Scattered Spider Casino Hackers Remain Free Despite Being ‘Known’ to FBI

Posted on: November 14, 2023, 01:42h. 

Last updated on: November 14, 2023, 08:18h.

Philip Conneller @casinoorgphilc Read More
Expertise: Gaming Business, Regulation, Tribal Gaming.

For months, the FBI has known the identities of at least 12 “Scattered Spider” hacking group members but has made no arrests. That’s despite many group members being based in the US and other Western countries, Reuters reported.

Scattered Spider, Octo Tempest, the Com, MGM, Caesars
MGM Resorts refused to pay a ransom to Scattered Spider and regained control of its systems after several days. But not before the attack had caused an estimated $100 million worth of damage. (Image: MGM Resorts Intl.)

Scattered Spider has been targeting corporations for the past two years but became notorious for its devastating ransomware attacks on MGM Resorts International and Caesars Entertainment in September.

Scattered Spider, also known as Octo Tempest, is an amorphous group of cyber criminals that engages in various crimes, from ransomware to sextortion and phone scams. They are known to discuss their activities on public forums like Telegram and Discord.

Scattered Spider and Octo Tempest are monikers coined by the cybersecurity community, not criminals. The individuals who attacked MGM and Caesars refer to themselves collectively as “Star Fraud.” They are part of a loose group of hackers called “the Com.”

MGM, which refused to pay up, saw disruption to its operations that lasted for days and caused an estimated $100 million in damage. Caesars paid a ransom of around $15 million to have normal services restored, according to The Wall Street Journal.

Spider’s Web

Scattered Spider’s MO often involves targeting tech personnel at corporations and using social engineering techniques to trick them into granting access to protected systems, as was the case with MGM.

Sometimes, they resort to threats of violence. In at least one incident, an employee was told his wife would be shot unless he disclosed his login credentials.

First noticed in early 2022, the group progressed from SIM swapping and crypto theft to extorting telecommunications, email, and technology organizations.

The FBI has been investigating the Com for some time. However, the casino attacks have amped up the pressure on the agency, and cybersecurity sources who spoke to Reuters this week expressed frustration at the lack of arrests.

‘Causing Havoc’

Michael Sentonas is president of CrowdStrike, one of many cybersecurity firms tracking the group.

“For such a small group, they are absolutely causing havoc. I would love for somebody to explain [the lack of arrests] to me,” he said, adding that the hackers were “known.”

Sentonas believes the situation points to a “failure” of law enforcement.

Casinos are prime targets for cybercriminals because of the vast amount of data accrued through loyalty programs and the credit card-intensive nature of hotel booking. But such attacks have appeared to be on the rise in recent years.  

Scattered Spider is notable because its members are mainly English-speaking. High-profile cybercrime has traditionally been the domain of East European criminal gangs or state-sponsored attacks orchestrated by China, North Korea, or Iran.