:09:34,440 --> 00:09:37,960 Speaker 1: they were trying to interface with various systems connected to 158 00:09:37,960 --> 00:09:43,079 Speaker 1: those properties. The following day, September eleventh, twenty twenty three, 159 00:09:43,120 --> 00:09:46,840 Speaker 1: things got much worse. Players who were members of MGM 160 00:09:46,880 --> 00:09:51,760 Speaker 1: Resort's loyalty program saw that their loyalty features weren't working. 161 00:09:52,360 --> 00:09:56,000 Speaker 1: The websites went down. People staying at MGM properties found 162 00:09:56,000 --> 00:09:59,120 Speaker 1: that their digital keys that they depended on on their smartphones, 163 00:09:59,800 --> 00:10:02,120 Speaker 1: they they weren't working anymore. They couldn't get into their 164 00:10:02,200 --> 00:10:06,440 Speaker 1: rooms using their digital keys. They these effects got worse. 165 00:10:06,520 --> 00:10:08,920 Speaker 1: You know, a lot of video slot machines went offline. 166 00:10:08,960 --> 00:10:12,720 Speaker 1: That was a huge indicator that something really bad had happened. 167 00:10:13,160 --> 00:10:17,680 Speaker 1: Sports betting features were interrupted even ATMs on casino floors 168 00:10:18,160 --> 00:10:22,240 Speaker 1: went out of service. At eleven twenty seven am Eastern Time, 169 00:10:22,800 --> 00:10:26,960 Speaker 1: MGM Resorts posted on x you know, the platform formerly 170 00:10:27,000 --> 00:10:30,559 Speaker 1: known as Twitter, a little message and it read quote 171 00:10:31,040 --> 00:10:36,400 Speaker 1: MGM Resorts recently identified a cybersecurity issue affecting some of 172 00:10:36,440 --> 00:10:40,480 Speaker 1: the company's systems. Promptly after detecting the issue, we quickly 173 00:10:40,520 --> 00:10:45,440 Speaker 1: began an investigation with assistance from leading external cybersecurity experts. 174 00:10:45,760 --> 00:10:48,680 Speaker 1: We also notified law enforcement and took prompt action to 175 00:10:48,679 --> 00:10:52,880 Speaker 1: protect our systems and data, including shutting down certain systems. 176 00:10:53,160 --> 00:10:56,560 Speaker 1: Our investigation is ongoing and we are working diligently to 177 00:10:56,640 --> 00:11:01,200 Speaker 1: determine the nature and scope of the matter. You know 178 00:11:01,240 --> 00:11:07,120 Speaker 1: it's serious when they say that they responded promptly and quickly. 179 00:11:07,400 --> 00:11:09,600 Speaker 1: When you get both of those back to back, you 180 00:11:09,720 --> 00:11:15,200 Speaker 1: know it's a bad, bad time. And what exactly happened, Well, 181 00:11:15,240 --> 00:11:18,640 Speaker 1: i'll tell you after we come back from this quick break. 182 00:11:28,400 --> 00:11:32,280 Speaker 1: All right, we're back. You are listening to tech stuff 183 00:11:32,480 --> 00:11:35,920 Speaker 1: live at the iHeart Podcast Studio powered by Bows at 184 00:11:35,960 --> 00:11:40,600 Speaker 1: the House of Music at the iHeartRadio Music Festival, in 185 00:11:40,679 --> 00:11:44,079 Speaker 1: the house that John built. This is a pretty incredible experience. 186 00:11:44,120 --> 00:11:46,440 Speaker 1: Whenever I look up, I'm just seeing tons of people 187 00:11:47,000 --> 00:11:50,720 Speaker 1: in various trendy outfits wandering around getting ready for the 188 00:11:50,760 --> 00:11:54,080 Speaker 1: festival and hanging out the House of Music. It's pretty cool. Again, 189 00:11:54,120 --> 00:11:55,920 Speaker 1: I feel like I'm totally out of place here, but 190 00:11:56,240 --> 00:11:59,000 Speaker 1: they invited me, so I guess I should just embrace it. 191 00:11:59,440 --> 00:12:02,600 Speaker 1: So we're going to jump back into this cybersecurity incident 192 00:12:02,679 --> 00:12:05,760 Speaker 1: that hit a couple of major gaming and hotel companies 193 00:12:06,040 --> 00:12:11,600 Speaker 1: and dozens of properties so as you might expect, speculation 194 00:12:12,360 --> 00:12:16,320 Speaker 1: ran rampant regarding the nature of the cybersecurity issue that 195 00:12:16,440 --> 00:12:20,280 Speaker 1: MGM Resorts International mentioned. Some thought that it could just 196 00:12:20,320 --> 00:12:23,040 Speaker 1: be a massive systems failure, like you know, maybe some 197 00:12:23,520 --> 00:12:28,920 Speaker 1: key system that connects everything went down. Some people figured 198 00:12:29,160 --> 00:12:31,920 Speaker 1: it had to be a ransomware attack. Lots of folks 199 00:12:31,920 --> 00:12:34,280 Speaker 1: assumed that the issue would receive a ton of coverage 200 00:12:34,320 --> 00:12:39,439 Speaker 1: on certain podcasts. No one mentioned me, which just hurts 201 00:12:39,440 --> 00:12:43,080 Speaker 1: my feelings, and folks were complaining right away about the 202 00:12:43,080 --> 00:12:46,560 Speaker 1: issues they encountered. One x user posted quote, we are 203 00:12:46,679 --> 00:12:50,720 Speaker 1: at one of your resorts. It's pretty widespread. We can't 204 00:12:50,920 --> 00:12:55,199 Speaker 1: check in, pay with card, use comps, receive our gifts, 205 00:12:55,600 --> 00:12:59,120 Speaker 1: get tickets out of machines. End quote. Others claimed they 206 00:12:59,160 --> 00:13:02,720 Speaker 1: had unexplained charges on their bills. Some of these incidents 207 00:13:02,800 --> 00:13:08,400 Speaker 1: happened before September eleventh, so whether they are accurate, or 208 00:13:08,440 --> 00:13:11,280 Speaker 1: maybe they reflect some other issue that's unrelated to this, 209 00:13:11,880 --> 00:13:14,760 Speaker 1: or maybe they're the attempt of cashing in on a 210 00:13:14,800 --> 00:13:17,920 Speaker 1: bigger problem, I can't say. I don't know. I just 211 00:13:18,000 --> 00:13:22,360 Speaker 1: know people reported it. The websites for various MGM resorts, 212 00:13:22,679 --> 00:13:25,920 Speaker 1: as well as the sites for restaurants on MGM properties 213 00:13:26,280 --> 00:13:30,160 Speaker 1: all went down. MGM replaced its website with kind of 214 00:13:30,160 --> 00:13:33,400 Speaker 1: a landing page that directed people to call resorts directly, 215 00:13:33,720 --> 00:13:35,960 Speaker 1: so it just listed each resort and its phone number, 216 00:13:36,200 --> 00:13:38,000 Speaker 1: so you would have to call them on the phone, 217 00:13:38,160 --> 00:13:42,720 Speaker 1: you know, like a caveman. That's a joke. I'm old 218 00:13:42,720 --> 00:13:46,360 Speaker 1: I still call places on occasion. The following day, MGM 219 00:13:46,400 --> 00:13:49,360 Speaker 1: Resorts gave an update saying that much of its services 220 00:13:49,400 --> 00:13:53,400 Speaker 1: were operational, including entertainment, dining, and gaming, but people were 221 00:13:53,440 --> 00:13:56,880 Speaker 1: still encountering issues. There were still problems with slot machines. 222 00:13:57,440 --> 00:13:59,640 Speaker 1: Hand pay became the method to cash out. This is 223 00:13:59,640 --> 00:14:02,160 Speaker 1: when you have to signal for a casino employee to 224 00:14:02,200 --> 00:14:06,080 Speaker 1: come over and count out by hand your winnings rather 225 00:14:06,200 --> 00:14:08,600 Speaker 1: than getting the machine to print out a ticket, and 226 00:14:08,640 --> 00:14:11,040 Speaker 1: you take that ticket to a payout machine feeded in 227 00:14:11,120 --> 00:14:13,680 Speaker 1: and then you get your cash that way. The ATMs 228 00:14:13,920 --> 00:14:17,720 Speaker 1: were still having issues. People still couldn't check in online, 229 00:14:17,760 --> 00:14:20,360 Speaker 1: They could not make a card payment to book a room. 230 00:14:20,560 --> 00:14:23,680 Speaker 1: At that point, lines were forming at the desks of 231 00:14:23,760 --> 00:14:26,920 Speaker 1: various MGM resort properties because you couldn't use your digital 232 00:14:27,000 --> 00:14:28,720 Speaker 1: keys at all, so you couldn't just check in with 233 00:14:28,760 --> 00:14:30,440 Speaker 1: your phone and then use your phone to get into 234 00:14:30,480 --> 00:14:32,160 Speaker 1: your room. You had to go and get a physical 235 00:14:32,440 --> 00:14:36,240 Speaker 1: key card. It was still like an RFID chip key card, 236 00:14:36,280 --> 00:14:38,120 Speaker 1: so you could hold it up to the door and 237 00:14:38,160 --> 00:14:40,040 Speaker 1: it would open, but you had to have one. You 238 00:14:40,040 --> 00:14:42,600 Speaker 1: couldn't just use your phone to do it. So that 239 00:14:42,640 --> 00:14:45,000 Speaker 1: meant everybody had to go and wait in line to 240 00:14:45,040 --> 00:14:48,720 Speaker 1: get a key. On September twelfth, we heard that a 241 00:14:48,720 --> 00:14:53,760 Speaker 1: hacker group called Alpha ALPHV. Actually that's the way they 242 00:14:53,960 --> 00:14:57,280 Speaker 1: style their name. Sometimes they're also called black Cat. We 243 00:14:57,360 --> 00:15:00,520 Speaker 1: heard that they could have been behind the attack. Now, 244 00:15:00,680 --> 00:15:03,960 Speaker 1: the black Cat name actually comes from malware that this 245 00:15:04,000 --> 00:15:08,280 Speaker 1: group has created, you know, some malicious software, ransomware to 246 00:15:08,360 --> 00:15:12,280 Speaker 1: be precise, and Alpha introduced that in late twenty twenty one. 247 00:15:12,360 --> 00:15:16,000 Speaker 1: And here's how an Alpha attack would typically work out. 248 00:15:16,440 --> 00:15:20,080 Speaker 1: So the group would end up collaborating with someone to 249 00:15:20,200 --> 00:15:23,920 Speaker 1: inject the malware into a targeted system. That person might 250 00:15:23,960 --> 00:15:27,760 Speaker 1: be a disgruntled employee of the target. Maybe they're not 251 00:15:27,800 --> 00:15:31,240 Speaker 1: even disgruntled, maybe they're just very greedy. Because Alpha would 252 00:15:31,240 --> 00:15:34,680 Speaker 1: offer up to ninety percent of a ransom to the 253 00:15:34,800 --> 00:15:38,720 Speaker 1: quote unquote affiliate. The affiliate could also be some other 254 00:15:38,800 --> 00:15:42,240 Speaker 1: hacker group that its job is just to gain access 255 00:15:42,280 --> 00:15:45,840 Speaker 1: to a system through some means, and Alpha would provide 256 00:15:45,880 --> 00:15:48,520 Speaker 1: the malware while the other group actually would get access 257 00:15:48,560 --> 00:15:51,120 Speaker 1: to the target. It would become this, you know, this 258 00:15:51,280 --> 00:15:55,000 Speaker 1: collaborative effort. Now, this means the business model for Alpha 259 00:15:55,160 --> 00:15:59,880 Speaker 1: is r a as that stands for ransomware as a serve. 260 00:16:00,800 --> 00:16:05,080 Speaker 1: That as a service trend has gotten out of control, y'all. 261 00:16:05,520 --> 00:16:09,640 Speaker 1: So these hackers, who primarily communicate on Russian language platforms, 262 00:16:10,080 --> 00:16:13,360 Speaker 1: build the tools, but they don't necessarily carry out the 263 00:16:13,400 --> 00:16:18,880 Speaker 1: attacks themselves. They're facilitators. The black cat and malware encrypts 264 00:16:18,920 --> 00:16:22,520 Speaker 1: a target computer system, so it makes it inaccessible to 265 00:16:22,640 --> 00:16:26,680 Speaker 1: the system's rightful owner. So imagine you log into your computer, 266 00:16:27,480 --> 00:16:30,040 Speaker 1: but you find out you can't access anything. All the 267 00:16:30,080 --> 00:16:34,520 Speaker 1: files are encrypted, all the methodologies are encrypted. You can't 268 00:16:34,880 --> 00:16:38,360 Speaker 1: decrypt it, so it's just a brick without the key. 269 00:16:38,760 --> 00:16:41,120 Speaker 1: The data on your machine stays out of your reach. 270 00:16:41,600 --> 00:16:44,240 Speaker 1: And then you see a message, and the message tells 271 00:16:44,280 --> 00:16:47,160 Speaker 1: you that the hackers will give you access back to 272 00:16:47,200 --> 00:16:49,680 Speaker 1: your data. They will give you the decryption key, but 273 00:16:49,920 --> 00:16:54,360 Speaker 1: only if you pay them a ransom. Usually this is 274 00:16:54,560 --> 00:16:59,800 Speaker 1: in the realm of millions of dollars. Typically they ask 275 00:16:59,840 --> 00:17:03,280 Speaker 1: for it in the form of cryptocurrency to avoid being 276 00:17:03,320 --> 00:17:06,680 Speaker 1: traced back to the people responsible. And if you don't 277 00:17:06,720 --> 00:17:10,240 Speaker 1: pay up, the hackers will say either you will not 278 00:17:10,320 --> 00:17:12,760 Speaker 1: get access to your data again, it's just gone, or 279 00:17:12,840 --> 00:17:16,160 Speaker 1: they'll delete it. Sometimes they'll say, all right, we won't 280 00:17:16,160 --> 00:17:17,840 Speaker 1: delete it. Instead, what we're going to do is we're 281 00:17:17,840 --> 00:17:21,320 Speaker 1: going to release all that data on a public platform 282 00:17:21,640 --> 00:17:26,000 Speaker 1: so that anyone and everyone can see what it is. Typically, 283 00:17:26,119 --> 00:17:29,360 Speaker 1: ransomware hackers want to target organizations that have a lot 284 00:17:29,400 --> 00:17:33,080 Speaker 1: of money and a lot of incentive to protect data. Now, 285 00:17:33,119 --> 00:17:37,040 Speaker 1: pretty much every organization has an incentive to protect its 286 00:17:37,119 --> 00:17:41,119 Speaker 1: data at least to some extent. Information is the currency 287 00:17:41,160 --> 00:17:43,879 Speaker 1: of the modern era, after all, and while you can't 288 00:17:43,960 --> 00:17:47,359 Speaker 1: spend information, you can sure affect the value of a 289 00:17:47,440 --> 00:17:52,280 Speaker 1: company by stealing their information. But ransomware hackers typically want 290 00:17:52,320 --> 00:17:58,359 Speaker 1: to target organizations that have access to buckets of cash. 291 00:17:58,520 --> 00:18:04,399 Speaker 1: So prime targets for these hackers ideally fall into a 292 00:18:04,480 --> 00:18:08,239 Speaker 1: couple of categories. If it's a really big company and 293 00:18:08,280 --> 00:18:11,960 Speaker 1: its business depends upon the safe keeping of information, particularly 294 00:18:12,640 --> 00:18:16,600 Speaker 1: really personal information, that ends up being a big target. 295 00:18:17,480 --> 00:18:21,920 Speaker 1: So hospitals and other healthcare companies fall into that category. 296 00:18:22,240 --> 00:18:26,320 Speaker 1: By law, these companies are meant to keep patient data secure. 297 00:18:26,359 --> 00:18:29,359 Speaker 1: There in big trouble if they don't, And obviously any 298 00:18:29,359 --> 00:18:33,320 Speaker 1: healthcare company that fails to live up to that would 299 00:18:33,359 --> 00:18:36,879 Speaker 1: have a massive problem, not just from the government or 300 00:18:36,920 --> 00:18:39,720 Speaker 1: from law enforcement, but you know, they would lose the 301 00:18:40,400 --> 00:18:44,359 Speaker 1: confidence of patients, and patients could have their lives really 302 00:18:44,480 --> 00:18:49,600 Speaker 1: upturned if their personal health information gets shared everywhere. So 303 00:18:49,640 --> 00:18:53,000 Speaker 1: the thinking goes that those companies are more likely to 304 00:18:53,000 --> 00:18:55,160 Speaker 1: pay a ransom in order to make the problem go away. 305 00:18:56,000 --> 00:19:01,520 Speaker 1: That's why ransomware hackers target healthcare companies so frequently. They 306 00:19:01,560 --> 00:19:04,800 Speaker 1: have a very high incentive to get the problem fixed 307 00:19:04,840 --> 00:19:09,200 Speaker 1: as quickly as possible. Well, casinos and resorts definitely fall 308 00:19:09,280 --> 00:19:13,560 Speaker 1: into a similar category. Right first, you've probably heard the 309 00:19:13,560 --> 00:19:17,239 Speaker 1: phrase the house always wins. Well, that phrase references the 310 00:19:17,240 --> 00:19:20,800 Speaker 1: fact that the odds are ever in the favor of 311 00:19:20,840 --> 00:19:25,080 Speaker 1: the house. You might have a good night at the tables, 312 00:19:25,320 --> 00:19:27,320 Speaker 1: and you might leave with more money than you brought 313 00:19:27,359 --> 00:19:30,359 Speaker 1: with you, but lots of other people will end the 314 00:19:30,520 --> 00:19:34,120 Speaker 1: night down with less money than what they started with. 315 00:19:34,480 --> 00:19:37,199 Speaker 1: Or maybe you'll also be down a little bit, and 316 00:19:37,240 --> 00:19:40,280 Speaker 1: other folks will also be down a bit, and some 317 00:19:40,359 --> 00:19:44,080 Speaker 1: of them might be down a lot. All casino games 318 00:19:44,400 --> 00:19:47,439 Speaker 1: favor the house, and that makes sense because if they 319 00:19:47,440 --> 00:19:49,920 Speaker 1: didn't favor the house, then casinos would soon be out 320 00:19:49,920 --> 00:19:54,200 Speaker 1: of business, right So instead, collectively the casinos in Nevada 321 00:19:54,320 --> 00:19:57,600 Speaker 1: can make at least a billion dollars every month. That's 322 00:19:57,760 --> 00:20:01,480 Speaker 1: across all the casinos in Nevada. Some games will give 323 00:20:01,520 --> 00:20:05,399 Speaker 1: you better shot at winning that other games. Blackjack is 324 00:20:05,400 --> 00:20:08,080 Speaker 1: a game that has fairly decent odds, somewhere in the 325 00:20:08,080 --> 00:20:10,760 Speaker 1: neighborhood of forty percent to win. Dealers have about a 326 00:20:10,800 --> 00:20:14,520 Speaker 1: forty nine percent chance to win. And you might think, oh, 327 00:20:14,640 --> 00:20:17,320 Speaker 1: forty nine plus forty's that's not one hundred. Well, that's 328 00:20:17,359 --> 00:20:19,239 Speaker 1: because the rest of the odds kind of cover the 329 00:20:19,280 --> 00:20:21,840 Speaker 1: case where you could have a draw or a push 330 00:20:21,880 --> 00:20:25,520 Speaker 1: where you go to the next hand. Meanwhile, games like 331 00:20:25,840 --> 00:20:28,680 Speaker 1: kino or the Wheel of Fortune, they have some of 332 00:20:28,720 --> 00:20:31,920 Speaker 1: the worst odds in gambling. So that doesn't mean you're 333 00:20:31,960 --> 00:20:36,080 Speaker 1: destined to lose if you play, but the chances are 334 00:20:36,160 --> 00:20:42,640 Speaker 1: pretty darn high. So anyway, this means that casinos make 335 00:20:43,000 --> 00:20:46,200 Speaker 1: a lot of money. If I might elaborate, they make 336 00:20:46,240 --> 00:20:49,160 Speaker 1: a crap ton of money and that puts them firmly 337 00:20:49,240 --> 00:20:52,200 Speaker 1: in one of the categories that ransomware hackers love to target, 338 00:20:52,520 --> 00:20:56,040 Speaker 1: companies that are flush with cash. On top of that, 339 00:20:56,800 --> 00:21:00,000 Speaker 1: these casinos deal with a lot of customer data, whether 340 00:21:00,119 --> 00:21:03,080 Speaker 1: it's someone staying at a resort or a gambler who 341 00:21:03,119 --> 00:21:05,840 Speaker 1: has signed up to participate in a loyalty program, which 342 00:21:05,880 --> 00:21:08,399 Speaker 1: is a pretty frequent thing, because the casinos here have 343 00:21:08,440 --> 00:21:10,480 Speaker 1: lots of incentives to get people to sign up to 344 00:21:10,520 --> 00:21:15,879 Speaker 1: their loyalty programs. You can get gifts, you can redeem credits, 345 00:21:16,280 --> 00:21:19,440 Speaker 1: you can get a free room if you're a frequent 346 00:21:19,520 --> 00:21:22,760 Speaker 1: gambler and you're part of the loyalty program. There are 347 00:21:22,800 --> 00:21:25,399 Speaker 1: a lot of reasons for that. In return, one, the 348 00:21:25,440 --> 00:21:29,000 Speaker 1: casino has a repeat customer, which is very valuable, and two, 349 00:21:29,080 --> 00:21:32,280 Speaker 1: the casino can gather data about the people who visit 350 00:21:32,320 --> 00:21:34,640 Speaker 1: their resorts and learn more about them and thus cater 351 00:21:34,840 --> 00:21:39,239 Speaker 1: to them more and make even more money. So this 352 00:21:39,359 --> 00:21:41,800 Speaker 1: information has value not just because of how it can 353 00:21:41,840 --> 00:21:44,639 Speaker 1: be used to advertise to individuals, that's often what we 354 00:21:44,640 --> 00:21:47,600 Speaker 1: talk about when we talk about data in the modern world, 355 00:21:48,240 --> 00:21:51,240 Speaker 1: but it has value because the customers are trusting the 356 00:21:51,280 --> 00:21:54,439 Speaker 1: casinos with this information. Even if they aren't aware of 357 00:21:54,480 --> 00:21:57,240 Speaker 1: the implications, and so when there is a data breach, 358 00:21:58,000 --> 00:22:01,080 Speaker 1: suddenly customers get very much concerned about that data. It 359 00:22:01,119 --> 00:22:05,040 Speaker 1: affects them directly. If there's the possibility that the customer's 360 00:22:05,040 --> 00:22:09,159 Speaker 1: own finances could be compromised, that's a huge problem for 361 00:22:09,240 --> 00:22:14,159 Speaker 1: both the customer and the casino. So this means casinos 362 00:22:14,160 --> 00:22:18,600 Speaker 1: and resorts are in that sweet spot for ransomware hackers. 363 00:22:19,000 --> 00:22:23,720 Speaker 1: So how did we find out about Alpha's alleged involvement 364 00:22:23,920 --> 00:22:27,960 Speaker 1: with the MGM Resorts International hack. Well, one early statement 365 00:22:28,680 --> 00:22:32,000 Speaker 1: came from the x account, the Twitter account of a 366 00:22:32,040 --> 00:22:36,639 Speaker 1: group called VX Underground. Vx Underground bills itself as the 367 00:22:36,760 --> 00:22:40,800 Speaker 1: largest collection of malware source code, samples and papers on 368 00:22:40,920 --> 00:22:44,400 Speaker 1: the Internet, and they work with lots of researchers, They 369 00:22:44,400 --> 00:22:47,680 Speaker 1: work with hackers, They work with tons of people largely 370 00:22:47,720 --> 00:22:51,880 Speaker 1: to educate about malware. They are rather cheeky, I would 371 00:22:51,920 --> 00:22:55,639 Speaker 1: say they kind of have that cheeky sense of hackers. 372 00:22:56,080 --> 00:23:01,720 Speaker 1: They do not necessarily come across as being buttoned down, 373 00:23:01,840 --> 00:23:07,480 Speaker 1: let's say. So. On September twelfth, VX Underground posted all 374 00:23:07,720 --> 00:23:12,160 Speaker 1: Alpha ransomware group did to compromise MGM Resorts was hop 375 00:23:12,200 --> 00:23:16,440 Speaker 1: on LinkedIn, find an employee, then call the help desk. 376 00:23:16,920 --> 00:23:22,040 Speaker 1: A company valued at thirty three billion, nine hundred million 377 00:23:22,160 --> 00:23:27,920 Speaker 1: dollars was defeated by a ten minute conversation end quote. Now, 378 00:23:28,080 --> 00:23:30,840 Speaker 1: MGM did not comment on this, and as far as 379 00:23:30,880 --> 00:23:34,720 Speaker 1: I'm aware, has never actually referenced their cybersecurity incident as 380 00:23:34,840 --> 00:23:37,720 Speaker 1: an attack, but lots of other folks have not been 381 00:23:37,960 --> 00:23:41,080 Speaker 1: in the mood to mince words, and the information that 382 00:23:41,119 --> 00:23:43,600 Speaker 1: would come out later seem to align with what VX 383 00:23:43,640 --> 00:23:49,200 Speaker 1: Underground was claiming. The attack happened through social engineering. So 384 00:23:49,359 --> 00:23:53,760 Speaker 1: stage one, you learn about the person you're going to impersonate. 385 00:23:53,880 --> 00:23:57,240 Speaker 1: You find someone on LinkedIn who has listed their job 386 00:23:57,280 --> 00:24:01,120 Speaker 1: title and where they work. If you can find someone 387 00:24:01,160 --> 00:24:04,520 Speaker 1: who has a very high profile job title, something that's 388 00:24:04,560 --> 00:24:08,600 Speaker 1: really high up in an organization, that's potentially much better, 389 00:24:08,920 --> 00:24:10,720 Speaker 1: or if it's not high up, at least someone who 390 00:24:10,760 --> 00:24:14,400 Speaker 1: works within the IT department, because that typically means you're 391 00:24:14,440 --> 00:24:16,440 Speaker 1: going to find someone who has a lot of access 392 00:24:16,480 --> 00:24:19,760 Speaker 1: to the systems if you're able to compromise their account. Now, 393 00:24:19,760 --> 00:24:24,040 Speaker 1: I've talked about social engineering a ton on this show, 394 00:24:24,760 --> 00:24:28,119 Speaker 1: how it is a huge part of hacking. See if 395 00:24:28,119 --> 00:24:30,240 Speaker 1: you've got a system that is at least in theory, 396 00:24:30,600 --> 00:24:33,840 Speaker 1: really well secured. Your best bet of infiltrating the system 397 00:24:33,920 --> 00:24:37,640 Speaker 1: is to target a vulnerability. And sometimes you find out 398 00:24:37,680 --> 00:24:40,520 Speaker 1: about technical vulnerability, right. You might find out that there's 399 00:24:40,520 --> 00:24:43,560 Speaker 1: a vulnerability in some software that a company is dependent upon, 400 00:24:43,880 --> 00:24:48,680 Speaker 1: and by targeting that software vulnerability, you can penetrate the system. 401 00:24:48,720 --> 00:24:50,399 Speaker 1: You can gain access to it, you can get a 402 00:24:50,400 --> 00:24:54,240 Speaker 1: foothold there, and if you're really good, or really quick 403 00:24:54,600 --> 00:24:58,280 Speaker 1: and or really lucky, you can exploit that vulnerability and 404 00:24:58,320 --> 00:25:01,600 Speaker 1: then you're in. Obviously, there's way more to it than that. 405 00:25:01,680 --> 00:25:03,560 Speaker 1: I mean, just because you get access doesn't mean that 406 00:25:03,600 --> 00:25:06,119 Speaker 1: you can do anything, and even if you can do something, 407 00:25:06,160 --> 00:25:08,359 Speaker 1: you might get found out before you're able to really 408 00:25:08,400 --> 00:25:10,880 Speaker 1: do a lot of damage. But you get the idea. 409 00:25:10,960 --> 00:25:13,119 Speaker 1: That's one method of penetrating a secure system, as you 410 00:25:13,160 --> 00:25:17,119 Speaker 1: target a vulnerability in some software. But another way is 411 00:25:17,160 --> 00:25:19,520 Speaker 1: not to worry about the tech side that much at all. 412 00:25:19,760 --> 00:25:23,280 Speaker 1: You target people. You look at people who have access 413 00:25:23,800 --> 00:25:28,840 Speaker 1: to the system you want to infiltrate. People are frequently, 414 00:25:29,359 --> 00:25:33,679 Speaker 1: in fact almost always, I would say, the weakest point 415 00:25:34,040 --> 00:25:37,920 Speaker 1: of a security system. If you can convince someone who 416 00:25:38,000 --> 00:25:43,159 Speaker 1: has access to hand that access over you're in. Maybe 417 00:25:43,280 --> 00:25:47,240 Speaker 1: you outright trick the person, Maybe you pose as someone 418 00:25:47,320 --> 00:25:51,159 Speaker 1: in authority, or maybe someone who needs help, and you 419 00:25:51,200 --> 00:25:54,159 Speaker 1: convince them to do something they absolutely shouldn't do. As 420 00:25:54,200 --> 00:25:57,560 Speaker 1: it turns out most of us anyway, if we are 421 00:25:58,280 --> 00:26:01,720 Speaker 1: presented with someone who who is saying that they really 422 00:26:01,800 --> 00:26:05,400 Speaker 1: need help, they're in desperate need of some assistance, we 423 00:26:05,480 --> 00:26:07,960 Speaker 1: want to try and be the person to give them 424 00:26:07,960 --> 00:26:11,080 Speaker 1: that assistance. It's not universally true, but it's true often 425 00:26:11,200 --> 00:26:15,880 Speaker 1: enough that this approach works a lot. Or maybe instead 426 00:26:15,920 --> 00:26:18,919 Speaker 1: you actually are promising this person a cut of the money. 427 00:26:19,280 --> 00:26:22,240 Speaker 1: Maybe you're counting on their greed to push them into 428 00:26:22,280 --> 00:26:24,520 Speaker 1: granting you access. If you target someone who has a 429 00:26:24,560 --> 00:26:29,320 Speaker 1: lot of administrative access to a system but they are 430 00:26:29,359 --> 00:26:33,160 Speaker 1: not in a high paying job, sometimes just promising them that, 431 00:26:33,520 --> 00:26:37,439 Speaker 1: you know, sweet cold hard cash is enough to let 432 00:26:37,520 --> 00:26:41,680 Speaker 1: them be kind of a conspirator on your side. Now, 433 00:26:41,720 --> 00:26:44,080 Speaker 1: in this case, it seemed that someone talked to a 434 00:26:44,119 --> 00:26:48,440 Speaker 1: third party IT staffer, and as part of that conversation, 435 00:26:48,840 --> 00:26:52,240 Speaker 1: they convinced the IT staffer to reset some multi factor 436 00:26:52,280 --> 00:26:55,600 Speaker 1: authentication settings so that the hackers could gain access to 437 00:26:55,640 --> 00:26:57,560 Speaker 1: a single sign on system. You know, the kind of 438 00:26:57,560 --> 00:27:02,040 Speaker 1: stuff that ACTA provides out. I'm guessing a lot of 439 00:27:02,080 --> 00:27:04,399 Speaker 1: you know that there are different levels of access with 440 00:27:04,480 --> 00:27:08,000 Speaker 1: computer systems, whether we're talking about a network or even 441 00:27:08,080 --> 00:27:12,560 Speaker 1: just a single computer. So, for example, a user typically 442 00:27:12,640 --> 00:27:16,040 Speaker 1: has limited access to a computer or a system. They 443 00:27:16,119 --> 00:27:19,280 Speaker 1: might be able to do stuff like open specific programs 444 00:27:19,280 --> 00:27:21,960 Speaker 1: and call up files and that kind of thing, but 445 00:27:22,080 --> 00:27:25,400 Speaker 1: to make actual changes to the computer, the user might 446 00:27:25,480 --> 00:27:29,680 Speaker 1: need administrator access, while other levels of access come with 447 00:27:29,720 --> 00:27:35,320 Speaker 1: specific permissions, and administrator level access has no such restrictions. 448 00:27:35,359 --> 00:27:38,840 Speaker 1: And so the attackers wanted two target accounts that would 449 00:27:38,880 --> 00:27:42,280 Speaker 1: have the highest administrator access to systems to have as 450 00:27:42,359 --> 00:27:46,920 Speaker 1: much opportunity to do whatever they wanted as they could. 451 00:27:47,280 --> 00:27:52,480 Speaker 1: So on September fourteenth, news broke that Caesar's Entertainment had 452 00:27:52,640 --> 00:27:56,679 Speaker 1: also been the target of a ransomware attack. The company 453 00:27:56,680 --> 00:27:59,720 Speaker 1: had filed a report with the SEC on September seventh. 454 00:28:00,280 --> 00:28:04,840 Speaker 1: In that report, the company leads with Caesar's Entertainment Incorporated. 455 00:28:05,359 --> 00:28:10,280 Speaker 1: The company we or are because it's a unofficial filing, 456 00:28:11,600 --> 00:28:16,720 Speaker 1: recently identified suspicious activity in its information technology network resulting 457 00:28:16,760 --> 00:28:21,240 Speaker 1: from a social engineering attack on an outsourced IT support 458 00:28:21,320 --> 00:28:26,040 Speaker 1: vendor used by the company. Our customer facing operations, including 459 00:28:26,119 --> 00:28:29,840 Speaker 1: our physical properties and our online and mobile gaming applications, 460 00:28:30,119 --> 00:28:34,280 Speaker 1: have not been impacted by this incident and continue without 461 00:28:34,280 --> 00:28:37,639 Speaker 1: disruption end quote. So that's a big difference between the 462 00:28:37,720 --> 00:28:41,800 Speaker 1: Caesar's attack and what happened at MGM. The report goes 463 00:28:41,800 --> 00:28:44,440 Speaker 1: on to say that an investigation determined that the hackers 464 00:28:44,440 --> 00:28:50,840 Speaker 1: were able to access information in Caesar's Entertainment's loyalty program interface. Obviously, 465 00:28:50,880 --> 00:28:54,640 Speaker 1: that includes customer information, including stuff like driver's license numbers 466 00:28:54,680 --> 00:28:58,200 Speaker 1: and or social security numbers. If you enroll in these, 467 00:28:58,240 --> 00:29:01,200 Speaker 1: you typically have to allow them to make a copy 468 00:29:01,480 --> 00:29:04,040 Speaker 1: of things like your driver's license in order to get 469 00:29:04,080 --> 00:29:08,280 Speaker 1: the benefits of the loyalty program. Now that's clearly a 470 00:29:08,400 --> 00:29:11,200 Speaker 1: risk for things like identity theft. They said there was 471 00:29:11,240 --> 00:29:13,560 Speaker 1: no evidence that the hackers were able to access things 472 00:29:13,600 --> 00:29:17,400 Speaker 1: like passwords, bank account information, or payment card information, so 473 00:29:17,440 --> 00:29:22,000 Speaker 1: that's good, but the identity theft issue is still a 474 00:29:22,000 --> 00:29:25,920 Speaker 1: big concern. They did say they would offer credit monitoring 475 00:29:26,000 --> 00:29:28,720 Speaker 1: to all members of the loyalty program and that it 476 00:29:28,760 --> 00:29:32,240 Speaker 1: had already taken steps quote to ensure that the stolen 477 00:29:32,360 --> 00:29:37,200 Speaker 1: data is deleted by the unauthorized actor end quote. So 478 00:29:37,240 --> 00:29:40,000 Speaker 1: how do they make sure that this data gets deleted 479 00:29:40,040 --> 00:29:43,400 Speaker 1: by a party they have no control over. Most folks 480 00:29:43,400 --> 00:29:48,040 Speaker 1: interpreted that to mean that Caesar's had paid the ransom. Now, 481 00:29:48,080 --> 00:29:50,760 Speaker 1: the rumor mill said that the hackers were asking for 482 00:29:50,880 --> 00:29:54,719 Speaker 1: thirty million dollars and in return they would pinky swear 483 00:29:55,080 --> 00:29:58,920 Speaker 1: that they would delete the stolen data. Caesar's ultimately agreed 484 00:29:58,960 --> 00:30:07,360 Speaker 1: to pay fifty fifteen million dollars to delete information yaoza. 485 00:30:07,440 --> 00:30:12,240 Speaker 1: By the way, fifteen million dollars means that technically this 486 00:30:12,280 --> 00:30:18,120 Speaker 1: would have been the second most successful casino heist that 487 00:30:18,240 --> 00:30:21,240 Speaker 1: I have ever encountered. And granted, it's not quite the 488 00:30:21,280 --> 00:30:24,960 Speaker 1: same as a casino heist, but then number one really 489 00:30:25,040 --> 00:30:27,080 Speaker 1: isn't either. I'll talk more about that toward the end 490 00:30:27,080 --> 00:30:30,080 Speaker 1: of this episode. In fact, we'll talk a lot more 491 00:30:30,240 --> 00:30:33,280 Speaker 1: about the hackers and what they did. But we're going 492 00:30:33,360 --> 00:30:46,560 Speaker 1: to take another quick break. Okay, we're back. You're listening 493 00:30:46,600 --> 00:30:49,240 Speaker 1: to Tech Stuff live at the iHeart Podcast Studio powered 494 00:30:49,240 --> 00:30:52,880 Speaker 1: by Bose at the House of Music at the iHeartRadio 495 00:30:53,240 --> 00:30:57,320 Speaker 1: Music Festival. All right, Moving forward a little bit more. 496 00:30:57,360 --> 00:31:01,640 Speaker 1: Around September fifteenth, a different hacker group called Scattered Spider 497 00:31:01,880 --> 00:31:07,200 Speaker 1: claimed responsibility for the MGM attack but not the Caesars attack. 498 00:31:08,000 --> 00:31:12,440 Speaker 1: VX Underground referred to Scattered Spider as a subgroup. According 499 00:31:12,440 --> 00:31:16,920 Speaker 1: to numerous sources, this group mostly consists of young hackers 500 00:31:17,000 --> 00:31:21,160 Speaker 1: think like seventeen to twenty two who live in places 501 00:31:21,240 --> 00:31:23,400 Speaker 1: like the United States and the United Kingdom. They appear 502 00:31:23,480 --> 00:31:27,320 Speaker 1: to be native English speakers or extremely fluent English speakers, 503 00:31:27,720 --> 00:31:31,600 Speaker 1: and they have a reputation for being very very good 504 00:31:32,040 --> 00:31:37,680 Speaker 1: at social engineering. Scattered Spider is suspected of using tools 505 00:31:37,720 --> 00:31:42,080 Speaker 1: like phishing websites in addition to social engineering, so they 506 00:31:42,640 --> 00:31:45,360 Speaker 1: typically will direct someone to a login page that looks 507 00:31:45,360 --> 00:31:47,480 Speaker 1: like it's a legit page, but in fact it allows 508 00:31:47,520 --> 00:31:51,440 Speaker 1: the hackers to fish for credentials. As for multi factor authentication, 509 00:31:52,480 --> 00:31:55,000 Speaker 1: calling an it helped us to reset MFA is an 510 00:31:55,040 --> 00:31:57,760 Speaker 1: effective way to get around that. There's also SIM cards 511 00:31:57,800 --> 00:32:01,680 Speaker 1: swapping that they've done, where they've convinced phone companies to 512 00:32:01,720 --> 00:32:05,280 Speaker 1: swap a digital SIM card to a different device. They 513 00:32:05,400 --> 00:32:10,840 Speaker 1: pose as a customer and then they talk the telecommunications 514 00:32:10,840 --> 00:32:13,600 Speaker 1: wrap on the other end of the line to change 515 00:32:13,600 --> 00:32:17,320 Speaker 1: a SIM card setting, which then gives them the ability 516 00:32:17,360 --> 00:32:20,400 Speaker 1: to access things like multi factor authentication when the code 517 00:32:20,400 --> 00:32:24,640 Speaker 1: gets sent Instead of going to the valid person, it 518 00:32:24,720 --> 00:32:26,760 Speaker 1: goes to their phone number, which has now been switched 519 00:32:26,800 --> 00:32:31,400 Speaker 1: to a different phones simcard very nefarious. Now, you might 520 00:32:31,480 --> 00:32:35,840 Speaker 1: wonder about resetting multi factor authentication why anyone would even 521 00:32:35,960 --> 00:32:37,880 Speaker 1: agree to do that in the first place. I mean, 522 00:32:37,880 --> 00:32:40,120 Speaker 1: the whole point of multi factor authentication is to have 523 00:32:40,720 --> 00:32:45,840 Speaker 1: multiple ways of authenticating a person's identity. But with just 524 00:32:45,880 --> 00:32:48,040 Speaker 1: a little thinking it becomes clear. So let's say that 525 00:32:48,200 --> 00:32:51,400 Speaker 1: you call into an IT help desk and you claim 526 00:32:51,640 --> 00:32:54,800 Speaker 1: that you can no longer access your work account because 527 00:32:54,840 --> 00:32:58,360 Speaker 1: you recently changed phone numbers. So that means that when 528 00:32:58,360 --> 00:33:01,400 Speaker 1: you try to log in, you get a text message 529 00:33:01,520 --> 00:33:04,600 Speaker 1: sent to your old phone number and you can't receive it. 530 00:33:05,560 --> 00:33:08,920 Speaker 1: So you are talking with them saying, I need you 531 00:33:09,000 --> 00:33:11,680 Speaker 1: to switch this because I still have my username, I 532 00:33:11,680 --> 00:33:14,120 Speaker 1: still have my password, but I can't get access because 533 00:33:14,160 --> 00:33:16,560 Speaker 1: I no longer have that phone and I need to 534 00:33:16,600 --> 00:33:19,760 Speaker 1: be able to access my work, So you ask for 535 00:33:19,800 --> 00:33:23,840 Speaker 1: a reset. Maybe you have a lot of information about 536 00:33:23,960 --> 00:33:26,840 Speaker 1: the person that you're posing as so as you can 537 00:33:26,880 --> 00:33:29,560 Speaker 1: convince the person on the other end of the phone 538 00:33:29,600 --> 00:33:32,560 Speaker 1: call that you're legitimate. Again, that's what you do with 539 00:33:32,640 --> 00:33:36,240 Speaker 1: the investigation. When you're using LinkedIn to learn a little 540 00:33:36,240 --> 00:33:41,080 Speaker 1: bit about your kind of patsy if you will, Maybe 541 00:33:41,600 --> 00:33:44,160 Speaker 1: you just sound really clueless and stressed and you just 542 00:33:44,240 --> 00:33:46,760 Speaker 1: trigger the I person's desire to help you get out 543 00:33:46,760 --> 00:33:49,400 Speaker 1: of the tight spot. Like I said, most of us 544 00:33:49,480 --> 00:33:52,800 Speaker 1: typically want to help someone when they are really struggling. 545 00:33:53,480 --> 00:33:56,080 Speaker 1: They reset the MFA on the account, They put a 546 00:33:56,120 --> 00:33:59,360 Speaker 1: new phone number in that phone that you happen to control, 547 00:33:59,360 --> 00:34:00,800 Speaker 1: and now you don't have to worry about that multi 548 00:34:00,800 --> 00:34:05,360 Speaker 1: factor authentication process anymore. So I want to be clear, 549 00:34:05,480 --> 00:34:08,640 Speaker 1: Scattered Spider, these are not script kiddies, right. These are 550 00:34:08,680 --> 00:34:11,680 Speaker 1: not people who just download some code and then they 551 00:34:11,719 --> 00:34:14,680 Speaker 1: make use of it. They have an understanding of how 552 00:34:14,840 --> 00:34:18,080 Speaker 1: computer and cloud systems work. They have an understanding how 553 00:34:18,120 --> 00:34:23,160 Speaker 1: the underlying businesses work. They do their homework. By knowing 554 00:34:23,200 --> 00:34:27,160 Speaker 1: how these businesses work, they know how to target and 555 00:34:27,280 --> 00:34:30,440 Speaker 1: make their social engineering efforts have the best chance for success. 556 00:34:30,600 --> 00:34:32,480 Speaker 1: So I want to be clear, like they are good 557 00:34:32,480 --> 00:34:35,359 Speaker 1: at what they do. They're not just fast talkers. They 558 00:34:35,880 --> 00:34:39,800 Speaker 1: know their stuff. So it's possible that they were involved 559 00:34:39,840 --> 00:34:42,359 Speaker 1: in one or maybe even both of the attacks, though 560 00:34:42,360 --> 00:34:46,160 Speaker 1: again they weren't claiming that. However, Alpha has also claimed 561 00:34:46,200 --> 00:34:48,959 Speaker 1: responsibility for the MGM attack, and they argued that any 562 00:34:49,000 --> 00:34:53,480 Speaker 1: reports stating it was teenagers were inaccurate and based on rumors. 563 00:34:54,200 --> 00:34:56,640 Speaker 1: There was another rumor that Alpha was very quick to 564 00:34:56,680 --> 00:35:00,480 Speaker 1: deny that was reported in at least some outlets that 565 00:35:00,600 --> 00:35:03,800 Speaker 1: had to do with slot machines. So, according to this rumor, 566 00:35:03,800 --> 00:35:06,520 Speaker 1: and I love this rumor, but according to this rumor, 567 00:35:06,560 --> 00:35:11,560 Speaker 1: Scattered Spider originally wanted to essentially reprogram slot machines so 568 00:35:11,600 --> 00:35:14,799 Speaker 1: that they just started to pay out cash, kind of 569 00:35:14,960 --> 00:35:18,040 Speaker 1: like a scene that's in you know, The Ocean's Eleven movies, 570 00:35:18,480 --> 00:35:20,839 Speaker 1: Except this would mean that the slot machines would sort 571 00:35:20,840 --> 00:35:23,720 Speaker 1: of spit out tickets, kind of like receipts with winnings 572 00:35:23,719 --> 00:35:26,799 Speaker 1: on them. The rumor goes that the hackers found this 573 00:35:26,880 --> 00:35:29,080 Speaker 1: wasn't really possible. In fact, one of the rumors said 574 00:35:29,080 --> 00:35:31,560 Speaker 1: that the person who was making this suggestion hadn't even 575 00:35:31,600 --> 00:35:34,160 Speaker 1: seen The Ocean's Eleven movies, So they were just talking 576 00:35:34,160 --> 00:35:36,600 Speaker 1: about something they had heard of and wanted to try. 577 00:35:37,200 --> 00:35:39,040 Speaker 1: And when they found out that it wasn't going to 578 00:35:39,080 --> 00:35:41,000 Speaker 1: be as easy as they thought, they moved on to 579 00:35:41,200 --> 00:35:45,799 Speaker 1: just steal data from the computer systems. Now, Alpha categorically 580 00:35:45,840 --> 00:35:50,520 Speaker 1: says this story is totally false, it's completely fiction, and 581 00:35:50,560 --> 00:35:54,520 Speaker 1: that it somehow got you know, circulated among news outlets. 582 00:35:54,920 --> 00:36:00,640 Speaker 1: What's the truth, dawn't know. Back to OCTO, So, David Bradbury, 583 00:36:00,920 --> 00:36:04,440 Speaker 1: the CEO of OCTA, has said that social engineering attacks 584 00:36:04,520 --> 00:36:08,080 Speaker 1: are at the root of five OCTA clients who have 585 00:36:08,160 --> 00:36:13,080 Speaker 1: recently found themselves compromised by ransomware attacks, and that Caesar's 586 00:36:13,200 --> 00:36:15,840 Speaker 1: Entertainment and MGM Resorts are two of those five, but 587 00:36:16,120 --> 00:36:19,760 Speaker 1: he hasn't named the other three. He also referenced Scattered 588 00:36:19,760 --> 00:36:23,839 Speaker 1: Spider and Alpha as business associates or affiliates, suggesting that 589 00:36:24,560 --> 00:36:27,560 Speaker 1: at least some of the hacks of OCTA clients are 590 00:36:27,600 --> 00:36:32,560 Speaker 1: the product of cooperation between these two groups. So this 591 00:36:32,600 --> 00:36:35,439 Speaker 1: story is still unfolding as a record here in Las 592 00:36:35,560 --> 00:36:38,839 Speaker 1: Vegas right now. Currently, MGM Resorts International says that all 593 00:36:38,880 --> 00:36:41,760 Speaker 1: operations are back to normal, that's how everything's being reported, 594 00:36:42,680 --> 00:36:47,320 Speaker 1: and that it's continuing to investigate the quote unquote cybersecurity issue, 595 00:36:47,480 --> 00:36:50,880 Speaker 1: that the FBI is involved, and that they're taking this 596 00:36:51,000 --> 00:36:54,080 Speaker 1: very seriously. There are concerns that these attacks will have 597 00:36:54,120 --> 00:36:56,680 Speaker 1: a hefty impact on the value of both MGM and 598 00:36:56,680 --> 00:37:01,640 Speaker 1: Caesar's Entertainment. It's certainly had an impact on MGM's ability 599 00:37:01,719 --> 00:37:06,400 Speaker 1: to generate revenue while all this was going on. Loyalty 600 00:37:06,440 --> 00:37:10,160 Speaker 1: program members should probably sign up for credit monitoring because 601 00:37:10,800 --> 00:37:13,640 Speaker 1: a lot of their personal information is stored in those systems, 602 00:37:13,680 --> 00:37:16,480 Speaker 1: and it sounds like hackers got access to all of 603 00:37:16,480 --> 00:37:20,319 Speaker 1: that stuff. So credit monitoring is not a bad idea 604 00:37:20,360 --> 00:37:22,880 Speaker 1: if you want to make sure that your information hasn't 605 00:37:22,920 --> 00:37:25,759 Speaker 1: just started been trading around on the dark web and 606 00:37:25,800 --> 00:37:28,520 Speaker 1: people start like taking out credit cards under your name, 607 00:37:28,560 --> 00:37:31,799 Speaker 1: that kind of thing. So probably a good idea at 608 00:37:31,880 --> 00:37:36,000 Speaker 1: least to keep an eye on your credit. It's easier 609 00:37:36,040 --> 00:37:39,120 Speaker 1: if you do sign up for credit monitoring, but you 610 00:37:39,200 --> 00:37:41,680 Speaker 1: can do it on your own if you're really diligent 611 00:37:41,719 --> 00:37:46,319 Speaker 1: about it. But yeah, scary stuff. I'll also say this, 612 00:37:46,920 --> 00:37:49,919 Speaker 1: So I've been staying at the Aria, like I said, 613 00:37:49,920 --> 00:37:54,160 Speaker 1: which is an MGM Resorts property, and have encountered some 614 00:37:54,320 --> 00:37:57,480 Speaker 1: technical glitches which may or may not have any connection 615 00:37:57,600 --> 00:38:00,120 Speaker 1: to the hackers. According to the people I spoke with, 616 00:38:01,360 --> 00:38:05,600 Speaker 1: they recently used a new computer system and brought it 617 00:38:05,640 --> 00:38:09,359 Speaker 1: online and that the issues they're running into may very 618 00:38:09,360 --> 00:38:11,520 Speaker 1: well just be working the bugs out of a new 619 00:38:11,560 --> 00:38:15,200 Speaker 1: system and have nothing to do with the hackers at all. 620 00:38:15,239 --> 00:38:19,680 Speaker 1: But what I will say is that they have connected 621 00:38:20,000 --> 00:38:24,080 Speaker 1: essentially all room controls through an Internet interface, and you 622 00:38:24,120 --> 00:38:27,840 Speaker 1: can use a tablet or I assume an app to 623 00:38:27,880 --> 00:38:31,560 Speaker 1: be able to access those things. But when I got 624 00:38:31,560 --> 00:38:34,840 Speaker 1: to my room, what I found was that I could 625 00:38:34,840 --> 00:38:38,279 Speaker 1: not close the curtain on the window. I could not 626 00:38:38,480 --> 00:38:42,279 Speaker 1: turn off the lights in my room, none of the 627 00:38:42,280 --> 00:38:45,200 Speaker 1: buttons worked. The tablet that was part of the room 628 00:38:45,560 --> 00:38:48,600 Speaker 1: would not connect. I did not want to use the 629 00:38:48,640 --> 00:38:51,440 Speaker 1: app for reasons that I think should be pretty obvious. 630 00:38:52,520 --> 00:38:55,799 Speaker 1: And so again I don't want to say that that's 631 00:38:55,840 --> 00:38:58,960 Speaker 1: part of the hacker attack, but it was unfortunate to 632 00:38:59,040 --> 00:39:02,560 Speaker 1: have that's of experience right on the tail end of 633 00:39:03,040 --> 00:39:08,480 Speaker 1: this hacker issue. It's it's concerning, and it's one of 634 00:39:08,480 --> 00:39:11,239 Speaker 1: those things that will continuously come up. Another thing I 635 00:39:11,239 --> 00:39:14,800 Speaker 1: will say this again not directly connected to the hacker attack, 636 00:39:14,840 --> 00:39:19,160 Speaker 1: but just something that I observed. The Wi Fi in 637 00:39:19,239 --> 00:39:24,440 Speaker 1: that hotel is an open Wi Fi connection, like you 638 00:39:24,480 --> 00:39:26,440 Speaker 1: can just connect to it and you you know, you 639 00:39:26,480 --> 00:39:29,400 Speaker 1: do a little sign on on a web landing page, 640 00:39:29,960 --> 00:39:34,319 Speaker 1: but then you're connected. There's no password security on the 641 00:39:34,360 --> 00:39:37,640 Speaker 1: Wi Fi network at all, And I gotta tell you, 642 00:39:37,960 --> 00:39:42,000 Speaker 1: if you are a major hotel that has just been 643 00:39:42,120 --> 00:39:46,320 Speaker 1: the target of a massive ransomware attack, maybe you should 644 00:39:46,400 --> 00:39:49,680 Speaker 1: start offering a password protected Wi Fi network. I'll tell 645 00:39:49,719 --> 00:39:51,879 Speaker 1: you this, I won't connect to it unless I'm using 646 00:39:51,920 --> 00:39:56,560 Speaker 1: a VPN. I just refuse to do it. They may 647 00:39:56,600 --> 00:39:59,680 Speaker 1: be perfectly safe, but it might not be with an 648 00:39:59,680 --> 00:40:03,319 Speaker 1: open network like that. And a recent attack in not 649 00:40:03,480 --> 00:40:07,280 Speaker 1: even a week old at this point, there were still 650 00:40:07,320 --> 00:40:11,920 Speaker 1: issues unfolding this past week. Don't do it, so yeah, 651 00:40:12,040 --> 00:40:15,920 Speaker 1: interesting observations. As for moving forward, I think these attacks 652 00:40:15,960 --> 00:40:18,960 Speaker 1: are the most recent reminders that organizations have to make 653 00:40:19,000 --> 00:40:22,279 Speaker 1: some really big decisions about cybersecurity now. Part of that 654 00:40:22,360 --> 00:40:26,120 Speaker 1: really involves an ongoing educational approach that reinforces how to 655 00:40:26,239 --> 00:40:31,320 Speaker 1: spot social engineering and phishing schemes and why it's important 656 00:40:31,320 --> 00:40:34,600 Speaker 1: not to share credentials or to act on suspicious emails 657 00:40:34,640 --> 00:40:38,960 Speaker 1: or phone calls. This is particularly true for people who 658 00:40:39,000 --> 00:40:42,359 Speaker 1: are working in positions that have administrative level access to 659 00:40:42,400 --> 00:40:46,120 Speaker 1: certain computer systems within an organization. If we count the 660 00:40:46,239 --> 00:40:49,320 Speaker 1: ransom that Caesar is allegedly paid to have sensitive customer 661 00:40:49,400 --> 00:40:52,359 Speaker 1: data deleted as a heist. Like I said, it would 662 00:40:52,360 --> 00:40:54,759 Speaker 1: be the second biggest casino heist in history from what 663 00:40:54,800 --> 00:40:57,680 Speaker 1: I can tell, at least from a monetary standpoint. If 664 00:40:57,680 --> 00:40:59,719 Speaker 1: you're wondering what is the number one well that goes 665 00:40:59,719 --> 00:41:03,799 Speaker 1: to a kiwi? A New Zealander named James Manning, who 666 00:41:03,800 --> 00:41:07,120 Speaker 1: would the help of a casino services manager, managed to 667 00:41:07,239 --> 00:41:12,080 Speaker 1: cheat his way to thirty three million dollars by cheating 668 00:41:12,080 --> 00:41:18,359 Speaker 1: at blackjack. So supposedly he and this casino employee were 669 00:41:18,440 --> 00:41:22,560 Speaker 1: able to breach the security camera system and they used 670 00:41:23,360 --> 00:41:26,320 Speaker 1: things like hand signals and stuff in order to cheat 671 00:41:26,360 --> 00:41:30,880 Speaker 1: on eight successive hands of blackjack that ultimately resulted in 672 00:41:30,920 --> 00:41:36,000 Speaker 1: thirty three million dollars of winnings. Manning was confronted and 673 00:41:36,040 --> 00:41:40,160 Speaker 1: then by casino security, and then he was banned from 674 00:41:40,200 --> 00:41:44,239 Speaker 1: the Crown Casino in Melbourne, Australia after they picked up 675 00:41:44,239 --> 00:41:48,200 Speaker 1: on the scam, and fortunately before the casino had actually 676 00:41:48,239 --> 00:41:51,799 Speaker 1: credited him most of his winnings so he didn't walk 677 00:41:51,800 --> 00:41:55,520 Speaker 1: away with thirty three million dollars. The casino chose to 678 00:41:55,560 --> 00:41:59,040 Speaker 1: keep this matter quiet rather than suffer embarrassment by admitting 679 00:42:00,080 --> 00:42:03,640 Speaker 1: that they got taken for thirty million. This was made 680 00:42:03,680 --> 00:42:06,440 Speaker 1: a little more complicated because Manning was supposed to participate 681 00:42:06,480 --> 00:42:09,080 Speaker 1: in a PR stunt later in that week. He was 682 00:42:09,120 --> 00:42:15,480 Speaker 1: supposed to order an outrageously expensive cocktail called the Winston. 683 00:42:16,480 --> 00:42:21,480 Speaker 1: The Winston was priced at twelve thousand, five hundred dollars 684 00:42:21,960 --> 00:42:25,239 Speaker 1: for a single cocktail. The casino had even promoted that 685 00:42:25,400 --> 00:42:27,800 Speaker 1: this was going to happen, so this was going to 686 00:42:27,840 --> 00:42:30,440 Speaker 1: be like an event type of thing, and that it 687 00:42:30,480 --> 00:42:33,240 Speaker 1: would establish a Guinness World record for the most expensive 688 00:42:33,280 --> 00:42:38,560 Speaker 1: cocktail ever purchased. But with Manning's scam uncovered and then 689 00:42:38,640 --> 00:42:41,520 Speaker 1: him banned from the casino, they had to scramble to 690 00:42:41,520 --> 00:42:44,200 Speaker 1: come up with an alternative customer, and then they had 691 00:42:44,239 --> 00:42:48,520 Speaker 1: to arrange to pay the guy back. So really it 692 00:42:48,560 --> 00:42:51,239 Speaker 1: wasn't a purchase at all. Like money changed hands, but 693 00:42:51,280 --> 00:42:53,759 Speaker 1: it changed hands back, so there was no real purchase here. 694 00:42:54,360 --> 00:42:56,640 Speaker 1: By the way, that story also has its own share 695 00:42:56,680 --> 00:42:59,600 Speaker 1: of drama and scandal that goes beyond what I just said. 696 00:43:00,239 --> 00:43:02,239 Speaker 1: But I think we've had enough for one episode if 697 00:43:02,239 --> 00:43:05,719 Speaker 1: you ask me. So that means that we're reaching the 698 00:43:05,760 --> 00:43:08,640 Speaker 1: point where it's time for me to sign off from 699 00:43:08,680 --> 00:43:12,880 Speaker 1: the iHeart Podcast studio powered by Bows. Here at the 700 00:43:12,920 --> 00:43:18,120 Speaker 1: iHeartRadio Music Festival in Las Vegas, Nevada, and maybe in 701 00:43:18,200 --> 00:43:22,400 Speaker 1: light of these recent hacker attacks, we should actually change 702 00:43:22,400 --> 00:43:28,040 Speaker 1: that saying to say the house almost always wins. I 703 00:43:28,120 --> 00:43:30,759 Speaker 1: hope you are all well, and I'll talk to you 704 00:43:30,800 --> 00:43:41,759 Speaker 1: again really soon. Tech Stuff is an iHeartRadio production. For 705 00:43:41,880 --> 00:43:46,719 Speaker 1: more podcasts from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, 706 00:43:46,840 --> 00:43:52,640 Speaker 1: or wherever you listen to your favorite shows.