Security expert says she helped a casino whose high-roller database was stolen through an Internet of Shit fish-tank thermometer


#1

Originally published at: https://boingboing.net/2018/04/17/literal-phishing.html


#2

I swear BB had the casino fishtank thermometer story before, but the closest I could find was this:


#3

The Internet of Shit, literally.


#4

Internet of Shit fish-tank thermometer

IOSFTT, it’s a thing.


#5

sounds like an internet-of-shit Shark tank thermometer


#6

That would be:


#7

B Tier casinos are the worst when it comes to IT security. The company I work for has bid on a bunch of jobs for smaller casinos, and within weeks of submitting we usually get blasts of spam from numerous email addresses from that casino.I’m betting it’s because some of our employees contact cards have been added to a compromised Outlook. It’s like (anecdotal) clockwork. Maybe this was some big Las Vegas place and I’m projecting, but I kind of doubt it.

If the casino looks like it could be the set of “Walking Tall” I’m avoiding it.


#8

Not saying those casinos are tribal casinos, but it still makes me wonder: what is the status of infosec and data privacy law on tribal lands?


#9

You know, you could combine the two, if you had fish up your butt.


#10

It could be useful in locating fish.

According to the Google Play Store, the Android version of the app requests access to identity and location information, photos, media files, and the device’s microphone.

(Really the phone’s microphone, but still, WTF?)


#11

Been done already.


#12

I really wish there were technical details like what was the device. How was is exposed to the internet? Did that Casino do something as mind-numbly stupid as to use UPNP on their routers?


#13

I was sure I had seen this on The Boing last year, and was surprised to see it making the rounds again on Twitter. Given the nature of such stories, it was inevitable that it would show up here again as well.


#14

Odds are, the company that maintains their aquariums checks the status remotely, so someone punched a hole in the firewall to the thermometer to let them do it. Once the hackers were in the thermometer, they could access everything on the LAN behind the firewall.


#15

Rectal thermometers smart!!


#16

All of the names of casinos I do remember were indeed Tribal casinos, but I don’t want to disparage all of the casinos just because of a few bad apples.

It also should be said that I work for a set of the most unethical, greasy, slimy, sleazebags I have ever laid my eyes on. I wouldn’t be surprised if they only deal with other sleazebags that don’t care about security, because they sure don’t.


#17

Ya missed a headline opportunity there: "Whales Exfiltrated Via Fish Tank"


#18

Ugh. First of all, Eagan is no security expert. She’s a marketing person installed by crony-ism as figurehead by Mike lynch’s invoke capital. The real story here is also how Mike lynch is secretly the real ceo of the company, but hiding due to the ridiculous scandal involving his sale of Autonomy to Hp.


#19

Obligatory:


#20

I think it’s back in the news because of

It’s one of those anecdotes that you almost have to tell if you’re the CEO of the organisation that dealt with it even if it is more than a year old.

It’s also one of those stories that media outlets can’t help reporting on.

I mean a casino hacked via their fish tank.

The only way the story would be better is if the hackers used specially trained monkeys to execute the hack or turned out to be nuns trying to get funds to save an orphanage or something.