Casino lets hackers in via the fish tank
If you run a casino, you’re a bit of a target. Your whole business model operates on the basis that anyone can walk in and take your money based on a game of chance. Yes, the house somehow always wins, but only when people stick to the official games of roulette and poker, and stay away from the very unofficial game of cracking the security on the internet-connected fish tank.
An unnamed casino in America suffered this kind of unwelcome attention, according to Darktrace’s corporate network report. Despite having some security in place, the hackers were able to access the main network and send data to a device in Finland before the remote access was spotted.
“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Fier, Darktrace’s director of cyber intelligence and analysis, told CNN.
Which is all very interesting, but doesn’t answer the main question for me, which is this: why would anyone want a smart fish tank? Turns out the fish tank was basically like a luxury smart home for its piscine occupants: ensuring that their environment was kept comfortable and they were fed on a regular basis, leaving the casino owners free to wander around looking for card-counters.
That’s the trouble with Internet of Things technology: every device you add to your network gives hackers another entry point – and security often isn’t top priority for device developers. Even if a hacked fish tank can’t do personal harm to you (it’s not your dinner times that could be disrupted, to be fair), there’s a risk that your devices could be part of something unsavoury, like with the Mirai malware that created an army of IoT devices to overload servers with co-ordinated attacks.
The risk is so great that one morally ambiguous hacker has taken the law into their own hands – deliberately seeking out unsecured IoT devices and breaking them before they can do any damage.
So if you’re opening up a casino, maybe it’s best to feed the fish yourself. Or just put up a nice (unconnected) painting instead.