Official confirmation received from National Intelligence

Feb 27, 2015 10:54 GMT  ·  By

The hack in early 2014 targeting several casinos owned by Las Vegas Sands Corp. was officially attributed to Iran by the director of the US National Intelligence.

On Thursday, the director of National Intelligence, James Clapper, confirmed in front of the Senate Armed Services Committee that the Sands Bethlehem attack was the work of an Iranian actor, Bloomberg reports.

Hackers were persistent

The hackers first started to attack Sands Bethlehem by attempting to brute-force the casino’s VPN (virtual private network), which is used by employees to access the internal network while traveling or from home.

They failed to gain access using this method but kept on poking in hopes of finding a vulnerability that would help them achieve their goals; and they found it in a web development server used by the casino for testing web pages before they were published.

Once inside, they started to look for login credentials that would allow access to more sensitive areas of the network. In early February 2014, they discovered the username and password of a senior engineer and used them to get into the company’s servers.

During the attack, the casino’s systems were brought down but credit card data remained safe. The hackers took control over the casino’s website and vandalized it with an image of company CEO Sheldon Adelson, who is a supporter of Israel, together with Israel Prime Minister Benjamin Netanyahu.

Iran and North Korea are unpredictable threat actors

A message for Adelson was left, reading, “don’t let your tongue cut your throat,” while at the bottom of the website a scrolling bar displayed sensitive information belonging to the casino’s employees, which included names, social security numbers, and email addresses.

Despite the casino’s downplay of the attack in the press, the hackers managed to exfiltrate almost a terabyte of information from the compromised systems.

Clapper classified the incident as a cyber-assault on US from a nation-state and also included in the picture the Sony hack that occurred in November last year.

“While both of these nations have lesser technical capabilities in comparison to Russia and China, these destructive attacks demonstrate that Iran and North Korea are motivated and unpredictable cyber-actors,” he said in front of the committee, adding that Russia was more of a cyber threat than these two.