Submitted via IRC for SoyCow3941
[....] Nicole Eagan, CEO of cybersecurity company Darktrace, revealed Thursday that a casino fell victim to hackers thanks to a smart thermometer it was using to monitor the water of an aquarium they had installed in the lobby, Business Insider reported. The hackers managed to find and steal information from the casino's high-roller database through the thermometer.
"The attackers used that to get a foothold in the network," Eagan said at a Wall Street Journal panel. "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."
That database may have included information about some of the unnamed casino's biggest spenders along with other private details, and hackers got a hold of it thanks to the internet of things.
Source: Hackers exploit casino's smart thermometer to steal database info
(Score: 2) by Snotnose on Monday April 16 2018, @07:58PM (7 children)
and all the other jokes from the other site.
When the dust settled America realized it was saved by a porn star.
(Score: 2) by AnonTechie on Monday April 16 2018, @08:05PM (6 children)
Wasn't this similar to the plot from the movie Oceans 13 ??
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 2) by The Archon V2.0 on Monday April 16 2018, @08:19PM (3 children)
Oceans 13 Degrees? But that'd kill the fish.
(Score: 2) by looorg on Monday April 16 2018, @08:33PM (2 children)
Think Celsius. Fish should be fine at that, possibly not tropical aquarium fishes but fish in general.
(Score: 0) by Anonymous Coward on Monday April 16 2018, @09:17PM (1 child)
I tried to get the fish to think Celsius but I don't think I got through to them.
(Score: 2, Funny) by khallow on Tuesday April 17 2018, @01:08PM
(Score: 4, Informative) by edIII on Monday April 16 2018, @08:42PM (1 child)
Tangentially related, but almost exactly similar to the real life plot that had prodigious amounts of CC data stolen from Target via their HVAC controllers.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Funny) by Anonymous Coward on Tuesday April 17 2018, @12:34PM
They should've used the new secure Micro$oft IoT...
/s
(Score: 2) by bob_super on Monday April 16 2018, @08:31PM
> other private details
Air conditioning just got disabled, and exotic fish put on the menu, at every Trump Casino worldwide.
What's the weather like in Mar-a-lago?
(Score: 5, Insightful) by edIII on Monday April 16 2018, @08:46PM (4 children)
It's simply amazing how overpaid the CTO and IT staff is at that casino, or testament to just how little control they have. That thermometer should've been nowhere near the networks that house database servers. The fact it's on the same network allowing access, means those idiots have never heard of a VLAN.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by hopdevil on Monday April 16 2018, @09:23PM (3 children)
If all anyone needed was a foothold on the network, that was the problem. VLANs don't solve that, they *might* add complexity to the attack (just making another network)...
It is a bit sensationalist to talk about IoT being relevant when there are clearly no other security measures in place.
(Score: 2) by HiThere on Monday April 16 2018, @09:30PM (2 children)
Well, it *is* relevant. It might not be the only thing that needs to be patched, but it should also be looked at.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1) by hopdevil on Monday April 16 2018, @10:08PM (1 child)
If anything it is a red herring.. worrying about patching IoT devices when the rest of your infrastructure security is poo. If there even were patches for the devices -- assuming it is even beyond a static username/password -- it could just as easily been a laptop plugged in.
It must be cool and newsworthy these days to blame a random device on your network for a security breach because it is "IoT"?
(Score: 2) by black6host on Monday April 16 2018, @10:20PM
With respect to the whole mess, IOTs, existing network systems, etc: Security needs to taken more seriously. Much more seriously. Or, we need to keep sensitive info off of networks but I don't see that happening, kind of defeats the purpose of all these damn computer systems :) It's just like anything else, if the risk of ignoring security, and subsequent results if you do so, don't outweigh benefits of a more secure system (think potential profit vs risk) then we'll just stagnate here for a bit. When the pain of staying is greater than the pain of changing then we'll see something happen.
(Score: 5, Insightful) by SomeGuy on Monday April 16 2018, @08:55PM (3 children)
All I can really say is "I told you so". Internet of Things devices are security disasters just waiting to happen. Yet nobody sees any problems with this sort of thing.
A while back I went on a rant about how new Trane air conditioners virtually require their "smart" thermostats to operate 100% properly, and those will bitch like hell unless they are connected to your network. I even fully expect the option to use an "old" non-proprietary on/off thermostat will go away in a few more years.
Everyone should be demanding more simplicity from appliances, but instead all the idiots out there just want more blue LEDs.
(Score: 5, Insightful) by Runaway1956 on Monday April 16 2018, @09:14PM (2 children)
This, exactly. Yet, we, as a nation, insist on hooking everything up to the internet. The hackers are demonstrating that an air gap may or may not be adequate to protect your "smart" devices - yet we don't even make them jump an air gap. Everything connected - why worry? We can pass another law, and it will be alright.
Hacking and gun control are so very much related. Only criminals will misuse either a gun, or a computer exploit. WTF is another law going to do for us? Criminals are already breaking multiple laws when they either shoot someone, or break into a casino's computers. Yet another law isn't going to deter either type of criminal.
(Score: 2) by edIII on Monday April 16 2018, @10:52PM (1 child)
Depends on the law. We could try, "Bust a deal, face the wheel".
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday April 17 2018, @08:16AM
Having to play Roulette as punishment? :-)
(Score: 5, Informative) by JoeMerchant on Monday April 16 2018, @09:09PM (4 children)
I really dislike how sites (not just Mashable, many of them) will present a story like this without one of the most basic reporter's topics to cover: when.
What Thursday?!? Blogger Kellen Beck posted this one day ago, but the Washington Post reported a fishily similar story in July of last year: https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/?utm_term=.fea0902af3c1 [washingtonpost.com]
I'm not usually one to complain about "old news" on Soylent or other meta-sites. It's fine that the news is old, just don't try to make it look fresher by omitting the date of the original story.
🌻🌻 [google.com]
(Score: 2) by Bobs on Monday April 16 2018, @09:19PM
Thanks, Joe.
I came here to post the same link as this was originally reported last year.
(Score: 4, Insightful) by Runaway1956 on Monday April 16 2018, @09:27PM (2 children)
But, Joe, this is the internet. We can discuss anything, anywhen. We're more badass than Dr. Who! We don't even need that telephone booth contraption!
Alright, more seriously: It isn't just reporters. You can browse all over the internet, finding pages with no apparent time stamp. Linux support sites often leave you in the dark about the age of the advice you are reading. Sometimes, I have to resort to a Google search with customized date ranges to target meaningful information. Oftentimes, the age of the data I'm looking for isn't really important. Guns? The data from 30 years ago is just about as applicable now as it was then. Just allow for the fact that the new generation has different preferences, and you're good. But, computer tech changes so fast that a three year old solution just might bork your machine!
A prominent time stamp should be the standard on all web pages. Doesn't matter if it's a women's parlor to discuss makeup, automotive talk, or, in this case, news headlines.
(Score: 2) by takyon on Monday April 16 2018, @09:56PM (1 child)
I deactivated that story you submitted from 6 YEARS AGO that was about to run 26 minutes ago.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Gaaark on Tuesday April 17 2018, @01:09AM
I did your mom last night...does this count anywhere?
:)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by MichaelDavidCrawford on Monday April 16 2018, @09:13PM (1 child)
I'm concerned that the day will come when IoT in the home is unavoidable, much as its impossible for me to ride public transit to work without being spied on by dozens of security cameras.
However I am willing to concede that IoT has some valid applications in industry.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Interesting) by Runaway1956 on Monday April 16 2018, @09:34PM
I'm not willing to make that concession. The only reason that many systems are connected to the same wires that your and my internet travels, is industry is run by cheap bastards. Ditto for the reason they use WIFI. Any damned fool can drive into your parking lot, or into the alley, and connect to your WIFI. Even if your WIFI is "secured" - war driving is a decades old game. Default root - password is so common, it laughable.
Anyone who hooks his mission critical machines up to a network (with or without WIFI) that connects to the internet is fully deserving of whatever disaster befalls him. The law should investigate, up until the point they find mission critical on the interwebs. Then, they should just say, "Tough luck, Buddy, but there's nothing we can do!"
(Score: 5, Funny) by pkrasimirov on Monday April 16 2018, @09:16PM (4 children)
The "s" in "IoT" stands for Security.
(Score: 5, Touché) by JoeMerchant on Monday April 16 2018, @09:45PM (1 child)
So, what's the "di" for in IdioTs?
🌻🌻 [google.com]
(Score: 4, Funny) by pkrasimirov on Monday April 16 2018, @09:53PM
Not sure, something about CxO [wikipedia.org] and "double digit growth".
(Score: 0) by Anonymous Coward on Tuesday April 17 2018, @03:50AM
Yeah, IoT is a gamble and the house just lost...
On the other hand the Schadenfreude from the I told you so makes me want to laugh at these guys. However when I realize that the victims are not the clueless IoT idiots but the customers, this makes me sad.
This continuous stream of privacy scandals is making me sick. This must end.
(Score: 2) by DannyB on Tuesday April 17 2018, @02:39PM
IoT is the suffix for Id.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Monday April 16 2018, @10:10PM
Modern commercial HVAC systems have used DDC (Direct Digital Controls) for 20 years or more, long before anyone heard of IoT. They are highly necassary to save energy, and in fact required to meet the minimum requirements of modern energy codes in many commercial buildings. The controls algorithms in these systems is orders of magnitude more complex than that facny central air system in your house.
I've worked with contractors and owners in this industry for years. While setting up the local IPs for the controls server at one local community college I had an IT admin laugh when the contractor asked about his company having remote access to the controls server. I've heard of other campuses that go one step further and have a second independent network specifically for controls. The are right ways to do network security, and then there is the IoT way.
(Score: 1) by davidjohnpaul on Monday April 16 2018, @10:29PM (1 child)
You'd think they'd have learned from https://soylentnews.org/article.pl?sid=17/08/16/1144252 [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday April 17 2018, @02:38PM
They probably don't read Soylent News. :-)