{"id":4560,"date":"2017-09-17T16:33:16","date_gmt":"2017-09-17T20:33:16","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5211sec001fall17\/?p=4560"},"modified":"2017-09-17T16:33:33","modified_gmt":"2017-09-17T20:33:33","slug":"how-a-fishtank-helped-hack-a-casino","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/2017\/09\/17\/how-a-fishtank-helped-hack-a-casino\/","title":{"rendered":"How a Fishtank Helped Hack a Casino"},"content":{"rendered":"<p><a href=\"http:\/\/money.cnn.com\/2017\/07\/19\/technology\/fish-tank-hack-darktrace\/index.html\">Web Summary<\/a><\/p>\n<p><a href=\"https:\/\/www.darktrace.com\/resources\/wp-global-threat-report-2017.pdf\">Original PDF Source (See Page 8)<\/a><\/p>\n<p>tl;dr: &gt;10 GB of data was exfiltrated from a North American casino using a recently installed Internet of Things fishtank.<\/p>\n<p>There&#8217;s not a TON of info on this (since no casino wants to divulge too much about how it was hacked or what data was lost), but there&#8217;s two details that really stand out to me:<\/p>\n<ol>\n<li>Because the device was rather new on the network, the traffic on it was never properly profiled before the hack took place.<\/li>\n<li>The communications took place using a audio\/video protocol. Similar to ping tunneling, where the data is hidden inside a ping, I think the data here was exfiltrated using an AV protocol so that it would be less likely to be noticed by the casino. If, say, video logs were being sent off-network, it wouldn&#8217;t be unusual to see this type of traffic leaving the casino&#8217;s network.<\/li>\n<li>(Confusion): The article says the fishtank was &#8220;configured to use an individual VPN&#8221;; I don&#8217;t know what they mean here. I think they&#8217;re trying to say that it had its own VLAN, so it wouldn&#8217;t be able to interact with devices on the main VLAN? By my understanding, VPNs are just used to create an excrypted internet connection through a third party.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Web Summary Original PDF Source (See Page 8) tl;dr: &gt;10 GB of data was exfiltrated from a North American casino using a recently installed Internet of Things fishtank. There&#8217;s not a TON of info on this (since no casino wants to divulge too much about how it was hacked or what data was lost), but [&hellip;]<\/p>\n","protected":false},"author":17760,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[715219],"tags":[],"class_list":{"0":"post-4560","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-03-it-administrative-controls","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/users\/17760"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/comments?post=4560"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4560\/revisions"}],"predecessor-version":[{"id":4561,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4560\/revisions\/4561"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/media?parent=4560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/categories?post=4560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/tags?post=4560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}