HACKERS hijacked a casino’s high-tech fishtank to steal a treasure trove of data on the establishment’s biggest spenders.
The incident once again throws light on the cyber-security issues that come with connected smart devices and the internet of things.
Nicole Eagan, CEO of British machine learning cyber-defense startup Darktrace, told a panel of US and European policy makers and tech execs of the incident, which saw hackers breach the smart themometer the casino was using to monitor the water of an aquarium in its lobby.
“The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud,” said Eagan.
The hackers, who were based in Finland, transferred around 10GB of data from the US casino’s high-roller database to their overseas network.
Darktrace’s artificial intelligence software apparently identified unusual activity on the casino’s system as soon as it was installed.
“This was a clear case of data exfiltration, but far more subtle than typical attempts at data theft,” Darktrace noted in its Global Threat Report 2017.
“The incident demonstrates the need to have complete visibility of every user and device – including internet-connected fish tanks.”
As Eagan noted, the growing popularity of internet of things devices (think Amazon Eco speakers, self-driving cars, and smart fridges and tellys) makes people more vulnerable to cyber-attacks.
“There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses,” she said.
Most read in tech
Darktrace’s automated anti-hacking system has been used by the Church of England to block ransomware attacks (a type of malicious software that threatens to publish a victim’s data or block access to it until a payment is made).
Its other customers include BT, Birmingham Airport, and Japanese internet giant Rakuten.