On Thursday, the First Nations-owned Casino Rama announced that an unidentified hacker claimed to be in possession of “past and present customer, employee and vendor information” dating as far back as 2004. The company says it became aware of the breach on Nov. 4. The hacker’s stolen data trove reportedly includes the property’s email, IT information, financial reports for both hotel and casino, security incident reports, patron credit inquiries, collection and debt information, vendor info and all manner of personal data belonging to casino staff.
Casino Rama CEO John Drake said the company “deeply regrets this situation and recognizes the seriousness of this issue.” The casino doesn’t take its data protection responsibilities lightly and has been working “around the clock” with technology experts to determine the extent of the problem. The casino has also alerted provincial and federal police as well as the Ontario Lottery and Gaming Corporation. Casino Rama has set up a webpage to keep affected individuals up to date on the latest news and is advising customers, employees and vendors to monitor their financial accounts for signs of dubious activity. The company warned that it is possible that the hacker “will publish information that was stolen previously.”
Casino Rama isn’t the first gaming venue to be targeted in this way. In 2014, Las Vegas Sands’ Pennsylvania property Sands Bethlehem was the subject of a major security breach by hackers believed to have been motivated by bellicose anti-Iranian comments by Sands’ boss Sheldon Adelson. Last week, UK bookmaker William Hill had its website knocked offline by a “sophisticated” distributed denial of service (DDoS) attack. The attackers were believed to be employing the new Miral botnet, which hijacks hundreds of thousands of Internet of Things (IoT) devices – security cameras, digital video recorders, etc. – to bombard its target with incoming data.
The source code for the Miral botnet was posted online in early October, unleashing a wave of powerful DDoS attacks on a host of websites. But security firm Flashpoint believes the ubiquity of the Miral code may actually be working against the hackers, in part because they’re all competing to hijack the same IoT devices. When Miral infects an IoT device, it closes the ports that allowed it to hijack the device in the first place, thereby blocking it from being controlled by other hackers, who can only assume control after the device is rebooted by its owner.
This week, Flashpoint reported that “the IoT botnet landscape appears to be saturated with too many would-be-controllers and not enough new vulnerable devices.” This fracturing has “significantly lowered the impact, efficacy and damage of subsequent attacks” since the code was released. Nevertheless, researchers believe that there are still three or four major Miral botnets out there that are capable of launching DDoS attacks on the scale that took out US-based internet performance management firm Dyn last month, which led to the temporary inaccessibility of mainstream sites like Twitter and Reddit.