A mysterious group known as Scattered Spider has been wreaking havoc on corporate America, leaving the U.S. Federal Bureau of Investigation (FBI) struggling to catch up. For over two years, this hyper-aggressive cybercrime gang has embarked on a casino hacking crime spree that involves the luxurious MGM Resorts International and Caesars Entertainment.
Scattered Spider Hacking
According to Reuters, the FBI has known the identities of at least a dozen members for over six months but has yet to arrest anyone.
Scattered Spider made headlines after the September 2023 casino hacking at MGM Resorts International cost the company approximately $100 million in damages. At the same time, Caesars Entertainment allegedly paid a hefty $15 million ransom to regain control of its systems.
The severity of these casino hacking attacks has led to frustration among industry executives. Leading the charge against Scattered Spider are prominent cybersecurity firms such as CrowdStrike, Alphabet’s Mandiant, Palo Alto Networks, and Microsoft.
They have been actively involved in collecting evidence to uncover the hackers’ identities and aid law enforcement.
However, the apparent lack of progress in apprehending the casino hacking culprits raises questions about the effectiveness of current law enforcement efforts.
ZeroFox’s Chief Executive, James Foster, attributed the slow response to a lack of manpower. Multiple reports have indicated that the bureau has experienced a significant loss of its top cyber agents to the higher-paying private sector.
“Law enforcement, certainly at the federal level, has all the tools and resources they need to be successful in going after cyber criminals,” Foster explained about the casino hacking case. “They just don’t have enough people.”
Scattered Spider Scattered Structure
Scattered Spider, also known as Star Fraud in certain circles, operates in a loose-knit fashion, complicating law enforcement’s efforts to track and apprehend its members.
Challenges include a shortage of staff within the FBI’s cybercrime division, victims’ hesitancy to cooperate. And the group’s amorphous structure, making coordination between FBI field offices challenging.
The casino hacking group’s structure, composed of small clusters collaborating intermittently on specific tasks, is what earned it the “Scattered Spider” moniker.
Hacking Casinos From Abroad
The illusive casino hacking group’s members, primarily based in Western countries, communicate through social messaging apps like Telegram and Discord.
This has further hindered the FBI’s ability to efficiently coordinate its efforts across different field offices. What makes Scattered Spider’s crime spree particularly intriguing is their involvement in various illicit and dangerous schemes.
This includes sextortion, ransomware, phone-based scams, and even ‘violence-as-a-service.’ Recent reports highlight the casino hacking group’s threatening tactics, including messages indicating physical harm to individuals unless specific demands are met.
In October, Microsoft released a report citing hackers affiliated with Scattered Spider threatening to harm employees of a targeted organization unless they provided the required passwords.
“If we don’t get [your] login in the next 20 minutes, we’re sending a shooter to your house,” one of the casino hacking group’s messages read. “[Your] wife is gonna get shot if you don’t fold it,” read another threatening text.
“I think they are pathological,” the founder of Mandiant, Kevin Mandia, said in an interview. “We have seen how they interact with victim companies. They are ruthless.”
Hacking Spree As A Movie
Scattered Spider’s casino hacking crime spree would make a great movie. The film could delve into the complexities of modern cybercrime and the challenges faced by law enforcement in an era where criminal organizations operate with unprecedented sophistication.
The cat-and-mouse game between the hackers and the FBI, combined with the involvement of powerhouse cybersecurity firms, would be a sure hit with viewers.