Results 1 to 4 of 4

Thread: Hackers stole a casino's database through a thermometer in the lobby fish tank

  1. #1
    Elder Arcanist
    Ackar's Avatar
    Join Date
    Jun 2003
    Posts
    11,259

    Hackers stole a casino's database through a thermometer in the lobby fish tank

    Hackers stole a casino's high-roller database through a thermometer in the lobby fish tank

    • Darktrace CEO: Hackers are increasingly targeting unprotected 'internet of things' devices such as air condition systems and CCTV to get into corporate networks.
    • In one incident, a casino was hacked through the thermometer in its lobby aquarium.
    • Former GCHQ director calls for laws on minimum security standards for 'internet of things' devices.


    LONDON — Hackers are increasingly targeting 'internet of things' devices to access corporate systems — everything from CCTV cameras to air-conditioning units.

    The "internet of things" refers to devices that are hooked up to the internet to allow live streams of data to be monitored. The term covers everything from household appliances to widgets in power plants and everything in between.

    Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."

    Eagan gave one memorable anecdote about a case Darktrace worked on where an unnamed casino was hacked via a thermometer in a lobby aquarium.

    "The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud," she said.

    Robert Hannigan, who ran the British government's digital spying agency GCHQ from 2014 to 2017, appeared alongside Eagan on the panel and agreed that hackers targeting internet of things devices is a growing problem for companies.

    "With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that's going to be an increasing problem," Hannigan said. "I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost."

    He said regulation to mandate safety standards would likely be needed.

    "It's probably one area where there'll likely need to be regulation for minimum security standards because the market isn't going to correct itself," he said. "The problem is these devices still work. The fish tank or the CCTV camera still work."

  2. #2
    All hat & no cattle
    Milton Finkelstein's Avatar
    Join Date
    Mar 2004
    Posts
    2,694

    Re: Hackers stole a casino's database through a thermometer in the lobby fish tank

    The nerdy Oceans Eleven!

    I have no idea how you do these things, but it kind of piques my curiosity to find out, especially after I played the puzzle-game Hacknet :-)

  3. #3
    Tasty Danish
    Dawlin's Avatar
    Join Date
    Oct 2004
    Posts
    11,330

    Re: Hackers stole a casino's database through a thermometer in the lobby fish tank

    Quote Originally Posted by Milton Finkelstein View Post
    The nerdy Oceans Eleven!

    I have no idea how you do these things, but it kind of piques my curiosity to find out, especially after I played the puzzle-game Hacknet :-)
    BIG WARNING! THIS MAY LEAD TO PROSECUTION, EVEN IF YOU DON'T HAVE MALICIOUS INTENT!!!

    Be creative on Shodan, then target the stuff you find on there via shell commands using default passwords. Sometimes, it's really that simple.

    BIG WARNING! THIS MAY LEAD TO PROSECUTION, EVEN IF YOU DON'T HAVE MALICIOUS INTENT!!!

    There. But heed my warnings.
    Even in sweet, innocent Denmark, we've had people prosecuted by the very companies that they reported attack vectors to.

    Oh, and there are pretty powerful people across the pond who want to punish security researchers as well:

    Mitch Stoltz is a lawyer who works for the
    EFF, if you have any doubts about his credentials.
    Last edited by Dawlin; April 16th, 2018 at 10:03 AM.
    "Silver bullet solutions are rare, silver bullet sales commonplace"

  4. #4

    Re: Hackers stole a casino's database through a thermometer in the lobby fish tank

    That is totally insane but also not a surprise to hear from a MAFIAA lawyer.

    But in simple terms that is like saying someone should be liable at the tool company if someone invented a powerful new metal cutter and it was used to bust open a bank vault a decade later.
    "When you name your baby Jeeves...you've pretty much set up his career for life. You don't see many Hit Men, for example, named Jeeves. "Pardon me sir, but I must wack you now."
    — Jerry Seinfeld

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •