The biggest threat to Canada’s thriving casino industry isn’t government regulation, it’s hackers. For the past 4 years, the industry has been under siege by a resourceful group of hackers. Dubbed FIN10 by authorities, they have extracted hundreds of thousands of dollars in a bold series of cyberattacks. This has been achieved by holding sensitive information hostage, and destroying the operating systems of those who don’t pay. One of the most remarkable factors is the fact that this group has pulled off these heists using public software. Authorities have their speculations, but the group remains at large.
FIN10, The Casino Industry’s Nightmare
According to top notch security vendor FireEye, Canada’s mining and casino industry is being targeted by an elusive hacker group. FIN10 has been extorting Canadian companies since 2013, and there’s no end in sight. Their modus operandi is simple, but the effects have been devastating for multiple corporations. The group has routinely broken into victim networks and seized sensitive business data. This ranges from personal information on top officials to corporate strategy documents. After the information has been extracted, the victims are alerted about the robbery.
Once they realize what information has been hijacked, the group demands a ransom fee to abstain from going public. This ranges from 100 to 500 bitcoins, which translates to $124,000 to $620,000. These staggering amounts vary depending on the sensitivity of the information. As soon as FIN10 gains access to the victim’s file servers, they download everything they can. This gives them access to a massive amount of sensitive data, which is nothing short of a goldmine.
After they are alerted of the security breach, the victims have 10 days to pay the ransom money. If the money isn’t paid, the first data dump takes place. From there, more data dumps occur every 72 hours. This cycle continues until all the hijacked information is made public, which can be detrimental for many companies.
On top of making all information publicly available, FIN10 has another way of punishing those that don’t pay. If board members refuse to corporate, the group deploys batch scripts that shut the entire operating systems down. This massive amount of destruction is achieved by simply deleting critical files that render the operating systems useless. Many companies have suffered these blows, while those who paid the ransom money have even been subsequently asked for more.
What makes these attacks particularly disturbing is the fact that they are doing this with public software. FIN10 manages to expertly use simple software like PowerShell, Meterpreter and Windows Remote Desktop Protocol to infiltrate networks. Once they have a foothold in the server, they escalate privileges until they have access to sensitive data. The exact way they pull off these feats is unknown, but there are theories. FireEye believes they are using spear-phishing emails to lure victims onto FIN10 controlled servers.
Four years after FIN10’s first heist, authorities are nowhere closing to apprehending them. They have openly evaded discovery by setting up a series of false flags. At first they portrayed themselves to be Russian hackers, but authorities later found that they were using online translation software. Since their main language isn’t Russian, many believe that they are based in North America. This assumption was made based on the fact that the group seems to be uncannily aware of business dealings on this continent.
It’s hard to say where they could be based, since Bitcoins provide the perfect heist. They are completely untraceable, and can be laundered in a slew of innocent looking ventures. For this reason, Canadian casino operators are on thin ice. Not much is known about this group, but the only thing that’s certain is FIN10 is still alive & well.