In further proof that security's only as strong as the weakest link, an Internet-connected fish tank has been used to gain access to a casino's internal network. While exact details have not been published, it has been claimed that 10 GB of data were sent outside the network. As more things become Internet-connected, it's likely these stories will become even more common.
Hackers are constantly looking for new ways to access people's data. Most recently, the way was as simple as a fish tank.
The hackers attempted to acquire data from a North American casino by using an Internet-connected fish tank, according to a report released Thursday by cybersecurity firm Darktrace.
The fish tank had sensors connected to a PC that regulated the temperature, food and cleanliness of the tank.
"Somebody got into the fish tank and used it to move around into other areas (of the network) and sent out data," said Justin Fier, Darktrace's director of cyber intelligence.
The casino's name and the type of data stolen were not disclosed in the report for security reasons, Darktrace said. The report said 10 GB of data were sent out to a device in Finland.
"This one is the most entertaining and clever thinking by hackers I've seen," said Hemu Nigam, a former federal prosecutor for computer crimes and current chief executive of SSP Blue, a cybersecurity company.
(Score: 3, Funny) by fadrian on Wednesday August 16 2017, @12:47PM (2 children)
If you're so worried about your fish that you need to check on them when you're out, maybe you should get a cat instead.
That is all.
(Score: 4, Funny) by cmdrklarg on Wednesday August 16 2017, @03:53PM (1 child)
Why would you get a cat to check on your fish? Won't have a fish very long...
The world is full of kings and queens who blind your eyes and steal your dreams.
(Score: 2) by LoRdTAW on Thursday August 17 2017, @08:14PM
Isn't that the point!
(Score: 5, Insightful) by RS3 on Wednesday August 16 2017, @01:07PM (7 children)
The "hackers" might not have known nor cared that it was a fish tank. They found a crackable device within the casino's IP address range and used it.
(Score: 2) by LoRdTAW on Wednesday August 16 2017, @02:16PM (6 children)
Question is, how did they get to the tanks computer in the first place? Unsecure wifi? uPnP fuckery via open ports? IoT server vulnerability? Really bad router config?
(Score: 4, Funny) by acid andy on Wednesday August 16 2017, @02:46PM (3 children)
Well, first they worked out how to build an incredible machine that could shrink a human to many times less than their normal size. Then they built it and used it on themselves. Next, they purchased scuba diving equipment, which was quite a feat in itself, given their hugely diminished size. They had to shout to get the shopkeeper to notice them at the bottom of the counter. They threw the scuba gear into the shrinking machine, put it on and went to the casino. Then they climbed up a tiny ladder, made from matchsticks, and dived into the fish tank. They brought with them an Arduino with an ethernet connector, which they could only just about lift between them. They dug a hole in the dirt at the bottom of the fish tank, connected to the device and Bob was their mother's brother.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 1) by TrentDavey on Wednesday August 16 2017, @03:24PM
ahh...
I was wondering when I read:
(Score: 2) by DeathMonkey on Wednesday August 16 2017, @05:25PM
Uh oh, looks like someone leaked the script to the new season of Mr. Robot.
(Score: 3, Informative) by PartTimeZombie on Wednesday August 16 2017, @10:29PM
Robert is your Aunty's live-in lover.
(Score: 2) by Whoever on Wednesday August 16 2017, @02:59PM
Perhaps the casino did not properly separate the network used for internal operations and a network providing WiFi to customers?
(Score: 2) by EvilSS on Wednesday August 16 2017, @03:01PM
(Score: 2, Informative) by Zal42 on Wednesday August 16 2017, @03:34PM
Being connected to the internet is a security risk. Do not connect things to the internet unless there is a very good reason to do so.
(Score: 2) by FakeBeldin on Wednesday August 16 2017, @04:38PM (1 child)
https://www.theregister.co.uk/2017/07/27/killer_car_wash/ [theregister.co.uk].
*sigh*
(Score: 0) by Anonymous Coward on Wednesday August 16 2017, @05:31PM
https://soylentnews.org/article.pl?sid=17/07/29/0244247 [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday August 16 2017, @06:19PM (1 child)
Since there is no way we'll ever get IoT manufacturers to suddenly all be security conscious it would be better to develop methods of quarantine. So, how do we prevent a compromised device from hacking your network?
(Score: 2) by MrGuy on Wednesday August 16 2017, @09:32PM
Don't put it on there. Problem solved.
Seriously. Have a completely separate network for IoT devices. Have it run on its own routers, have its own firewall (which should never permit inbound connections), and its on completely separate pipe to the outside world (if required) than anything else you run. Do not let non-IoT devices connect to the IoT dedicated network. Do not allow IoT devices access to any other network. It you need a computer to monitor your IoT devices, have a dedicated machine that connects to the IoT network to do so.
In other words, always consider every piece of IoT gear untrusted. Do not expect this to change. Never let it on the trusted network. Give it its own network so that the only thing it can damage is other IoT gear.
If you absolutely have to bridge the IoT network to your "trusted" network (example - a hotel with IoT locks that need to be told which keys to recognize by the non-IoT central reservations system), then have a dedicated, locked-down piece of hardware that can only accept very specific requests, and is the only bridge between the networks (e.g., all requests from the CRS to the locks have to pass through the "lock gateway" that only knows how to talk to the locks (and will only accept certain specific types of communication FROM the locks).
(Score: 3, Insightful) by jmorris on Wednesday August 16 2017, @08:56PM
This is not a story about a fish tank. Fish were not hacked. This is not a story about IoT either. It is an ordinary and all too common story about a Windows PC dedicated to some task and then being allowed to be connected to a secure network without somebody realizing that it IS A WINDOWS PC. Worse it is a Windows PC that isn't part of the normal network, not being centrally updated or maintained, etc. Dumb, but all too common.
(Score: 2) by Some call me Tim on Wednesday August 16 2017, @10:34PM
This would become the next plot for the Oceans series of movies.
Questioning science is how you do science!