Canadian casino cyber-attacked

The River Cree Resort and Casino said on Friday it was the victim of a cyber attack on Monday and immediately alerted law enforcement and cyber security experts.

2016-03-21

Canada

Reading time 1:40 min

The River Cree Resort and Casino said on Friday it was the victim of a cyber attack on Monday and immediately alerted law enforcement and cyber security experts.

“We wanted to alert anyone potentially affected quickly and directly,” said Robert Morton, River Cree chief executive. “We are in the process of contracting those patrons and employees whose information may have been compromised and will provide them with recommended steps they can now take to protect themselves.”

River Cree, in Alberta, has more than 1,000 slot machines, 38 gaming tables, two ice rinks and an adjoining 249-bed hotel.

Few details of the computer hacking have been released to the public, although casino management said in a statement that no information from the casino floor was stolen.

The hacking incident follows the disclosure of the theft of tens of millions of dollars from Bangladesh’s account at the Federal Reserve Bank of New York this week and a separate admission by a Californian hospital that it paid a ransom of $17,000 to hackers to regain control of its computer systems after a hack.

Kevin Mandia, president of FireEye, a US-based cyber security company that is investigating the Bangladesh and Canadian casino hack, said these are examples of the growing sophistication of cyber criminals.

“Cyber extortion in the 1990s was on a different level of scale and scope, typically demands were for $5-15,000 to make a problem go away; now its millions,” he said.

He said hackers have begun to shift their focus away from stealing credit card numbers. “Now we have an anonymous currency, bitcoin, and I’ve always learned that anonymity does wonders for the criminal element far more than it helps well intentioned people,” he said.

FireEye has dispatched investigators to Bangladesh and the Canadian casino to collect and analyse data from the computer systems and try to determine how the breaches took place. They look at the malware used by the hackers to breach a system, the source and destination IP addresses, the internet domains used and who registered them to try and determine who is behind the attack.

Mr Mandia said it was unusual for cyber criminals to enlist insiders when breaking into banks’ systems as they generally liked to remain out of reach in safe harbour locations.

“It’s one more example of why we need to have a little more international co-operation. If we have world were you can steal millions of dollars and there are no risks or repercussions at all, we are not doing something right,” he said.