Casino becomes vulnerable after connecting fish tank to the Internet, allowing hackers to break into the network

Jul 24, 2017 10:55 GMT  ·  By

A casino in the United States was compromised after hackers managed to infiltrate into its network and steal undisclosed data after first breaking into a smart fish tank connected to the Internet.

In case you wondering why a fish tank needs to be connected to the Internet, it’s because the casino wanted to do everything remotely, with employees using a remote connection to feed the fish and get all the information instantly, such as water temperature.

But it was this connection that exposed the fish tank, and eventually, the entire casino, to hackers, as an unnamed group of attackers managed to infiltrate into the network and upload data on a server in Finland. The breach was eventually discovered, and the flaw was fixed, but there still are a few questions that need to be answered before connecting smart devices to the Internet.

Name of the compromised casino not disclosed

First and foremost, is it safe for a smart fish tank to be left unprotected online and connected to the local network? As security firm Darktrace told CNN, it is not, especially because vulnerabilities are often discovered by hackers ahead of parent companies, which means they have a window to attack targets.

“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Fier, director of cyber intelligence and analysis at Darktrace, was quoted as saying.

Furthermore, once inside a network, hackers can start scanning for other security flaws in connected computers, and this exposes a company to other risks.

Details like the name of the casino and the compromised information were not revealed, but there is a good chance no sensitive details were accessed. Otherwise, the casino would have been forced to notify the customers.