Hackers Stole Las Vegas Casino High-Roller Database Via Its Fish Tank

Hackers are gravitating from phishing to fish tanks, according to a cybersecurity expert, who related this week how criminals were able to steal a casino’s high-roller database by gaining access to its computer network via a smart thermostat in its tropical aquarium.

Casino fish tank
Cyber attackers were able to breach an unnamed Las Vegas casino’s security via its fish tank, such as the one seen here at the Silverton, which happens to have mermaids swimming in it. (Image: Silverton Casino)

Speaking at the WSJ CEO Council Conference in London, Nicole Eagan, the CEO of cyber defense company Darktrace, said that once the hackers had breached the system of the unnamed Las Vegas casino they were able to “pull [the database] back across the network, out the thermostat, and up to the cloud.”

News of the casino fish tank heist came amid warnings that hackers are increasingly targeting “internet of things” (IOT) devices to find their way into corporate networks. As internet-connected smart gadgets and appliances become more common, they are creating more weak links in corporate security, said Egan.

Monster Botnet

In 2016, the virulent Mirai botnet was able to harness the power of thousands of IOT devices across the world to launch the most powerful distributed denial of service (DDoS) attack ever recorded.

DDoS attacks cripple a company’s servers with thousands or requests for information and are typically accompanied by a ransom demand to restore normal services.

Mirai took out a large corner of the internet when it targeted Dyn, a company that controls much of the web’s DNS infrastructure. Major websites like Twitter, Netflix and CNN website were temporarily knocked offline by the assault.

Online gaming websites have long been targets for ransomed DDoS attacks, but hackers intent on stealing data are increasingly turning to land-based casinos in search of the financial details of wealthy patrons.

Hard Hit Hard Rock

The Hard Rock Las Vegas, among others, has been embarrassed by a series of breaches in recent years. Since May 2015, hackers have, on three separate occasions, been able to steal cardholder names, credit card numbers, and CVV codes from Hard Rock customers.

Also on the panel in London was Robert Hannigan, who ran the British government’s digital-spying agency, Government Communications Headquarters (GCHQ), from 2014 to 2017. He called for more regulation to establish a framework of safety standards for IOTs.

“With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem,” Hannigan said. “I saw a bank that had been hacked through its CCTV cameras, because these devices are bought purely on cost.

“It’s probably one area where there’ll likely need to be regulation for minimum security standards, because the market isn’t going to correct itself,” he added. “The problem is these devices still work – the fish tank or the CCTV camera still work.”

Philip Conneller
Philip Conneller Senior Reporter

In Philip Conneller’s eight years with Casino.org, he has covered the gaming industry from Las Vegas to Macau and everything in between. He currently focuses his coverage on gaming law, white-collar crime, global money laundering, tribal gaming, politics, and regulation.

Philip was the original features editor for poker’s Bluff Magazine and editor for Bluff Europe, which he helped launch. His writing has also been featured in ESPN, Forbes, Time Out, The Sun, and The Daily Star, as well as iGaming Business, eGaming Review, and numerous other industry news and tech websites.

His news stories for Casino.org/news have been linked by The Washington Post, The Daily Mail, People Magazine, and Jimmy Fallon's Tonight Show, among many others.

Philip once won $20,000 with 7-2 off-suit. He has been reprimanded for unwittingly playing Elton John’s piano on two separate occasions on both sides of the Atlantic.

He became a writer because he is a lousy pianist.

Philip lives outside London with his wife and children, where he spends his time agonizing about Arsenal FC.

Contact Philip at philip.conneller@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.