Who knew something fishy can happen with the fish tanks in a casino?
According to a report from a security firm called Darktrace, hackers have managed to gain access to a North American casino via the use of a smart fish tank.
The fish tank was cleverly used as a means of entrance, allowing the trespassers to move laterally throughout the casino's network. They were able to use the tank to transmit data to Finland before Darktrace spotted them and shut them down.
The casino breached by the fish tank remains anonymous. Director of Darktrace Justin Feir said, "Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network."
From an interview last year, it looks like the security firm has already encountered such an incident, in which Darktrace's co-founder Dave Palmer said, "We've seen insiders sneak data out of heavily-protected organizations by attacking digitally-connected fish tanks. Completely blew my mind. Who would plug their fish tank into the internet? Well it turns out lots of people do."
Palmer shared a separate incident, in which a smart fish tank was placed in the reception area of a transaction and payment company. Somebody stole and stored data on the tank's internal memory, and then used its connection to transfer the data outside of the building into wicked hands.
In all incidents, the smart tank was consequently monitored by an external party who's responsible for maintaining its water levels. Also, the fish tank is connected to the Internet so that it is possible to automatically feed the fish and keep their environment comfy, but this was exploited and thus became a weak link in the company's security.