Bloomberg Businessweek reports: Investigators from Dell SecureWorks working for [Sheldon Adelson’s casino empire, Las Vegas] Sands have concluded that the February attack was likely the work of “hacktivists” based in Iran, according to documents obtained by Bloomberg Businessweek. The security team couldn’t determine if Iran’s government played a role, but it’s unlikely that any hackers inside the country could pull off an attack of that scope without its knowledge, given the close scrutiny of Internet use within its borders. “This isn’t the kind of business you can get into in Iran without the government knowing,” says James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. Hamid Babaei, a spokesman for Iran’s Permanent Mission to the United Nations, didn’t return several phone calls and e-mails.
The perpetrators released their malware early in the morning on Monday, Feb. 10. It spread through the company’s networks, laying waste to thousands of servers, desktop PCs, and laptops. By the afternoon, Sands security staffers noticed logs showing that the hackers had been compressing batches of sensitive files. This meant that they may have downloaded — or were preparing to download — vast numbers of private documents, from credit checks on high-roller customers to detailed diagrams and inventories of global computer systems. Michael Leven, the president of Sands, decided to sever the company entirely from the Internet.
It was a drastic step in an age when most business functions, from hotel reservations to procurement, are handled online. But Sands was able to keep many core operations functioning — the hackers weren’t able to access an IBM (IBM) mainframe that’s key to running certain parts of the business. Hotel guests could still swipe their keycards to get into their rooms. Elevators ran. Gamblers could still drop coins into slot machines or place bets at blackjack tables. Customers strolling the casino floors or watching the gondolas glide by on the canal in front of the Venetian had no idea anything was amiss.
Leven’s team quickly realized that they’d caught a major break. The Iranians had made a mistake. Among the first targets of the wiper software were the company’s Active Directory servers, which help manage network security and create a trusted link to systems abroad. If the hackers had waited before attacking these machines, the malware would have made it to Sands’ extensive properties in Singapore and China. Instead, the damage was confined to the U.S. [Continue reading…]