Cyber attacks

[georgina]

News recently about Caesars and MGM attacks involving a lot of personal information. Those didn't affect us.

We recently had letters from 2 financial institutions (annuity and the insurance company that just took over DH's pension) that they were hit with attacks, and offered Kroll monitoring for a year.

I fear this will continue to be an issue in years to come. So much of our personal date is online and vulnerable.

 

[Neapolitan Ice Cream]

News recently about Caesars and MGM attacks involving a lot of personal information. Those didn't affect us.

We recently had letters from 2 financial institutions (annuity and the insurance company that just took over DH's pension) that they were hit with attacks, and offered Kroll monitoring for a year.

I fear this will continue to be an issue in years to come. So much of our personal date is online and vulnerable.

These hackers are the scum of the Earth. They targeted the NHS a few years back. Admittedly, the systems were out of date and vulnerable, but come on! This was the Health Service we are talking about, not a rich bank or anything! It's something that saves lives!

 

[Lord Manhammer]

You can privacy or convenience but not both (unless you are absurdly wealthy).

 

[NotUrsula]

Several hospital systems have recently been hit; medical insurance records are gold mines for personal information if they can get into them.

 

[_19disnA]

Some of these attacks were the result of employees opening rogue emails/launching dubious attachments and inadvertently giving the hackers access to internal sites/programs. Seems like employees need more training on what NOT to do to limit this sort of problem.

 

[ronandannette]

News recently about Caesars and MGM attacks involving a lot of personal information. Those didn't affect us.

We recently had letters from 2 financial institutions (annuity and the insurance company that just took over DH's pension) that they were hit with attacks, and offered Kroll monitoring for a year.

I fear this will continue to be an issue in years to come. So much of our personal date is online and vulnerable.

We don’t know the half of it, and we never will. I’ve got close contacts in the cyber security field who inform me that many huge public and private entities have (or will) be hijacked. This is most often for ransom, not necessarily for data theft. There is almost never enough time or expertise available for them to “unhack” their way out and security measures after the fact are useless. The only option is to pay the criminals, to get systems unlocked. Which they do, most often quickly and quietly.

 

[thanxfornoticin]

We don’t know the half of it, and we never will. I’ve got close contacts in the cyber security field who inform me that many huge public and private entities have (or will) be hijacked. This is most often for ransom, not necessarily for data theft. There is almost never enough time or expertise available for them to “unhack” their way out and security measures after the fact are useless. The only option is to pay the criminals, to get systems unlocked. Which they do, most often quickly and quietly.

Agreed we don't know the half of it, and it does appear that the MGM hack was a ransom attack. But hackers are relentless, often having computer bots prying for openings in cyber security systems billions and billions of times every day - often getting in because some employee at a vendor site decides they need to click on a foreign link that looks interesting. I also think people would be appalled to know and realize how many places their personal data is stored and who has already had access to it..... These hacks aren't all just about ransom demands - data selling is also potentially lucrative. The MGM hack is the equivalent to the bank robbers in the old west - 'give me your money and no one gets hurt'...... Sadly, most of these hackers cover their tracks and are never found....

 

[tony67]

Yeah this is going to be an ongoing issue pretty much forever so you have to be a vigilant as you can be.

 

[ronandannette]

Agreed we don't know the half of it, and it does appear that the MGM hack was a ransom attack. But hackers are relentless, often having computer bots prying for openings in cyber security systems billions and billions of times every day - often getting in because some employee at a vendor site decides they need to click on a foreign link that looks interesting. I also think people would be appalled to know and realize how many places their personal data is stored and who has already had access to it..... These hacks aren't all just about ransom demands - data selling is also potentially lucrative. The MGM hack is the equivalent to the bank robbers in the old west - 'give me your money and no one gets hurt'...... Sadly, most of these hackers cover their tracks and are never found....

This story is on my supper-hour news right this very minute. Reports are Caesar's paid $15million to have their system unlocked.

Another interesting point my source made to me is that as disgusting as it is, these cyber-criminals virtually have a 100% record for actually unlocking the systems after the ransom is paid. If they didn't, it would be tarnish the reputation for reliability and be bad for business - read "nobody would pay them anymore". It's a crazy world we're living in...

 

[thanxfornoticin]

Another interesting point my source made to me is that as disgusting as it is, these cyber-criminals virtually have a 100% record for actually unlocking the systems after the ransom is paid. If they didn't, it would be tarnish the reputation for reliability and be bad for business - read "nobody would pay them anymore". It's a crazy world we're living in...

That is an interesting point! Honor among thieves, I suppose.

 

[Mackenzie Click-Mickelson]

Reports are Caesar's paid $15million to have their system unlocked.

And because they paid that's why they continue to do what they do. MGM last I heard was not paying thus their systems were not released. I'm not sure if they have paid or not now but at least as of 2 days ago they hadn't. And we were literally just in Vegas days before this issue occurred staying at Aria (an MGM property) as well as gambling at MGM properties. The pictures of the impact to just Vegas alone are astounding.

In our area several court systems had security breaches about 4 days ago. It's because the 3 systems use the same service provider and that provider had a breach. I believe the impact was greatest for only 1 day but there's obviously a ripple effect with having to stop all services including payments and court hearings that were scheduled as well as warrants to be issues (one city's police department was still able to do physical warrants).

 

[Lord Manhammer]

That is an interesting point! Honor among thieves, I suppose.

Actually that is very true. On the dark web site, the Silk Road which sold all sorts of hardcore illicit drugs, sellers almost always delivered the product on time and as described so as to never alienate potential customers. When you're dealing with an illicit trade that uses a virtual currency, honour is the most important quality.

The way these large cyber attacks originate is very interesting. Usually there will be someone who owns malicious code. A hacker (or group) will go on the dark web, find the seller with the code and "rent" the code from them with the guarantee that the seller will get a cut of the ransom proceeds. The seller will release the code for the hackers to use and then will wait for the payment. It's all very transactional.

 

[_19disnA]

Guess I am not clear on how that supposed 'dark web' operates. If it a known mechanism for selling illegal things, why can't law enforcement track down where their servers are located and shut it down? I would assume most foreign countries wouldn't want to knowingly encourage such activity either.

 

[Lord Manhammer]

Guess I am not clear on how that supposed 'dark web' operates. If it a known mechanism for selling illegal things, why can't law enforcement track down where their servers are located and shut it down? I would assume most foreign countries wouldn't want to knowingly encourage such activity either.

It's rather complicated but here's the quick and dirty. All digital devices have an IP address. When you log onto the Dark Web via a modified Firefox browser and go to a website, the browser bounces your website request all around the world hitting different computers called nodes. Every time it hits a node, the IP address switches to that of the node. This results in anonymising your IP and making it damn near impossible to discern what site you were at. It has been extremely difficult for LEO's to shut down dark web sites because of this. Plus, once one site is shut down, another pops up and is hard to locate.

The dark web isn't all bad though. It has been a haven for people to engage in discussion in countries that prohibit certain kinds of speech. So, just like the regular internet, it has pros and cons.

 

[tvguy]

News recently about Caesars and MGM attacks involving a lot of personal information. Those didn't affect us.

We recently had letters from 2 financial institutions (annuity and the insurance company that just took over DH's pension) that they were hit with attacks, and offered Kroll monitoring for a year.

I fear this will continue to be an issue in years to come. So much of our personal date is online and vulnerable.

My long term care insurance company got caught in that so they are paying for Kroll for two years.
I attended an FBI symposium on cyber security and of course they encourage people to be vigilant and warn no matter how vigilant you are, you still are at risk. I was a Little League Information officer 25+ years ago and I had all 400 players players parents medical insurance information, which in those days were the parents social security numbers all on my personal laptop. Now I did the responsible thing and destroyed the hard drive when I got rid of that laptop, but everything on my computer was uploaded to a third party company who uploaded it to National Little League and who knows if that information is still on their computers..

They did give us two helpful websites on the issue.
www.fbi.gov/scams-and-safety/
and
ic3.gov

 

[Mackenzie Click-Mickelson]

There is now a civil lawsuit filed against Caesar's in part because information was not even disclosed until the MGM attack. Apparently 6 terabytes of information was taken.

I actually signed up for a Caesar's rewards program on Sep 3rd or 4th but it was after the breach occurred..well at least I think because information is not really coming out about it from Caesar's (also part of the civil lawsuit). My husband however already had an account. He's received no such notice on it. These days it's usually standard that when something occurs notices are immediately sent out with information to contact them or what steps have been and will be taken.

I have had an MGM account same as my husband so we'll see if we get notification from them.

 

[barkley]

We recently had letters from 2 financial institutions (annuity and the insurance company that just took over DH's pension) that they were hit with attacks, and offered Kroll monitoring for a year.

the california public employees retirement system got hit and over 700,000 member's as well as beneficiarie's data was compromised. i know that active retirees were notified and offered monitoring but i don't think they notified all the beneficiaries who may not be activly receiving at this point but CalPERS has existing vital information on.


a family member works for a financial institution that has seen such an uptick in systems based fraud that they've instituted stronger access verification for customers. customers are livid and curse out the staff b/c they don't want to go through the extra steps required-i'm like 'any extra security steps you can take or tell me to put in place to protect me i'm all for'.

 

[barkley]

There is now a civil lawsuit filed against Caesar's in part because information was not even disclosed until the MGM attack. Apparently 6 terabytes of information was taken.

I actually signed up for a Caesar's rewards program on Sep 3rd or 4th but it was after the breach occurred..well at least I think because information is not really coming out about it from Caesar's (also part of the civil lawsuit). My husband however already had an account. He's received no such notice on it. These days it's usually standard that when something occurs notices are immediately sent out with information to contact them or what steps have been and will be taken.

I have had an MGM account same as my husband so we'll see if we get notification from them.

my oldest worked for a casino/hotel and the amount of random but SO USEABLE for fraud information they have in their data bases is mind blowing. you figure that people that sign up for rewards programs give some info like birthday and such but when you get into the hotel aspect on guests-notes on people's anniversary dates, if they have pets or service animals (used the pet friendly rooms or requested one), places concierge booked for them offsite, favorite flowers, vehicle plate numbers (valet's data base), airlines commonly used...all kinds of info people don't need in the wrong hands.