MGM and Caesars hack create Las Vegas-style media circus


The Las Vegas cyberattacks on two hotel and gambling empires, MGM Resorts and Caesars Entertainment, quickly devolved into a three-ring circus this week as victims, hackers, and the media each took center stage.

As audience members worldwide quietly watched from the sidelines munching popcorn from the all-you-can-eat rumor buffet, Cybernews, acting as ringmaster, has chosen "the media" as most deserving of this week's circus spotlight.

Like any good dog and pony show, we begin with an introduction to the story which is set against the backdrop of what some call the “Entertainment Capital of the World.” The irony is not lost on this journalist.

ADVERTISEMENT

We have two separate cyberattacks at two renowned Las Vegas resort chains, carried out by two different ransomware gangs, resulting in two very distinct outcomes – yet all intersecting with one another through non-stop media coverage and within the span of a week's time.

MGM, Caesars, ALPHV, and Scattered Spider make up the main players. (Click any of the links for full coverage.)

In fact, barely a month before the news of the MGM ransomware attack broke, this cybersecurity journalist found herself checking into the now-infamous MGM Grand Hotel on the Vegas Strip to attend this year's Black Hat convention — more on that conspiracy theory below.

Citizen reporters vs main stream media

One of the interesting things about being a reporter is the inherent feeling of FOMO (fear of missing out) whenever a good news story hits the ground running – and knowing I had just missed the Las Vegas ransomware attacks by a few weeks was a disappointment – at least at first.

As the true conditions at all twelve MGM resort complexes on the strip began to roll in on social media, my tune definitely changed.

In fact, if it wasn’t for the average khaki wearing American tourist, the main street media would have had no idea what was really happening behind the scenes.

With spot-on insider scoops from some savvy local social media influencers, the story practically told itself on the “X-o-verse’ (formally known as the Twitterverse, and yes, I just made it up).

ADVERTISEMENT

Take, for instance, X user @NessieCakes with barely 250 followers. The Denver native said she decided to document her six-day stay at the MGM Bellagio during the system shutdown, mainly because she hasn’t seen “a lot of information shared transparently.”

Posting about how guests were left to fend for themselves in the subsequent chaos, she described raw sewage coming up from the sinks, no hot water, hours-long lines to speak with the front desk, and then finally getting a room key only to find a man already asleep in the bed once she got there. And according to many X users, these were not isolated incidents.

Sorting through videos and images of inoperable shot machines and cashless ATMs seems tame in comparison. The hotel, at one point, even switched from handing out complimentary water bottles to serving glasses of wine to calm frustrated guests, the X user posted.

MGM cyberattack chaos water to wine

But, the biggest challenge many journalists faced was actually keeping up with the steady influx of updates. Some major news outlets sadly found out – including the Financial Times – you can't believe everything you read on the Interwebs.

Meantime, ALPHV/Blackcat, the threat actor who claimed responsibility for the debilitating MGM ransom attack, put out its own 1027-word statement titled, "Setting the record straight" on its dark leak site. The gang complaining it was fed up with the misinformation reported by mainstream media.

The ransom group even chided the Reuters News Agency for being duped by writing a story based on an interview with a fake ALPHV Telegram account they had unknowingly connected with.

ALPHV blog corrections MGM Caesars hack
ALPHV leak site
ADVERTISEMENT

And then of course was the so-called clickbait citizen journalists, who also came out of the woodwork this week poorly attempting to link the Black Hat and DEF CON conventions to the attacks.

Did the theory cross my mind for a split second? Ok, I'll admit, yes. But then ironically, I quickly noted that thousands of cybersecurity professionals and inside hackers descended on Sin City for almost two weeks in August, and left without a hitch - as they have been doing since the 1990s.

By Friday, it seemed anything "so-called" news became fair game for these newbie social media influencers, who obviously aren't ready to give up the limelight just yet, especially now that MGM websites and its mobile app are back up and running.

"Best twist yet in the MGM cyberattack saga: Source says a guy went up to the cage at Mandalay Bay and demanded $40 million to stop the ransomware attack," one X user posted.

"He’s in custody. Unconfirmed, but they provided a surveillance pic. So many emotions." it said.

Sigh, it's going to be a long weekend.

At least, as @lasVegasLocally pointed out, "All of the Mariachi groups are functioning properly, órale."

ADVERTISEMENT