Attendees to a hacker convention in Las Vegas have accused Resorts World staff of harassment. [Image: Shutterstock.com]

Hackers in town

Mulitple Las Vegas casinos have fallen victim to cyberattacks over the past 12 months. It perhaps seems natural, therefore, that they might have been extra cautious when thousands of hackers decided to come to town for the annual DEF CON convention last week, but attendees have complained that this caution went a little too far.

they were being treated like criminals by security

The hotel of Resorts World Las Vegas played host to many attendees of the convention this year, which ran from Thursday to Sunday at the Las Vegas Convention Center, and attendees of the cybersecurity conference complained that they were being treated like criminals by security.

In notices from Resorts World shared on social media, the casino-hotel warned guests of “room checks on all stay over rooms” in the block reserved for DEF CON attendees. Guests have also shared their own personal stories to social media, complaining of harassment by overzealous security staff with the intention to intimidate.

Negative reports

Speaking with the Las Vegas-Review Journal, Korvin Szanto of Portland explained that he felt security did not have much clue what they were searching for in room checks. “They knocked and came in, and showed me a big, long list of stuff that they wanted to look for,” he explained. “It had things like random cables and a USB thumb drive. I said ‘You have these things.’”

Meanwhile, Chandler Emhoff of Ohio deemed it “kind of an invasion of privacy.” He said Resorts World was stereotyping the convention attendees as criminals.

Some DEF CON attendees shared their negative experiences on forums, such as Hacker News. One, known by the username FickleRaptor, said security demanded their ID and threatened to have them arrested for trespassing. “The issue was that my colleague was one of the amateur radio VE for the ham radio village and happened to have his handheld with him,” they explained, adding that the guard was “aggressive, entitled, and arrogant.”

FickleRaptor said they believed this was “deliberate, malicious abuse” by Resorts World with the intention to force DEF CON attendees to leave once they had paid and checked in. They said they would not be staying in the hotel-casino again “unless they issue a really, really excellent apology.”

Reason for caution

Although DEF CON attendees have taken umbrage with their treatment, they are also undoubtedly aware why Las Vegas casinos are so cautious around potential hackers. Cyberattacks on Caesars Entertainment and MGM Resorts International are still fresh in the memory in the Nevada city.

Caesars ultimately paid its attackers $15m to regain control of its systems following a hack last year, enabling the company to minimize the impact on its operations. In doing so, Caesars was able to keep the attack under wraps until MGM fell victim to a similar hack just weeks later.

gave the hackers access to large amounts of customer data

It first became apparent that MGM was victim of a hack in mid-September. The attack affected MGM casinos in Las Vegas, shutting down several services, including ATMs, slot machines, and even elevators. It is estimated that the attack, which lasted multiple weeks as the operator refused to pay the hackers, cost MGM around $100m in the end, and gave the hackers access to large amounts of customer data.  

Experts believe these hacks were the result of cooperation between young, western hackers and Russian cybersecurity experts. The FBI has blamed Scattered Spider, a hacker organization of mainly native English speakers that specializes in social engineering attacks. The group supposedly worked with BlackCat, a Russian group that provides ransomware as a service.