Hackers download US casino’s high roller data via fish tank thermostat

April 23, 2018 2:41 PM
  • CDC Gaming Reports
April 23, 2018 2:41 PM
  • CDC Gaming Reports

Hackers are finding ever more creative ways to breach the defenses of organizations, and, of course, casinos, both live and online, are juicy targets; gambling sites remain the most frequently hacked sites of all types of businesses in terms of DDoS attacks. A recent successful attempt marks a probably unprecedented level of creativity in choice of attack mechanism, as hackers successfully stole the high rollers’ list from a brick and mortar casino by hacking the smart thermometer used to monitor temperature levels in the casino fish tank.

Story continues below

The casino in question has yet to be named, and understandably are not keen to have their name in the spotlight over this. We know that it was a US casino, and that the hackers were from Finland. There was no camera mounted on the thermometer, and hackers did not actually peer into the physical space of the casino floor to gain their info.

In the ever-expanding so-called Internet of Things, a vast array of smart devices now exist which are linked by one means or another to the wider network but which don’t possess the same protections against hacking that a full PC usually would. Thus, hackers are now frequently targeting such devices as gateways into other, harder-to-penetrate systems.

These devices can include everything from smart light bulbs to smart locks, to smart toothbrushes. More are coming. They say the day will come where computing is essentially simply threaded through all or most physical artifacts, with no further need for screens or other interfaces.

Once they have this initial network access through the smart device, hackers can often find ways into the wider network, and in this case were able to obtain a variety of records from the casino’s high rollers’ database.

The incident was featured in Darktrace’s Global Threat Report. Darktrace, a major cybersecurity company, has clients include the Church of England, telecoms firm BT, and Birmingham airport. The CEO of Darktrace, Nicole Eagan, addressed the Wall Street Journal’s CEO Council last week, stating that “There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.” It appears then that the need for such services is only set to rise, so they’ve found themselves an excellent niche.