Cyber Fishing Attacks Revealed

April 1st, 2019

Cyber security is a critical issue for all businesses.  It seems that every time technology introduces a way to improve the interaction between a service (or product) provider and the consumer, bad actors introduce a way to criminalize some aspect of it.

The world-famous Pike Place Fish Market in Seattle is only the most recent example.  The market is famous, not only for fresh fish, but actually tossing the fish.  This happens both between employees and to customers.  It’s been going on for about 30 years, and in 2017 was upgraded for the 21st century.

Using Bluetooth technology customers could place their orders online using a mobile app (called “Moby”) and show up at the market to pick up their fresh delicious seafood order.  But instead of waiting in line, the fish tossing experience was automated, using Bluetooth technology to identify where the customer was physically located within the market.  Once the customer acknowledged they were ready, a device, called by everyone the “fish cannon”, would fire the customers package.  The fish would be thrown with the same arc and velocity that would happen when employees would toss them.

“It was a money saver, and honestly was more accurate”, gushed Alex Hab, a former Naval Captain and Customer Experience Manager for Pike Place.  “We were having trouble finding qualified employees who could actually throw the fish accurately.  Plus, after 10 or 20 tosses in a single shift, they’d get tired.  We had bystanders getting hit with wayward tosses.  This was dangerous, especially for Swordfish.  And we had 3 employees between 2010-2014 needing Tommy John surgery on their throwing arms.”

“Folks love Moby”, Richard Herman, former lead developer at Melville Applications gushed.  “Pike Place was happy, the experience was actually heightened, and the metrics we got back for BI purposes was fantastic.  But in hindsight, we were too quick to get to market.”

A couple of critical holes in the application were discovered in early 2019 by anonymous hackers.  But they were quick to take advantage of that.

“It all went to hell on Tuesday February 19th" Alex recalled.  “We had the fish cannons loaded for about 20 orders.  Just a normal day.  But the cannons started firing, seemingly randomly.  Instead of to the person who was ready for their “toss”, the cannons aimed at other people.  And with almost no arc, and higher velocity.  I mean, people were getting knocked over by these packages of fish.  At first we didn’t know what to make of it, but before long we realized what was happening.”

“All of our customers were being randomly hit by fishing attacks.”

Alex paused.

“Except for the one customer that was selected by the software for some reason.  He was singled out for an order of swordfish.”

Alex paused again.

“He was hit by a spear fishing attack.”