An unnamed casino in the US was hacked after attackers managed to exploit a weakness in the network, taking off with some amount of undisclosed data. The vulnerability in question was reportedly a smart fish tank with a direct connection to the Internet.
A lot of people may be wondering the reason behind having an internet-connected fish tank. The casino owners wanted to have everything done remotely, with their employees using said remote connection to feed the fish inside and to keep track of water temperature and other information on the tank.
It was the connection of that fish tank that exposed their network, however, as well as the entire casino to attackers. The hackers, who are currently unnamed and unknown managed to infiltrate the network and upload their data to a Finnish server. The breach was found out and fixed, but there were questions raised that have to be answered before connecting more 'smart' devices to the internet.
Details and the name of the casino or the kind of information that was stolen were not yet revealed.
First of all is it safe to have an unprotected smart fish tank online and connected to your local network? As the security company Darktrace mentioned for CNN, that is not the case. The vulnerabilities are often found by hackers instead of parent companies, meaning they have a specific window of opportunity to use that weakness against targets.
Justin Fier, who acts as a director of cyber intelligence and analysis for Darktrace was quoted saying that someone used the fish tank to sneak into the network, and once that happens, they scanned around and found more vulnerabilities and moved on to other parts of the system. Once inside the network, hackers usually go searching around for more security flaws in any connected machines, exposing companies to even more risks.
There is an excellent chance no sensitive data was accessed, as this would have led the casino to warn their customers of the breach in security.
The report showed examples from Darktrace's threat detection technology. Darktrace uses their technology that lurks on a company's network, watching for trouble and suspicious activity. That could mean anything from data transferred between computers or even actions done by connected smart devices such as the fish tank in question.
Whenever a piece of technology acts out in ways that make it seem like something is wrong, such as a device that sends off data to a location where it shouldn't, the software warns the company's security team.
An example of such a method of attack are smart drawing pads linked to unsecured WiFi were used to send off data to websites around the world. That was done in a denial of service type of attack, where the hackers scanned the web, looking for vulnerable devices they can exploit and flood with data.
Fier, who is an ex US intelligence contractor, expects more threats are coming from unexpected places. Phishing is one of the ways systems can be compromised, but there are often ways onto a system that are something of a novelty, such as this case.