Teen Suspect Arrested for MGM Cyberattack

A teenager turned himself in to Las Vegas authorities on September 17, facing charges related to a cyberattack that reportedly cost MGM Resorts around $100 million. The juvenile is now at the Clark County Juvenile Detention Center, as confirmed by the Las Vegas Metropolitan Police Department (LVMPD).

He’s facing six charges, including using someone else’s personal information for deceptive purposes, and is also linked to conspiracies involving illegal computer activities. It appears he will be transferred to the Criminal Division and may be tried as an adult.

Police stated that this individual is part of a group targeting several casinos from August to October 2023, using sophisticated methods which are associated with a cyber group dubbed “scattered spiders.” This group operates under various names, including “Octo Tempest,” “UNC3944,” and “Oktapus.”

An investigative team from the LVMPD led the charge, though the suspect’s identity remains undisclosed due to his age.

Reports indicate that hackers have been disrupting hotel services, such as disabling key cards, blocking reservation systems, and locking employees out of their email. MGM disclosed in an SEC filing that the September 2023 incident could lead to significant financial losses.

It seems the attackers employed a surprisingly simple tactic: they monitored MGM staff on LinkedIn, impersonated them, and contacted companies for password resets. Allegedly, they gained access to the system in a mere ten minutes.

Caesars Palace faced similar challenges in that timeframe, and its SEC filing hinted that while efforts were made to secure data, the company could not ensure complete safety from unauthorized access.

Cybersecurity experts have suggested that the company might have compensated the individual behind the breach, underscoring the complexities of modern cybersecurity challenges.