sábado, 13 de dezembro de 2014

Iranian Hackers Used Visual Basic Malware to Wipe Vegas Casino’s Network

Stop us if this Sounds Familiar: a Company Executive does Something that Makes a Foreign Government’s Leadership Upset. A Few Months Later, Hackers Break into the Company’s Network through a Persistent Cyber Attack and Plant Malware that Erases the Contents of Hard Drives, Shuts Down Email Servers and Phone Systems and Brings Operations to a Screeching Halt. That’s Not just What Happened to Sony Pictures Entertainment in Late November — it’s also What Happened to Las Vegas Sands Corp., Owners of the Sands, Venetian and Palazzo Hotels and Casinos, in a Cyber Attack that Began Last January. The Attack and the Damage it did, were Kept Quiet by the Company until it was Reported in a Story by Bloomberg Businessweek. Attempts to Reach Las Vegas Sands Corp. Have Gone Unanswered and a Spokesperson for Dell SecureWorks — which was Brought in to Clean Up the Mess Afterward and Determine its Cause — Declined to Speak about the Article, as it is the Company’s Policy Not to Discuss Work Done for a Customer.


But, according to Bloomberg’s Sources, the Sands Attack was Undertaken by “Hacktivists” Who were Responding to a Speech by Sands Majority Owner, Sheldon Adelson. The Billionaire 52% Owner of the Sands and Israeli Media Mogul, Made an October 2013 Appearance on a Panel at the Manhattan Campus of Yeshiva University, Where he Called for a Nuclear Attack on Iran to Get the Country to Abandon its Own Nuclear Program. “What I would do”, he said during the panel, rather than negotiating, “would be to say, ‘Do you see that desert over there ? I want to show you something’. You pick up your cell phone and you call somewhere in Nebraska and you say ‘Ok let it go.’…Then you say, ‘See ? The next one is in the middle of Tehran.” The Statement, which Circulated on YouTube from Smartphone Video, Reached Iran’s Leadership; Supreme Leader, Ayatollah Ali Khomeini Said in a November Speech that, the American Government should “slap these prating people in the mouth and crush their mouths”. Apparently Inspired by the Speech, the Attackers Started Probing Sands’ Network, Launching an All-Out Brute Force Password Attack on the Company’s Virtual Private Network Gateway at its Slots Casino in Bethlehem, Pennsylvania. Then, on February 1, they Breached a Microsoft IIS Development and Staging Server for the Casino’s Website and Used an Open Tool Called, 'mimikatz', to Obtain Usernames and Passwords.


Eventually, they Found the Credentials of a Senior Systems Engineer Who had Visited the Bethlehem Site from Las Vegas — which Gave Them the Keys to the Corporate Castle. “As they rifled through the master network”, Bloomberg’s Ben Elgin and Michael Riley Reported, “the attackers readied a malware bomb. Typing from a Sony (SNE) VAIO computer, they compiled a small piece of code, only about 150 lines long, in the Visual Basic programming language”. The Visual Basic Malware Written by the Attackers (Who, according to Investigators from Dell SecureWorks, were Likely “Hacktivists” Based in Iran and Not Attached to the Iranian Government) Worked in the Same Way as the Shamoon Attack on Saudi Aramco, the “DarkSeoul” Attack on South Korean Media Companies and Banks and the Recent Sony Pictures Attack. It Overwrote Portions of the Hard Drive of the Affected Machine and then Rebooted Them to Complete the Job.




Info Sources:

http://www.businessweek.com/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas#p2

http://www.huffingtonpost.com/2013/10/23/sheldon-adelson-nuke-iran_n_4150237.html

https://github.com/gentilkiwi/mimikatz

http://investing.businessweek.com/research/stocks/snapshot/snapshot.asp?ticker=SNE



0 comentários:

Enviar um comentário