Iranian Hackers Responsible For Devastating Attack On Las Vegas Sands Bethlehem

Iranian hackers were responsible for the Las Vegas Sands Bethlehem, PA cyber attack in February. At the time, company officials claimed that the hack only targeted the company’s website and mail server, but according to one report, the damage was much more extensive.

It all started when Sands’ controversial CEO Sheldon Adelson made remarks calling for the US to drop a nuclear bomb in the desert of Iran. After his comments appeared in the press, Iranian hackers began looking for ways to break into the company’s systems and exact revenge.

Finding a way in

They soon found an entry point into via a web development server that gave them access to other passwords, and finally the entire systems of the company. Now with near-total access to the Sands network, the hackers unleashed a devastating attack, wiping servers clean and filling them up again with junk data.

At one point, company officials ordered employees to rip the network cables out of every computer and server so that the infection wouldn’t spread. Fortunately for Sands, the perpetrators accidentally destroyed the servers which dealt with connections to the company’s casinos in Singapore and Macau. That meant the damage would be contained to Sands’ US casinos only.

The attackers were also unable to access the systems which controlled things like elevators, slot machines and room key cards, leaving patrons unaware of the mayhem that was spreading through the casino’s networks behind closed doors.

The damage done

One official estimated that buying new hardware and sanitizing the system could cost the company up to $40 million. Web security analysts say that the attack was so powerful that it could not have been perpetrated by a few individuals; they believe that the hackers must have had the blessing of the Iranian government.

In February, company officials downplayed the incident, claiming that the hackers didn’t access private customer information. That only served to anger the attackers who posted a YouTube video revealing folders of sensitive company data, employee Social Security numbers and more.

Attacks like these are becoming more prevalent, and are just strong enough to do damage to a company while not serious enough to elicit a military response from the US government.