Who Hacked The Two North Carolina Caesars Casinos?

Two casinos in North Carolina were among the victims of a sophisticated cyber attack in September. The hackers targeted Harrah’s Cherokee Casino in Cherokee and Harrah’s Cherokee Valley River in Murphy. The hackers breached the computer systems at both gaming venues as part of a nationwide criminal effort.

Both Harrah’s North Carolina casinos, operated by Caesars Entertainment, are fully functional after a data breach by a hacker organization. It’s unclear whether customer data was compromised. Some customers have initiated class-action lawsuits against Caesars and MGM in Nevada over the incident. The same group also hacked MGM Resorts casinos in the U.S. in September.

What did the hackers do to Caesars casinos in North Carolina?

North Carolina casinos are thought to be safe from nefarious cyber attacks. However, the recent incident perpetrated by an international hacker organization called “Scattered Spider” underscores the challenges gaming companies face in safeguarding data and their systems.

Allegedly, the hackers took control of computers (Okta servers) inside Caesars casinos in North Carolina and in a handful of other states. The hackers inserted ransomware and demanded payment in return for an encryption code to allow Caesars to regain control. According to reports, Caesars did pay a ransom to the criminal hackers.

For several days, Caesars casinos in North Carolina had issues with their reservation systems, email servers, website, and slot-related activity. This included the free play and rewards programs. The two Harrah’s casinos could not cash checks or issue winnings over a certain amount for at least a few days.

Caesars and MGM apparently use the same type of computer and security systems at all of their casino and resort locations. This made it easier for Scattered Spider to succeed in its attacks in as many as six states.

The systems are back to normal at Harrah’s Cherokee Casino and Harrah’s Cherokee Valley River. The fact that hackers infiltrated the Caesars data systems is troubling. According to Scattered Spider, the group used a VoIP hack to pose as Caesars IT staff. This allowed them to gain passwords from employees. Caesars North Carolina has not issued a statement regarding the failures of the two casinos in the state. Caesars Entertainment has promised to provide details in a filing with federal authorities in the near future.

Security watchdog groups worry that the hackers copied sensitive customer data at the North Carolina Caesars locations.

Scattered Spider – who are they?

Shortly after Caesars and MGM revealed the cyber threats, a group called “Scattered Spider” claimed responsibility. Law enforcement has known about the group for at least three years. It also goes by Muddled Libra, UNC3944 and Scatter Swine.

According to the Washington Post, Scattered Spider is a “ransomware gang.” Individuals from at least three nations make up the group:

  • The United States
  • The United Kingdom
  • Russia

The group has taken credit for several ransomware attacks. They use password-hijacking by pretending to be IT staff. The hackers can spoof phone systems and trick employees that their calls are from extensions inside the company.

Scattered Spider has worked previously with ALPHV, a Russian-based hacker cooperative, that shares its illegal tactics for infiltrating computer systems on the dark web. ALPHV reportedly accepted responsibility for the attacks on Caesars and MGM in September.

According to Tech Crunch and the Washington Post, ALPHV supplied the ransomware code Scattered Spider employed to worm its way inside the casino computer systems. Security experts think a coalition is building between young hackers in the U.S., U.K., and Russia to undermine financial and casino companies. Some of the members of Scattered Spider may be American teenagers, bent on getting cryptocurrency as ransom after breaching private data from their victims.

Unfortunately, success had bred success for Scattered Spider, which reportedly refers to itself as Star Fraud and “Com” in online chat groups. As the hackers secure ransom payments, those funds have helped them forge relationships with other criminal hackers across the globe.

What is being done to shut down casino hackers?

Little is known of law enforcement efforts to apprehend the hackers responsible for the cyber attack on Caesars.

Caesars has a toll-free 24-hour hotline for those who may have been impacted by the cybersecurity breach. But beyond that, until the FBI or state authorities come forward with more details, it’s unclear how close anyone is to finding the perpetrators.

The fact that Caesars allegedly paid a ransom could be troubling for others, as it may only embolden Scattered Spider and its collaborators to attack other targets.

Gus Fritschie, senior vice president of Bulletproof, a cybersecurity firm owned by Gaming Laboratories International, which also partners with the NC Lottery Commission to regulate sports betting, indicated that both Caesars and MGM had taken the necessary precautions.

In Fritschie’s estimation, the attack proved the harrowing point that “anybody is vulnerable.”

About the Author

Dan Holmes

Dan Holmes writes about sports betting, sports media, and sports betting legislative matters. He's the author of three books, and previously reported for Major League Baseball, as well as the National Baseball Hall of Fame and Museum.