Google For Hackers

If it can’t be found on Google, it doesn’t exist. Right? Wrong. You haven’t visited Shodan yet.

Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet’s back channels. It’s a kind of “dark” Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet. Shodan runs 24/7 and collects information on about 500 million connected devices and services each month.

Nice, but who cares? Hackers do. If you would get one dollar for every device which is still accessible with the default username and password, you’d be rich. Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

Typing in “Default Password” tells it all – countless companies and individuals have no clue how important (even basic) security really is. This simple search reveals countless printers, servers and system control devices that use “admin” as user name and “1234” as password. Many more connected systems require no credentials at all — all you need is a Web browser or FTP client to connect to them.

shodan

In a talk given at last year’s Defcon cybersecurity conference, independent security penetration tester Dan Tentler demonstrated how he used Shodan to find control systems for evaporative coolers, pressurized water heaters, and garage doors.

He found a car wash that could be turned on and off and a hockey rink in Denmark that could be defrosted with a click of a button. A city’s entire traffic control system was connected to the Internet and could be put into “test mode” with a single command entry. And he also found a control system for a hydroelectric plant in France with two turbines generating 3 megawatts each.

Scary stuff.

Advertisements

Posted on May 26, 2013, in Computers, Privcay, Security, Technology. Bookmark the permalink. 1 Comment.

  1. Excellent site so far Hans! Keep up the nice work – this blog is worth reading.
    – Bob VE3MPG

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: