How Hackers Used a Fish Tank To Steal Casino Data

Cyber security firm Darktrace reported an astonishing feat recently – it discovered hackers attempting to steal data from a North American casino network by hacking into the casino’s smart fish tank.

Example of a fish tank in relation to the hacking incident
Image Credit: rt.com

Here Fishy, Fishy …

In one of the most bizarre methods of hacking into a casino’s mainframe ever recorded, the hacking attempt showed how almost any item that is connected to an online network can become a threat to your security.

This latest incident is a huge wake-up call to big land-based casinos that are becoming fixated with this trend of syncing up all sorts of technology to their online network. It shows just how vulnerable these pieces of technology are making casinos to online hackers.

On this occasion, the casino was relatively fortunate with the attack being halted before any real damage could be done. 10 GB of data was sent to a device located in Finland before the attack was stopped.

Obviously if the hacking had not been uncovered as quickly as it was, the casino could have been suffering from far more devastating consequences.

A Problem Far Deeper Than Fish Tanks

Darktrace released a report on the issue of casino security and identified nine unusual threats posed to corporate networks.

The most vulnerable sector, point of entry, and apparent objective was listed for each threat.

The logo for Darktrace, a cyber security firm
Image Credit: owler.com

The smart fish tank was linked to the gaming and entertainment industry with the apparent objective of the attack being to take control of the IoT device to steal valuable information.

It was essentially a form of data theft but it was a lot more subtle than had been previously witnessed in other data theft cases.

There were eight other threats that consisted of…

  • Autonomous response against ransomware
  • IoT (Internet of Things) devices co-opted into denial-of-service attack
  • Malicious insider harvests data
  • Aggressive banking Trojan
  • Former employee credentials compromised
  • Data storage threatens intellectual property
  • Internet data theft from the cloud
  • Advanced Bitcoin mining operation

As technology continues to advance, this report blows the lid on the risks that come with linking up different items to the mainframe network.

It technically turns innocent pieces of technology into gateways for hackers to gain entry into the entire network of a firm.

A Sinister Evolution

Hackers are becoming more confident with the technology available these days, so hacking is now more of a common problem than it was.

In 2016, a Canadian-based Cowboys Casino network was hacked into with client, employee, internal emails, and corporate data all stolen by the hackers.

Another incident of a land-based casino getting hacked came at the end of 2016 when Casino Rama Resort in Ontario, Canada became the victim of a hacking.

The hacker claimed to have stolen financial reports, debt information, and patron credit inquiries dating back to 2004.

An example of a hacker, on a background of binary code
Image Credit: theodysseyonline.com

Frighteningly, in both cases, the hackers had already stolen a large of amount of data before the hacking was even identified. The covert manner in which the hackers broke into the casino networks left security teams stumped.

Awareness is now spreading about how technology linked into the casino networks can provide easy access for hackers.

What Next?

Security and surveillance teams at casinos across the globe will now be entering a period of intense scrutiny with employees being asked to remain extra vigilant.

Other items of technology such as smart drawing pads, mobile devices, and music docking stations are just a few examples of how casino networks can be breached, so these are being looked at by cyber experts at casinos too.

It only takes one point of entry for a hacker to breach a casino’s network. The long-term concern for casinos is not only how they deal with their own technology linking to the casino network.

It is a completely different problem addressing how guests and their use of technology will impact on this issue. Atlantic City and Las Vegas casinos may well need to review whether or not it is secure to offer complimentary iPad devices for guests to use to gamble with during their stay.

These are indeed very concerning times for casinos and the players that visit them.