Scattered Spider Casino Hackers Remain Free Despite Being ‘Known’ to FBI

For months, the FBI has known the identities of at least 12 “Scattered Spider” hacking group members but has made no arrests. That’s despite many group members being based in the US and other Western countries, Reuters reported.

Scattered Spider, Octo Tempest, the Com, MGM, Caesars
MGM Resorts refused to pay a ransom to Scattered Spider and regained control of its systems after several days. But not before the attack had caused an estimated $100 million worth of damage. (Image: MGM Resorts Intl.)

Scattered Spider has been targeting corporations for the past two years but became notorious for its devastating ransomware attacks on MGM Resorts International and Caesars Entertainment in September.

Scattered Spider, also known as Octo Tempest, is an amorphous group of cyber criminals that engages in various crimes, from ransomware to sextortion and phone scams. They are known to discuss their activities on public forums like Telegram and Discord.

Scattered Spider and Octo Tempest are monikers coined by the cybersecurity community, not criminals. The individuals who attacked MGM and Caesars refer to themselves collectively as “Star Fraud.” They are part of a loose group of hackers called “the Com.”

MGM, which refused to pay up, saw disruption to its operations that lasted for days and caused an estimated $100 million in damage. Caesars paid a ransom of around $15 million to have normal services restored, according to The Wall Street Journal.

Spider’s Web

Scattered Spider’s MO often involves targeting tech personnel at corporations and using social engineering techniques to trick them into granting access to protected systems, as was the case with MGM.

Sometimes, they resort to threats of violence. In at least one incident, an employee was told his wife would be shot unless he disclosed his login credentials.

First noticed in early 2022, the group progressed from SIM swapping and crypto theft to extorting telecommunications, email, and technology organizations.

The FBI has been investigating the Com for some time. However, the casino attacks have amped up the pressure on the agency, and cybersecurity sources who spoke to Reuters this week expressed frustration at the lack of arrests.

‘Causing Havoc’

Michael Sentonas is president of CrowdStrike, one of many cybersecurity firms tracking the group.

“For such a small group, they are absolutely causing havoc. I would love for somebody to explain [the lack of arrests] to me,” he said, adding that the hackers were “known.”

Sentonas believes the situation points to a “failure” of law enforcement.

Casinos are prime targets for cybercriminals because of the vast amount of data accrued through loyalty programs and the credit card-intensive nature of hotel booking. But such attacks have appeared to be on the rise in recent years.  

Scattered Spider is notable because its members are mainly English-speaking. High-profile cybercrime has traditionally been the domain of East European criminal gangs or state-sponsored attacks orchestrated by China, North Korea, or Iran.

Philip Conneller
Philip Conneller Senior Reporter

In Philip Conneller’s eight years with Casino.org, he has covered the gaming industry from Las Vegas to Macau and everything in between. He currently focuses his coverage on gaming law, white-collar crime, global money laundering, tribal gaming, politics, and regulation.

Philip was the original features editor for poker’s Bluff Magazine and editor for Bluff Europe, which he helped launch. His writing has also been featured in ESPN, Forbes, Time Out, The Sun, and The Daily Star, as well as iGaming Business, eGaming Review, and numerous other industry news and tech websites.

His news stories for Casino.org/news have been linked by The Washington Post, The Daily Mail, People Magazine, and Jimmy Fallon's Tonight Show, among many others.

Philip once won $20,000 with 7-2 off-suit. He has been reprimanded for unwittingly playing Elton John’s piano on two separate occasions on both sides of the Atlantic.

He became a writer because he is a lousy pianist.

Philip lives outside London with his wife and children, where he spends his time agonizing about Arsenal FC.

Contact Philip at philip.conneller@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.