\nBenjamin Elgin and Michael Riley , Bloomberg<\/p>\n
\tMost gamblers were still asleep, and the gondoliers had yet to pole their way down the ersatz canal in front of the Venetian casino on the Las Vegas Strip.<\/p>\n
\tBut early on the chilly morning of Feb. 10, just above the casino floor, the offices of the world\u2019s largest gaming company were gripped by chaos. Computers were flatlining, e-mail was down, most phones didn\u2019t work, and several of the technology systems that help run the $14 billion operation had sputtered to a halt.<\/p>\n
\tComputer engineers at Las Vegas Sands (LVS) Corp. raced to figure out what was happening. Within an hour, they had a diagnosis: Sands was under a withering cyber-attack. PCs and servers were shutting down in a cascading IT catastrophe, with many of their hard drives wiped clean. The company\u2019s technical staff had never seen anything like it, Bloomberg Businessweek reports in its Dec. 15 edition.<\/p>\n
\tThe people who make the company work, from accountants to marketing managers, were staring at blank screens. \u201cHundreds of people were calling IT to tell them their computers weren\u2019t working,\u201d says James Pfeiffer, who worked in Sands\u2019 risk-management department in Las Vegas at the time. Most people, he recalls, switched over to their mobile phones and personal e-mail accounts to communicate with co-workers.<\/p>\n
\tNumerous systems were felled, including those that run the loyalty rewards plans for Sands customers; programs that monitor the performance and payout of slot machines and table games at Sands\u2019 U.S. casinos; and a multimillion-dollar storage system.<\/p>\n
\tRipping Cords<\/p>\n
\tIn an effort to save as many machines as they could, IT staff members scrambled across the casino floors of Sands\u2019 Vegas properties \u2014 the Venetian and its sister hotel, the Palazzo \u2014 ripping network cords out of every functioning computer they could find, including PCs used by pit bosses to track gamblers and kiosks where slots players cash in their tickets.<\/p>\n
\tThis was no Ocean\u2019s Eleven. The hackers were not trying to empty a vault of cash, nor were they after customer credit card data, as in recent attacks on Target Corp., Neiman Marcus Group LLC and Home Depot Inc. This was personal.<\/p>\n
\tThe perpetrators wanted to punish the company, or, more precisely, its chief executive officer and majority owner, the billionaire Sheldon Adelson. Although confirming their conjectures would take some time, executives suspected almost immediately the assault was coming from Iran.<\/p>\n
\tSweet Spot<\/p>\n
\tThis was new. Other countries have spied on American companies, and they have stolen from them, but this is likely the first time \u2014 occurring months before the late November attack on Sony Pictures Entertainment \u2014 that a foreign player simply sought to destroy American corporate infrastructure on such a scale. Both hacks may represent the beginning of a geopolitically confusing, and potentially devastating, phase of digital conflict.<\/p>\n
\tExperts worry that America\u2019s rivals may have found the sweet spot of cyberwar \u2014 strikes that are serious enough to wound American companies but below the threshold that would trigger a forceful government response. More remarkable still, Sands has managed to keep the full extent of the hack secret for 10 months.<\/p>\n
\tIn October 2013, Adelson, one of Israel\u2019s most hawkish supporters in the U.S., arrived on Yeshiva University\u2019s Manhattan campus for a panel titled \u201cWill Jews Exist?\u201d Among the speakers that night were a famous rabbi and a columnist from the Wall Street Journal, but the real draw for the crowd in the smallish auditorium was Adelson, a slightly slumped 81-year-old man with pallid jowls and thinning hair who had to be helped onto the stage by assistants.<\/p>\n
\tDesert Detonation<\/p>\n
\tWith a net worth of $27.4 billion, Adelson is the 22nd wealthiest person in the world, thanks mostly to his 52 percent stake in Las Vegas Sands. He has built the most lucrative gaming empire on earth by launching casinos in Singapore and China whose profits now dwarf those coming from Las Vegas.<\/p>\n
\tAn owner of three news outlets in Israel and a friend of Prime Minister Benjamin Netanyahu, Adelson also spends large sums of money to support conservative politicians in the U.S.; he may be best known for contributing some $100 million in a failed attempt to unseat President Obama and elect Republicans to Congress in the 2012 election.<\/p>\n
\tAt Yeshiva he described how he\u2019d handle talks with Iran about its ongoing nuclear program. \u201cWhat are we going to negotiate about?\u201d Adelson asked. \u201cWhat I would say is, \u2018Listen. You see that desert out there? I want to show you something.\u2019\u201d He would detonate an American warhead in the sand, he said, where it \u201cdoesn\u2019t hurt a soul. Maybe a couple of rattlesnakes and scorpions or whatever.\u201d The message: The next mushroom cloud would rise over Tehran unless the government scrapped any plans to create its own nukes.<\/p>\n
\tAyatollah\u2019s Response<\/p>\n
\t\u201cYou want to be wiped out? Go ahead and take a tough position,\u201d Adelson said, to light applause. It took only a few hours for his remarks to be posted on YouTube and ricochet around the Internet. Iran\u2019s Supreme Leader Ayatollah Ali Khamenei responded two weeks later, according to the country\u2019s semiofficial Fars News Agency, saying America \u201cshould slap these prating people in the mouth and crush their mouths.\u201d<\/p>\n
\tPhysically, Adelson and Sands are well protected. He appears in public with a phalanx of armed bodyguards, said to be former agents of the U.S. Secret Service and Mossad, Israel\u2019s intelligence agency. Sands paid almost $3.3 million to protect Adelson and his family last year, according to a company filing.<\/p>\n
\tUpgrade Sought<\/p>\n
\tThat\u2019s on top of what Sands spends on vaults, security cameras, biometric screening devices, and one of the largest private police forces of any U.S. company, all to safeguard the millions of dollars of cash and chips that flow through its operations every day.<\/p>\n
\tBut the company has been slow to adapt to digital threats. Two years ago it had a cybersecurity staff of five people protecting 25,000 computers, according to a former executive. The board authorized a major upgrade of tools and personnel in 2013, but the project was slated to be rolled out over 18 months, and it was in its infancy as Adelson mused about nuclear strikes at Yeshiva.<\/p>\n
\tUnbeknownst to Sands, one month after Khamenei\u2019s fiery speech, hackers began to poke around the perimeter of its computer networks, looking for weaknesses. Only later, after the attack, were investigators able to sift through computer logs and reconstruct their movements.<\/p>\n
\tThese details appear in internal documents describing \u201cYellowstone 1,\u201d the company\u2019s code name for the incident, and have been corroborated in interviews with a half-dozen people familiar with the breach and its aftermath. Ron Reese, a spokesman for Sands, declined to answer specific questions about the attack or to make Adelson available.<\/p>\n
\tTargeting Bethlehem<\/p>\n
\tBy Jan. 8, 2014, the hackers were focused on Sands Bethlehem, a 3,000-slot-machine casino and resort in Bethlehem, Pennsylvania, which has its own website and computer network. It\u2019s a minor outpost in the company\u2019s empire, but going after the weak link in the security chain is a well-worn hacker trick. That day, the hackers launched a first, hourlong attack to try to break into the Sands Bethlehem virtual private network, or VPN, which gives employees access to their files from home or on the road.<\/p>\n
\tThe hackers used software that cracks password logins by systematically trying as many as several thousand letter combinations per minute; the software keeps going until it either guesses right or runs out of permutations. It\u2019s a brute-force method, sort of like the safecracking tools in movies that spin through every possible combination to find the correct set of numbers.<\/p>\n
\tBrute-Force Attacks<\/p>\n
\tThe hackers redoubled their efforts on Jan. 21 and 26, again throwing hourslong attacks at the Bethlehem Sands network. Later, investigators would detect the work of at least two different hackers or teams trying different ways to get in. At the time, IT managers in Bethlehem, alarmed at the sudden surge in failed login attempts, began a conference call with Sands security managers in Las Vegas.<\/p>\n
\tBut brute-force attempts are common \u2014 almost half of all companies experience them, according to Alert Logic Inc., a Houston security firm \u2014 and the casino staff wasn\u2019t overly concerned. They put another layer of security on the accounts that were being attacked, so that entering the network would require more than just a password.<\/p>\n
\tIt was of little use: Five days later, on Feb. 1, the hackers found a weakness in a Web development server used by Sands Bethlehem to review and test Web pages before they went live. Once inside, the pace of the attack quickly escalated. Hackers used a tool called Mimikatz to reveal passwords used previously to log in to a computer or server.<\/p>\n
\tGoing Vegas<\/p>\n
\tCollecting passwords as they went, the hackers gained access to almost every Sands file in Bethlehem, according to three people familiar with the incident. But the Bethlehem computer system was a box \u2014 and what they were really after was the key that would let them out. Sometime before Feb. 9, they found it: the login credentials of a senior computer systems engineer who normally worked at company headquarters but whose password had been used in Bethlehem during a recent trip.<\/p>\n
\tThose credentials got the hackers into the gaming company\u2019s servers in Las Vegas. As they rifled through the master network, the attackers readied a malware bomb. Typing from a Sony VAIO computer, they compiled a small piece of code, only about 150 lines long, in the Visual Basic programming language. The program proved potent.<\/p>\n
\tAutomatic Reboots<\/p>\n
\tNot only does it wipe the data stored on computers and servers, but it also automatically reboots them, a clever trick that exposes data that\u2019s untouchable while a machine is still running. Even worse, the script writes over the erased hard drives with a random pattern of ones and zeros, making data so difficult to recover that it is more cost-effective to buy new machines and toss the hacked ones in the trash.<\/p>\n
\tInvestigators from Dell SecureWorks Inc. working for Sands have concluded that the February attack was likely the work of \u201chacktivists\u201d based in Iran, according to documents obtained by Bloomberg Businessweek. The security team couldn\u2019t determine if Iran\u2019s government played a role, but it\u2019s unlikely that any hackers inside the country could pull off an attack of that scope without its knowledge, given the close scrutiny of Internet use within its borders.<\/p>\n
\t\u201cThis isn\u2019t the kind of business you can get into in Iran without the government knowing,\u201d says James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. Hamid Babaei, a spokesman for Iran\u2019s Permanent Mission to the United Nations, didn\u2019t return several phone calls and e-mails.<\/p>\n
\tInternet Severed<\/p>\n
\tThe perpetrators released their malware early in the morning on Monday, Feb. 10. It spread through the company\u2019s networks, laying waste to thousands of servers, desktop PCs, and laptops. By the afternoon, Sands security staff members noticed logs showing that the hackers had been compressing batches of sensitive files.<\/p>\n
\tThis meant that they may have downloaded \u2014 or were preparing to download \u2014 vast numbers of private documents, from credit checks on high-roller customers to detailed diagrams and inventories of global computer systems. Michael Leven, the president of Sands, decided to sever the company entirely from the Internet.<\/p>\n
\tIt was a drastic step in an age when most business functions, from hotel reservations to procurement, are handled online. But Sands was able to keep many core operations functioning \u2014 the hackers weren\u2019t able to access an IBM mainframe that\u2019s key to running certain parts of the business.<\/p>\n
\tMajor Break<\/p>\n
\tHotel guests could still swipe their keycards to get into their rooms. Elevators ran. Gamblers could still drop coins into slot machines or place bets at blackjack tables. Customers strolling the casino floors or watching the gondolas glide by on the canal in front of the Venetian had no idea anything was amiss.<\/p>\n
\tLeven\u2019s team quickly realized that they\u2019d caught a major break. The Iranians had made a mistake. Among the first targets of the wiper software were the company\u2019s Active Directory servers, which help manage network security and create a trusted link to systems abroad. If the hackers had waited before attacking these machines, the malware would have made it to Sands\u2019 extensive properties in Singapore and China. Instead, the damage was confined to the U.S.<\/p>\n
\tFlaming Map<\/p>\n
\tThe next day, the hackers took aim at the company\u2019s websites, which were hosted by a third party and still running. The hackers defaced them, posting a photograph of Adelson chumming around with Netanyahu, as well as images of flames on a map of Sands\u2019 U.S. casinos. At one point, they posted an admonition: \u201cEncouraging the use of Weapons of Mass Destruction, UNDER ANY CONDITION, is a Crime,\u201d signing it \u201cAnti WMD Team.\u201d<\/p>\n
\tThe hackers left messages for Adelson himself. One read, \u201cDamn A, Don\u2019t let your tongue cut your throat.\u201d They also included a scrolling list of information about Sands Bethlehem employees that had been stolen in the breach, including names, titles, Social Security numbers, and e-mail addresses.<\/p>\n
\tIn the days after the hack, Sands initially told the press only that its websites had been vandalized and that some office productivity systems, including e-mail, weren\u2019t working.<\/p>\n
\tApparently angered that their attack was being minimized, the hackers took to YouTube, posting an 11-minute video set to the music of Carl Orff\u2019s pulsing cantata O Fortuna. It began by scrolling through a news article that highlighted Adelson\u2019s comments about nuking Iran. Then it showed a computer screen packed with thousands of files and folders, with names such as IT Passwords and Casino Credit, which had been pilfered from Sands.<\/p>\n
\tUnseen Hacker<\/p>\n
\tIn the video, which was removed within hours by law enforcement, an unseen hacker clicks into a disk drive titled \u201cDamn A\u201d and enters a folder containing almost a terabyte of data. A text box appears: \u201cDo you really think that only your mail server has been taken down?!! Like hell it has!!\u201d Three people familiar with the Sands hack confirmed the files seen in the video were genuine.<\/p>\n
\tThe company is still tallying the damage. Documents and interviews with people involved in Yellowstone 1 show that the hackers\u2019 malicious payload wiped out about three-quarters of the company\u2019s Las Vegas computer servers. Leven, in a brief interview last month before a private event, estimated that recovering data and building new systems could cost the company $40 million or more.<\/p>\n
\tNational Security<\/p>\n
\tFor years, U.S. officials have warned of the threat of destructive digital attacks against American companies by foreign parties. The latest alarm came on Nov. 20, from National Security Agency Director Michael Rogers, as he testified before the House Intelligence Committee. Pointing to a 2012 attack on Saudi Arabian Oil Co. that wiped out 30,000 of its computers, Rogers suggested that corporate America so far has been lucky. He kept mum about Sands, even though the attack has been studied and discussed by U.S. national security officials since February.<\/p>\n
\tMonths after the Sands fiasco, and just days after Rogers\u2019s comments, hackers broke into Sony Pictures Entertainment, crippling the studio\u2019s e-mail, payroll, and other systems and leaking gigabytes of company secrets, including full-length cuts of five major holiday films and the Social Security numbers of 47,000 employees and contractors, including Sylvester Stallone and Judd Apatow.<\/p>\n
\tSony hasn\u2019t publicly said who\u2019s responsible, but according to two people familiar with the incident, FireEye Inc. (FEYE) security experts the company hired have connected the attack to a group of hackers known as DarkSeoul, which South Korean and U.S. officials believe works for the North Korean government.<\/p>\n
\t\u2018The Interview\u2019<\/p>\n
\tThe regime denies responsibility, but in June, after learning of the Sony project \u2018The Interview\u2019 \u2014 a comedy about an assassination plot against leader Kim Jong-Un \u2014 a government spokesman said North Korea would \u201cmercilessly destroy anyone who dares hurt or attack the supreme leadership of the country, even a bit.\u201d<\/p>\n
\tThis is the next frontier of cyberwarfare. If an enemy of the U.S. were to digitally target the country\u2019s electrical grid or natural gas pipelines, the president would consider a range of powerful responses, including military options, according to leaked descriptions of two executive orders signed by President Obama.<\/p>\n
\tBut Las Vegas casinos don\u2019t deliver essential services to the U.S. population, apart from Cirque du Soleil addicts. Nor do movie studios. Even months of nuisance attacks on the websites of major American banks in 2012 and 2013, which U.S. intelligence officials connected to Iran\u2019s Republican Guard, didn\u2019t meet the threshold. The damage wasn\u2019t serious enough.<\/p>\n
\tOutbox Bound<\/p>\n
\t\u201cIf this would have come across my desk when I was in government, I would have just put it in the outbox,\u201d Michael Hayden, former director of both the CIA and the NSA, says of the Sands attack. The U.S. government will help find who did it, but it won\u2019t hit back. That leaves most companies pretty much on their own to face a growing cast of global antagonists wielding devastating digital weapons, he says.<\/p>\n
\t\u201cIf there is a physical Chinese attack coming up the Houston Ship Channel, I know who to call,\u201d Hayden says. \u201cIf there is a cyber Chinese attack coming up the fiber-optic cable in the Houston Ship Channel, what does U.S. law say the U.S. government should do? I think what we\u2019re finding is there isn\u2019t a real robust answer.\u201d<\/p>\n
\tAs early as 2008, military planners were at work on a series of briefing papers about deterrence in cyberspace, examining whether the same principles that kept the Cold War cold could be applied to the coming generation of digital conflict. The answer, they concluded, was no.<\/p>\n
\tOutsourced Hacking<\/p>\n
\tIt\u2019s a lot easier to tell who fired a nuclear weapon than a digital one, which is simple to acquire and hard to trace. States often outsource hacking to proxies, including groups that behave a lot like the ones that officially took credit for both Sands (the \u201cAnti WMD Team\u201d) and Sony (the \u201cGuardians of Peace\u201d).<\/p>\n
\tIn the Sony hack, the first big upload of stolen data was made from Thailand, using the Wi-Fi network of the St. Regis Bangkok, a luxury hotel. Internet functionality in North Korea is so limited that hackers working for the country\u2019s military have set up satellite offices in China, Syria, and other countries.<\/p>\n
\tBut the attackers could also be hired guns. While denying involvement in the hack, a spokesman for the National Defense Commission in Pyongyang praised it as a \u201crighteous deed.\u201d The spokesman suggested the perpetrators might have been upset over \u2018The Interview,\u2019 \u201ca film abetting a terrorist act while hurting the dignity of the supreme leadership.\u201d<\/p>\n
\tHolding Back<\/p>\n
\tFireEye investigators initially prepared a blog post linking DarkSeoul to the attack, but during a meeting on Dec. 3, Sony\u2019s general counsel squelched it, perhaps unwilling to poke the hornet\u2019s nest again. A Sony spokesman said the company\u2019s investigation is ongoing. Similarly, Dell SecureWorks submitted an incident brief to Sands stating that the \u201cattack was in response to CEO comments regarding Iran.\u201d Sands executives made their displeasure known, and the next internal report from Dell, about a month later, omitted that page. Dell spokeswoman Elizabeth Clarke declined to comment.<\/p>\n
\tA growing number of experts, including former national security officials who\u2019ve seen the problem from the inside, say the next escalation may be companies doing what the U.S. government won\u2019t. If states can hire hackers to do damage, why can\u2019t their victims defend themselves using the same techniques?<\/p>\n
\tHack-Back Considerations<\/p>\n
\tThe topic, discussed often at panels and conferences, is among the options U.S. officials have considered \u2014 and rejected \u2014 as a response to growing cyberthreats against companies. Hayden, the former NSA director, calls it the digital equivalent of the \u201cstand your ground\u201d laws that allow citizens of some states to defend themselves with lethal force. To critics, it\u2019s a path to a digital Wild West.<\/p>\n
\tFederal law would have to be changed first, and the Department of Justice has signaled that companies trying to \u201chack back\u201d would be subject to criminal penalties under the Computer Fraud and Abuse Act, among other statutes. Nations that are already a headache for Obama and his national security team seem to understand this and are turning to low-level digital skirmishing to wreak havoc in the computers of American companies.<\/p>\n
\tIt\u2019s not the cyberwar many predicted, yet it\u2019s devastating in its own way.<\/p>\n
\t\u201cMaybe we never get to a digital Pearl Harbor everyone is always talking about, where it all happens at once, and trillions of dollars in value is wiped out,\u201d says Jason Syversen, founder of Siege Technologies LLC, which provides cyberwarfare tools to the U.S. government. \u201cMaybe it\u2019s just going to go like this \u2014 death by a thousand cuts.\u201d<\/p>\n
No replies were posted for this topic.<\/p>\n","protected":false},"excerpt":{"rendered":"
Benjamin Elgin and Michael Riley , Bloomberg Most gamblers were still asleep, and the gondoliers had yet to pole their way down the ersatz canal in front of the Venetian casino on the Las Vegas Strip. But early on the…<\/p>\n","protected":false},"author":36,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-8420","post","type-post","status-publish","format-standard","hentry","category-coffee-chat-lounge"],"_links":{"self":[{"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/posts\/8420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/users\/36"}],"replies":[{"embeddable":true,"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/comments?post=8420"}],"version-history":[{"count":0,"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/posts\/8420\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/media?parent=8420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/categories?post=8420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumarchives.tmsites.net\/index.php\/wp-json\/wp\/v2\/tags?post=8420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}