Casino high-roller client list stolen using ‘smart thermometer,’ and other musings

Casino high-roller client list stolen using ‘smart thermometer,’ and other musings

The Internet of Things (IoT) has grabbed hold of the world. Not only can someone tell Alexa to start the car or order take-out, the advanced technology allows for better systems controls at hotels, power plants and even casinos. Unfortunately, all of the interconnectivity can also give hackers greater access to computer systems, and has already resulted in several high-profile thefts.

Casino high-roller client list stolen using ‘smart thermometer,’ and other musingsDarktrace, a cybersecurity company out of the UK, has been keeping tabs in hacking activities, and recently provided a report to the Wall Street Journal (WSJ) CEO Council held in London. Nicole Eagen, the company’s CEO, offered, “There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”

One notable hacking operation using the IoT was conducted at an unidentified casino. Hackers were able to gain access to the casino’s high roller client list by hacking through a thermometer that was installed in the casino’s lobby aquarium. In speaking of the attack, Eagen said, “The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”

The WSJ panel also consisted of Robert Hannigan, who ran GCHQ (think James Bond and 007) from 2014 to 2017. He confirmed Eagen’s concern that the IoT is becoming a real issue for companies. “With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem. I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost,” he said.

Hannigan added that improved safety standards and additional regulation would almost certainly be required. He explained, “It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself. The problem is these devices still work. The fish tank or the CCTV camera still work.”