Are Brick and Mortar Casinos Safer Than Online Ones? Surprisingly, Not.

Many players are often wary of 18+ online casinos due to risks such as hacking, compromised sensitive information, and cheating. For this reason, players often utilize brick and mortar venues because they feel as if physical venues are non-tamperable and more secure than digital platforms. However, this assumption is incorrect as several distinguished American brick and mortar casinos have experienced cyber-attacks, losing customer and employee information nearly undetected.

Hackers have come around to target the least secure technological devices within a brick and mortar casino; IoT devices such as security cameras, smart thermometers, Alexa devices, smart TVs, smart fridges, and smart watches have been some of the internet-dependent devices affected by recent cyber attacks.

These devices are vulnerable because they rely on an Internet connection to stream real-time data and are not protected by traditional security features. Due to the current inability to secure all IoT devices, they expand a hacker’s attackable surface area by using these devices as an access portal to local and private networks.

One American brick and mortar casino had been breached through hackers utilizing the casino lobby’s aquarium temperature regulator. The regulator was a smart thermostat, which also controlled salinity levels and programmed optimal feeding schedules. As an IoT, the smart device was vulnerable to attacks and hackers were able to pull 10GB of data on the casino’s high roller database.

In fact, these issues are not exclusive to IoT devices as brick and mortar casinos are vulnerable to phishing and malware attacks all the same. In 2014, Iranian hackers attacked Sands Corp’s land-based casino in Bethlehem, Pennsylvania three months after owner Sheldon Adelson made an inappropriate comment concerning U.S. Iran nuclear relations.

The hackers first attacked the Bethlehem casino’s development and website staging server where they accessed the local network and then their VPN where the hackers used malware to retrieve high-level personnel logins including a Senior Systems Engineer’s which allowed them access to the entire Sand Corps network.

First, they shut down the network’s email servers, phone systems, and hard drives then proceeded to steal customer data such as credit cards, drivers license numbers, and social security numbers. The hackers then defaced every Sands Corp owned casino website, taunted Adelson, and shared employees’ socials online. Sands Corp’s IBM mainframe was untouched allowing Casino Resort guests’ access to their rooms and amenities during the attack.

Through a simultaneous steal and wipe method, the attack destroyed three-quarters of Sand’s servers nearly wiping the entire corporate network and its subsidiaries of company data. The 150 lines of code used for the attack heavily disrupted the company’s operations and bottom-line as it became more cost-effective to replace tampered systems rather than fixing them, costing the Sands Corp at least $40 million.

In 2015, the Hard Rock Casino in Las Vegas, Nevada experienced a similar cyber attack where unrelated hackers stole customer credit card information from their internal systems and servers over the course of 7 months without being detected. The following year, the River Cree Casino and Resort in Alberta, Canada was left vulnerable after a swift attack on their customer and employee’s personal information had been compromised over one weekend.

Another incident occurred at the Lumiere Palace in St. Louis, Missouri when the casino lost over $21,000 to Russian hackers via slot machine manipulation. The Russians involved were a part of a large Russian-based casino scamming syndicate that had been operational since 2009. The hackers were able to manipulate the brick and mortar casino’s slot machine through cracking its RNG technology via mobile streaming and alerting the personnel when the machine would provide the most payout.

Brick and mortar casinos are hackable and their information can still become compromised. Hackers are only getting smarter and physical casinos have yet to fully arm themselves against cyber attacks. With each attack, we learn how overlooking minor devices can become the Achilles heel to brick and mortar casinos.

The stigma of mistrust and uncertainty surrounding online casinos’ security must end if 18+ players are to look for more secure platforms as physical casinos continue to be attacked. Licensed and regulated offshore online casinos are safe and reliable gambling formats because they are built using top-tier security protocols on their servers, websites, and personal accounts. Online casinos understand exactly how they can be attacked and thus utilize military-grade security features from information scrambling to encryption.

However, not every casino found through a simple search is considered a safe bet. Many dress themselves up to appear legitimate and secure yet are not. For this reason, real money gambling and placing personal information on a credible recommended, and safe online 18+ casino strongly ensures an enjoyable and stress-free experience.