A TikTok user is being dragged by hackers after attempting to link a major cyberattack in Las Vegas to last month’s DefCon hacking convention.
MGM Resorts International, which operates numerous hotels and casinos in Las Vegas, began experiencing a series of technical issues this week that led to the shutdown of everything from slot machines to payment systems.
The company admitted on Thursday in a filing with the SEC that it was the victim of a cyberattack, which Russian ransomware groups have taken credit for.
But one conspiratorial TikTok user has attempted to link the cyberattack to the world’s largest hacker conference that’s been held annually in the city for the past three decades.
“When it comes to the MGM cyberattack, I think this information is crazy,” the user WFF News said. “Exactly one month before the cyberattack, DefCon, the world’s largest underground hacker conference, was held at Mandalay Bay, an MGM property.”
While the TikToker steers clear of outright blaming the conference for the cyberattack in Las Vegas, the video closes out with an ominous suggestion that the timing is quite the coincidence.
“Now, I’m not saying that DefCon, the world’s largest hacking convention, held at Mandalay Bay, has anything to do with the cyberattacks at MGM’s properties,” the user says. “I’m just saying it’s a weird coincidence.”
Yet attendees of DefCon, which include hackers, researchers, and security professionals, were quick to tear the video apart for its numerous falsehoods.
DefCon, which was held this year from Aug. 10 to 13, was not at Mandalay Bay. The convention instead was held across Caesars Forum, the Flamingo, Harrah’s Hotel, and the Linq Hotel.
Over on X, former NSA hacker Jake Williams bemoaned how the false claims could catch on among conspiracy theorists.
“And this is how conspiracy theories start. Nevermind that this is factually inaccurate,” Williams wrote. “People desperate for coincidence usually don’t care about facts.”
Sean Gallagher, a threat researcher with the cybersecurity firm Sophos, likewise highlighted the video’s false remarks.
“Why let facts get in the way of a totally awful post,” he said.
Back on TikTok, the video’s comment section was similarly flooded. While a small handful of the account’s followers appeared to view the video’s premise as likely, the vast majority of commenters pushed back on the narrative from WFF News.
“Tell me you know nothing about cybersecurity without telling me… etc,” a user said.
“It’s been known for a long time that the DEFCON attendees actually help MGM’s IT department to find their vulnerabilities and improve their operation,” another added.
While details remain scant, MGM Resorts International stated in its filing to the SEC that the cyberattack began after a phishing attack was made against a third-party IT support vendor.
VX-Underground, a collective of cybersecurity researchers, claimed earlier this week that the phishing attack came in the form of a simple phone call.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” the group wrote, referring to the Russian ransomware group allegedly responsible. “A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”
