A recent story in Bloomberg BusinessWeek points out how vulnerable companies can be to determined hackers, and just how costly it can be. This one was largely kept on the down-low by the company, but in fact was one of the biggest and most disruptive hacking intrusions last year. It only highlights the importance of vigilance and safe backups.
In early February of last year, the offices of the world’s largest gaming company started going down. Computers, phones, email… all down. Many of the systems that ran the $14 billion Las Vegas Sands Corp. were laid low. The company’s IT staff had never seen anything like it.
We’ll leave the details to you to read (the article appeared in the 12/15-20 issue, and was written by Ben Elgin and Michael Riley p. 60). Here’s the gist of it…
It appears that Sands CEO Sheldon Adelson, at 87 one of the world’s wealthiest individuals and an outspoken political hawk, had the previous autumn given a speech at the Manhattan campus of Yeshiva University in which he made some rather disparaging remarks (some would say he took a “tough position”) regarding Iran’s nuclear prospects and intentions. His words spread quickly via YouTube and around the Internet. Two weeks later, Iran’s supreme leader responded via Iran’s quasi-official news agency with some disparaging remarks of his own.
A few months later, chaos ensued at The Sands. While physically both Adelson and The Sands are as well protected as money can buy, his company had been slow to adapt to digital threats. As the article points out, two years ago The Sands had a cybersecurity staff of 5 to protect 25,000 computers. While a major upgrade was planned, it had yet to be rolled out.
Apparently, a month after Iran’s Ayatollah’s fiery speech in response to Adelson’s, hackers began poking around The Sands’ networks. Eventually, they found a vulnerability inn a small slot-machine casino and resort within The Sands’ empire in Bethlehem, Pa. In effect, it was a weak link in a very big chain, and it eventually provided access through a VPN (which Sands’ employees often used to access their files from home or the road). The hackers ended up cracking passwords and logins through a brute-force technique that eventually worked – like safecracking tools that spin through every possibility until they scored their target.
Investigators from Dell SecureWorks eventually traced the hacking activities back to Iran, much after the hackers had “detonated a malware bomb” and ultimately wiped out about three-fourths of the company’s Las Vegas servers. Ultimately, recovering what data they could and replacing servers would cost the firm $40 million or more. And most people outside the firm never even heard about it.
On top of the recent and publicly acknowledged hacking attacks (Sony/Korea, Russian and Chinese attacks), the Sands disaster is just one more in a growing movement of cyberwar. These are low-level digital skirmishes that can wreak havoc in ways we’ve not encountered before. We’ll be hearing more about these in the future.
Meanwhile, how’s your backups?