A 17-year-old boy appeared in juvenile court this week, accused of helping to launch a massive cyber attack on two Las Vegas casino giants that cost tens of millions of dollars.
MGM Resorts International and Caesars Entertainment — the largest casino operator in the world — were the victims of the “sophisticated” hack in 2023, triggering an FBI probe.
The teenager, who lives in Chicago, turned himself in on September 17 after detectives from the FBI’s Las Vegas Cyber Task Force identified him as a suspect.
At the time of the attack, the suspect was 15. He is accused of committing cyberterrorism “without stepping foot outside his home,” Chief Deputy District Attorney Summer Clarke said at a hearing in juvenile court Wednesday.
Caesars Entertainment handed over $15 million to the alleged hackers to settle the ransomware attack.
The attack on MGM Resorts, which did not comply with the extortion, resulted in damages of about $200 million, Clarke said, though the company disputed the amount.
More than 65,000 Social Security numbers were also compromised in the attack.
“The level of sophistication he possesses and the criminal acts he is capable of cannot be overlooked by this court,” Clarke said, arguing for the teenager to remain in custody.
The prosecutor said he was a danger to others. “We don’t know what subject has access to, who he has access to, or how he has access to it,” she said, according to 8 News Now.
His defense attorneys said his surrender indicated that he “is not a risk of flight,” and District Court Judge Dee Butler ordered his release until his next court appearance.
Arrangements were made with his parents to ensure he doesn’t violate the terms of his release.
In September 2023, MGM resorts said the hack was affecting reservations and casino floors in Las Vegas and other states. Videos on social media showed slot machines had gone dark and customers complained their hotel room cards weren’t working.
Authorities said the teen allegedly has $1.8 million worth of bitcoin from the attacks but they are unsure of its whereabouts.
The suspect has not been named because of his age but he may end up being charged as an adult.
He is facing charges of extortion, unlawful acts regarding computers, and obtaining and using another person’s identifying information to harm or impersonate.
MGM said it “responded swiftly and shut down” certain U.S. company systems after the issue was detected. This caused “disruptions” at some of its properties, “but allowed the Company to prevent the criminal actors from accessing any customer bank account numbers or payment card information.”
“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars told the Securities and Exchange Commission in in a September 2023 report.
