Fin5 hacking crew hits jackpot, steals 150,000 credit cards from casino

Talk about hitting the jackpot: A new hacking group waltzed away with 150,000 credit card numbers stolen from a casino last year.

Experts at FireEye said the “Fin5” crew didn’t even break a sweat when it skipped through the unnamed casino’s “flat” IT framework to access the organization’s open payment systems, Hacked reported.

The casino didn’t have even the basic firewalls around its payment platforms, according to Emmanuel Jean-Georges and Barry Vengerik, researchers of Mandiant and FireEye. Jean-Georges told the news outlet what the casino had was “a very flat network, single domain, with very limited access controls for access to payment systems.”

“Had this casino hotel operator had even minimal or basic protections in place like a firewall with default deny systems to limit access to PCI (payment systems… it would have slowed down the attackers and hopefully set off red flags,” the researcher said, according to the Hacked report.