About a month after the conference would be enough time to discredit an obvious connection to the conference, while still making use of security breaches that might have been found during the conference. Most security experts know you have to abandon security hopes if you give the hardware to the user with direct access. And with a conference of DEF CON's size, you only need 1% malicious actors for 300 tragedy of the commons results.
MGM's not that far away on the strip for somebody to find a security exploit, and then start checking every nearby casino to see if it works at those casinos. Found a $1 million exploit? Might walk a few blocks to see if it can turn into a $10 million exploit. Non-negligible risk from a casino perspective.
Average casino-win per customer is usually ~$100/admission. [1] Three days [2] gambling for 30,000 = 9,000,000. Hotel stay revenue helps, yet it's usually only 25% of revenue per guest. [3] Casino visitation and attendance has also rebounded significantly in the last few years. [4]
So, higher than normal costs per attendee, attendees who believe they all spend less than normal conference participants, anecdotal stories of repeated high cost issues each year to resolve (ex: concrete poured in sinks on purpose, rooms broken into, satellite dishes stolen), increasing attendance numbers in Vegas, and a multi-$10 million slap a month afterward based on social engineering.
About a month after the conference would be enough time to discredit an obvious connection to the conference, while still making use of security breaches that might have been found during the conference. Most security experts know you have to abandon security hopes if you give the hardware to the user with direct access. And with a conference of DEF CON's size, you only need 1% malicious actors for 300 tragedy of the commons results.
MGM's not that far away on the strip for somebody to find a security exploit, and then start checking every nearby casino to see if it works at those casinos. Found a $1 million exploit? Might walk a few blocks to see if it can turn into a $10 million exploit. Non-negligible risk from a casino perspective.
Average casino-win per customer is usually ~$100/admission. [1] Three days [2] gambling for 30,000 = 9,000,000. Hotel stay revenue helps, yet it's usually only 25% of revenue per guest. [3] Casino visitation and attendance has also rebounded significantly in the last few years. [4]
So, higher than normal costs per attendee, attendees who believe they all spend less than normal conference participants, anecdotal stories of repeated high cost issues each year to resolve (ex: concrete poured in sinks on purpose, rooms broken into, satellite dishes stolen), increasing attendance numbers in Vegas, and a multi-$10 million slap a month afterward based on social engineering.
[1] https://www.americangaming.org/wp-content/uploads/2021/02/CG...
[2] https://forum.defcon.org/node/248358
[3] https://www.playusa.com/las-vegas-casino-hotel-revenue-numbe...
[4] https://gaming.library.unlv.edu/reports/national_monthly.pdf