A Casino Gets Hacked Through a Fish-Tank Thermometer
Grow Your Business, Not Your Inbox
Secure your laptop. Secure your smart phone. Secure your tablet. And, before I forget, secure your fish tank. Yes, you heard me. Your fish tank.
That was the lessoned learned a few years ago from the operators of a North American casino. According to a 2018 Business Insider report, cybersecurity executive Nicole Eagan of security firm Darktrace told the story while addressing a conference.
“The attackers used that (a fish-tank thermometer) to get a foothold in the network,” she recounted. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
Can this really be possible? It certainly can. And you can blame the Internet of Things.
Maybe you've heard of IoT, but in case you haven't it's easily explained. It’s all about dumb, inanimate objects. And no, I’m not talking about members of Congress. These are elevators, engines, machinery, trucks, phones, sprinkler systems, inventory and, yes, even fish-tank thermometers. These objects are being equipped with sensors and then connected back to networks, databases and communication systems. So much so that by 2025 some analysts predict that there will be as many as 31 billion connected devices worldwide.
This is a good thing, because the “smarter” you make these objects, the more information we can glean from them to ward off issues and optimize their use. Rolls Royce, for example, is using IoT-connected airplane engines to report back performance data on the fly. Elevator-maker ThyssenKrupp is creating “smart buildings” by connecting their individual lifts to monitoring stations around the world in order to warn of any potential problems.
Connected devices are helping us track the status of deliveries, the hydration of golf courses and the optimal flow of water through pumping stations. And yes, even the temperature of fish tanks in a casino. Because no one wants to see dead fish when gambling away their life savings. It’s kind of a buzzkill.
But all of these connected devices are creating an enormous opportunity for hackers. That’s because many of them aren’t equipped with the kinds of security protections seen in laptops, servers, phones and tablets. And unfortunately, many of us aren’t aware of the risks.
"The industrial sector is facing a new set of challenges when it comes to securing a converged IT-OT environment," Tim Erlin, vice president of product management and strategy at security firm Tripwire, told Security Info Watch. "In the past, cybersecurity was focused on IT assets like servers and workstations, but the increased connectivity of systems requires that industrial security professionals expand their understanding of what’s in their environment. You can’t protect what you don’t know."
So how do we, as business owners, address this problem? The only tactic is just to stay ahead of it. Which is why it's important to bring in an IT expert regularly to do a complete assessment of our network security. But we need to make sure that such an assessment includes evaluating any and every connected device. That means our building heating controls, smart speakers, smoke detectors, alarm systems, overhead lighting and even the coffee machine in the break room.
Oh, and don't forget the fish tank.