Hacked Aquarium Controller Used In Casino Cyber Attack!

An internet connected aquarium controller has just been confirmed as the gateway into the secure network of a casino, and it was used to steal up to 10 gigabytes of data! We knew this day would inevitably come, and it’s actually a surprise that it’s taken this long to happen.

The internet of things (IOT) has been seeping into our daily lives as well as the aquarium hobby since the beginning, and it’s pretty common to hear about some of these devices used as bots to perform DDOS attacks. But a recent cyber-attack on a casino used an aquarium controller as a portal to funnel data out of a private network, the damage it caused has not been reported but it can’t be good.

We rely on controllers to send us data about our fish tanks when we’re away, but apparently they can also be used as a gateway to access much more from networks.

The data breach was reported by cyber security firm Darktrace who discovered the aquarium controller was sneaking out much more data than a device like this should. The actual casino and aquarium controller used in this attack were not named but we can glean a few things from the Darktrace report.

Darktrace co-founder Dave Palmer was quoted as saying:

“We’ve seen insiders sneak data out of heavily-protected organizations by attacking digitally-connected fish tanks. Completely blew my mind. Who would plug their fish tank into the internet? Well it turns out lots of people do.”

It turns out that our highly capable and internet connected fish tank controllers can be a gateway for much more surreptitious cyber activities.

Apparently this is not even the first time a ‘smart fish tank’ has been used in cyber crimes! The report goes on to mention that the controller was equipped “with advanced sensors that automatically regulate temperature, salinity, and feeding schedules“. The device in question was not named but we do know the casino is in North America.

The three main companies with internet connected aquarium controllers in the North American market are the Digital Aquatics ReefKeeper, GHL Profilux, and by far the most common in the U.S. is the Apex by Neptune Systems. Neptune Systems Apex is the only one with a dedicated fish feeder, the AFS, but other controllers can be used to automate fish feeding.

Aquarium controller makers have to walk a fine line between making it easy enough to check on your fish tank from a smartphone, while not so easy as to allow intruders access to get into the local network it’s connected to.

Up until now we’ve mostly been concerned about IoT Aquarium devices being usurped as foot soldiers in bot armies, or vindictive hackers crashing our precious aquariums. But it seems like at least one controller company’s (and probably all of them) are not robust enough to resist cyber attacks, and it’s frightening to think of your entire home network potentially being compromised by having a ‘smart fish tank’. [Darktrace]

Jake Adams

Jake Adams has been an avid marine aquarist since the mid 90s and has worked in the retail side of the marine aquarium trade for more than ten years. He has a bachelor’s degree in Marine Science and has been the managing editor of ReefBuilders.com since 2008. Jake is interested in every facet of the marine aquarium hobby from the concepts to the technology, rare fish to exotic corals, and his interests are well documented through a very prolific career of speaking to reef clubs and marine aquarium events, and writing articles for aquarium publications across the globe. His primary interest is in corals which Jake pursues in the aquarium hobby as well as diving the coral reefs of the world.