A Casino’s Hacked Internet-Connected Fish Tank

An internet-connected fish tank at a casino may appear like something out of a cyberthriller novel, but its security impact cannot be overstated. It serves as an example of how even seemingly innocuous devices connected to the Internet of Things (IoT) can become gateways for hackers.

The aquarium in question was a high-tech installation installed in the casino lobby that featured internet connectivity for remotely monitoring water temperature and salinity levels as well as automating feedings. Furthermore, this device communicated with other connected devices throughout the casino using its own network so as to maintain confidentiality from commercial networks.

Unfortunately, due to its internet connectivity, the aquarium was vulnerable to brute force attacks by hackers who exploit known vulnerabilities in IoT software. Hackers exploited factory default passwords and unpatched software flaws in order to gain unauthorized entry to its controller and move laterally across casino networks in search of customer personal data that had not yet been protected from being exposed by their services provider.

Though seemingly absurd, aquarium hacks have long been used against businesses as part of cybercriminal networks’ attempts to gain entry. IoT devices such as aquariums have provided cybercriminals a gateway into corporate networks.

As more physical appliances, devices, and practical tech gain internet connectivity, this issue becomes a greater threat. Many business leaders don’t realize that smart devices connected to the web may become targets for hackers who seek entry to sensitive systems.

Hackers used a hacked fish tank at a casino to gain entry and ultimately remove 10GB of data from its servers to an unknown device in Finland – likely including sensitive information about high-roller players at the casino. Although hackers never disclosed exactly which information was stolen, one can assume it included sensitive details about these individuals.

Attributed attacks are preventable through employing basic security protocols and conducting regular vulnerability assessments of all internet-connected devices on a network. By segmenting sensitive information away from less secure devices and employing strong authentication and encryption of both in transit and at rest data, companies can significantly decrease their exposure to creative attacks.

Though it’s impossible to know whether the casino would have been protected had they implemented these security measures, it is clear that business leaders need to be more diligent with regards to network security and how much protection should be offered for IoT devices within their networks – even something as seemingly harmless as an aquarium thermometer can pose serious threats to a business’s financial health.