A spokesman for the Las Vegas Sands Corp. says last week’s hacking case went “deeper” than previously known. The company’s sites were down for six days, after all internal systems and websites owned by the company were hacked.
The Sands says the hackers got into the email system, crashed the emails, and stole employees’ Social Security numbers. In an update of a previous story on the case, a video has been posted online which shows that the stolen information goes much further than expected, though.
YouTube Video Reveals New Level of Intrusion
The 11-minute video shows the passwords for the company’s administrators, including player information for the Sands Casino in Bethlehem, Pennsylvania. Also shown is the password information for slot machine systems at the Sands Bethlehem facility. Also included were a diagram of the Sands’ internal networks, along with employee files.
The company did not know about these incursions until the video surfaced. Sands Spokesman Ron Reese said, “We have now determined that the hackers reached at least some of the company’s internal drives in the US containing some office productivity information made up largely of documents and spreadsheets.”
Reese went on to say that the video continues to be investigated and further statements will be forthcoming if it’s learned more information was compromised. The Sands and the government agencies investigating the case do not believe customers’ credit card information or identity information was compromised.
FBI and Secret Service Continue to Investigate
At present, several state and federal agencies are investigating the case. The Nevada Gaming Control Board began investigating the hacking, but now the FBI and the U.S. Secret Service are also investigating the evidence. Nevada Control Board Chairman A.G. Barnett declined comment on the case, while the Secret Service and Federal Bureau of Investigation have not made a comment on the case.
The video was sent to the Associated Press on Monday via email by a person using the name Zhao Anderson. Also, a person using the same name posted the video on YouTube. The AP could not verify if the person who sent the video is really named Zhao Anderson.
The cyberattack appears to have been politically motivated, in response to Sands CEO Sheldon Adelson’s beliefs involving nuclear weapons proliferation in Iran. The people behind the attack posted on the Sands websites “Anti WMD Team”, and claimed they were concerned about Adelson’s stance on potential nuclear strikes on Iran.
Sheldon Adelson is an outspoken supporter of Israel. In October 2013, he publicly advocated for Israel to drop a nuclear weapon on Iran’s nascent nuclear program, saying the Iranians understand nothing but force. He also has donated large sums of money to a number of Republican candidates in the United States.
Besides the internal systems in Las Vegas and Bethlehem in the United States, it is thought Sands Casino websites for their operations in Macau and Singapore also may have been compromised. Despite the cyberattack, the Sands Corporation’s stock has risen 3.7% in the past week, up to $80.69. While the computer system was down for 6 days, the company has continued booking visitors through their telephone service.
A.G. Burnett Says Credit Cards Information Safe
Despite the revelations about the hacking via YouTube, Nevada regulators are confident that customers’ credit card information was not stolen. A.G. Burnett told ABC News that the hackers did not steal credit cards. It’s uncertain whether the identity information was safe because it was secure from attack or whether the hackers were not interested in the Sands’ customer base.
A.G. Burnett said the current case has few similarities to the Affinity Gaming case from December 2013, when hackers broke the code on 300,000 credit card transactions. In that case, Affinity warned its customers to take measures to protect themselves from identity theft.
Burnett said, “The Affinity case looks a lot different. That’s more akin to what happened with Target. But that’s not what happened at Sands, according to our information.”
The Sands continues a step-by-step process to determine exactly which systems were hit in the cyberattack. Employees are still unable to log into their own personal work accounts. With 5,000 employees worldwide, it’s a drawn-out process to determine which systems were hit. Meanwhile, gaming regulators are investigating to see whether the Sands did everything in its power to assure cyber-safety for its employees.