17-year-old from England arrested in cyber hackings targeting MGM Resorts
Law enforcement authorities in England on Thursday arrested a 17-year-old boy in a small English town who is believed to have had a role in the September cyberattack that walloped MGM Resorts International for 10 days.
The unidentified teen was released on bond after being apprehended by the Regional Organised Crime Unit for the West Midlands in Wallsal, a small city in central England.
Representatives of the unit were assisted by Britain’s National Crime Agency, the U.S. Federal Bureau of Investigation and MGM.
The suspect was taken into custody on suspicion of blackmail and Computer Misuse Act offenses.
There was no indication how the suspect was affiliated with hacker gangs identifying themselves as Scattered Spider and ALPHV, which claimed responsibility for hacking into computer systems operated by Caesars Entertainment in August and at MGM Sept. 10.
MGM Resorts issued the below statement as part of the announcement from police:
“We’re proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyberattack against MGM Resorts and many others. We know first-hand the damage these criminals can do and the importance of working with law enforcement to fight back.
By voluntarily shutting down our systems, refusing to pay a ransom and working with law enforcement on their investigation and response, the message to criminals was clear: it’s not worth it.”
Caesars reportedly paid a $15 million ransom to hackers and was largely unaffected by the hacking incident while MGM didn’t pay anything but suffered through several days of computer problems after taking down its own systems to prevent further infiltration.
MGM reportedly lost $100 million as a result of the hack, but much of the losses were recovered through insurance payments.
The company’s website and hotel room booking engines were struck, the MGM app used by customers to enter their hotel rooms was offline. Restaurant and attraction reservation systems failed.
The company, fearing worse damage to their systems, shut down networked slot machines and instead had to pay slot machine winners manually instead of through a machine’s ticket in-ticket out system that produces vouchers that could be redeemed for cash or inserted into other machines.
The 10 MGM resorts in Las Vegas and its other resorts across the United States were unable to process credit card transactions, in-casino ATMs were off line and their paid parking access was compromised. Company email also was offline.
This is a developing story. Check back for updates.
Contact Richard N. Velotta at rvelotta@reviewjournal.com or 702-477-3893. Follow @RickVelotta on X. The Review-Journal’s Caitlin Lilly contributed to this report.