This screen shot provided by the Las Vegas Review Journal shows the Sands web site that was hacked on Monday Feb. 10, 2014. A Nevada gambling regulator said Thursday that the hackers who knocked down all Las Vegas Sands websites for two days and counting did not steal any patron data, including credit card information. Nevada Gaming Control Board chairman A.G. Burnett said regulators’ first priority after the world’s largest casino operator was hacked Monday was to ensure the safety of player information and the integrity of the gambling systems. (AP Photo/Las Vegas Review-Journal)
LAS VEGAS (AP) — Casino giant Las Vegas Sands Corp. said Tuesday that hacking into their websites and internal systems last week went deeper than the company had previously known.
All of the Las Vegas-based company’s sites were down for six days after hackers posted images apparently condemning comments CEO Sheldon Adelson made about using nuclear [auth] weapons on Iran.
Sands said hackers crashed its email system and stole employees’ Social Security numbers.
But a video posted online appears to catalog stolen information that goes much further.
Sands spokesman Ron Reese said the company is reviewing the 11-minute video that appears to show dozens of administrator passwords, including passwords for slot machine systems and player information at Sands’ Bethlehem, Pa. casino. It also shows employee files and a diagram of the company’s internal networks. He said the company did not know about the additional incursions until it started investigating the video.
“We have now determined that the hackers reached at least some of the company’s internal drives in the US containing some office productivity information made up largely of documents and spreadsheets,” he said in a statement. “We have seen the video and are continuing to investigate what, if any, customer or additional employee data may have been compromised as part of the hacking.”
The FBI, Secret Service and Nevada Gaming Control Board are investigating the hacking. Neither of the federal agencies would comment on the matter, and Control Board Chairman A.G. Burnett also declined to comment, saying he had not yet seen the video.
A person using the name Zhao Anderson sent the video to The Associated Press on Monday by email, and it was also posted on YouTube by a person using the same name. The AP could not verify the person’s identity, or the information contained in the email.
Reese declined to say whether Sands had changed its administrative passwords in response to the hacking.
The hacking affected Sands’ corporate website, as well as the sites for casinos in Las Vegas, China, Singapore, and Bethlehem, Pa. Sands restored the websites Monday afternoon, though not exactly as they were before the attack.
Adelson is an outspoken supporter of Israel and a generous donor to U.S. Republican Party campaigns. He spoke in October about dropping a nuclear bomb on Iran, saying strength was the only thing the country understands.
The hackers at one point referred to themselves as the “Anti WMD Team.” Cybersecurity experts say it could have taken several months for so-called “hacktivists” to complete an attack on Sands’ networks.
Sands, which is the world’s largest casino company in terms of revenue, also owns the world’s largest casino, in the Chinese gambling enclave of Macau. The company’s net income was $2.31 billion last year.
Sands has not said what effect the hacking attack has had on the company’s bottom line. Sands has said it has been able to continue booking visitors by telephone.
Since the hacking became public last Tuesday, Sands stock has risen about 3.7 percent to $80.69.