How a Hacker Used a Casino’s Fish Tank to Steal the High-Roller Database

Google+ Pinterest LinkedIn Tumblr

Most casino visitors would see a fish tank as a way to create a level of ambiance in the space. But some hackers see it as an opportunity. As more businesses and homes embrace “internet of things,” or IoT, devices, they may be leaving themselves vulnerable to intrusions. And that’s precisely what happened at one casino.

The unidentified casino had a large fish tank with a connected thermostat in the lobby. Hackers were able to access the device and use it to gain entry into corporate systems.

Once inside, the hackers made off with the casino’s high-roller database.

Nicole Eagan, the CEO of Darktrace, discussed the risks of IoT devices at the WSJ CEO Council Conference on Thursday, according to a report by Business Insider.

“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices,” she said. “There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.”

“The attackers used that to get a foothold in the network,” Eagan stated while discussing the casino hack. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”

While Eagan did not identify the casino during the talk, she could be referencing a report, published last year by Darktrace, that referenced a casino located in North America.

IoT devices usually don’t have the same level of security protections as other devices on networks, such as encryption, which can leave them vulnerable to attack.

Robert Hannigan, who formerly ran the Government Communications Headquarters in Britain, echoed Eagan’s sentiment.

“With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem,” said Hannigan.

“I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost,” he added.

Hannigan believes that additional regulation is necessary to help set safety standards for IoT devices.

“It’s probably one area where there’ll likely need to be regulation for minimum security standards, because the market isn’t going to correct itself,” Hannigan stated. “The problem is these devices still work – the fish tank or the CCTV camera still work.”