By Adriana Lee |
Not exactly ?The Deep Web,? but that didn?t stop CNN Money from calling it ?the scariest search engine on the Internet.? I?m talking about Shodan, which is sort of an anti-Google Search.
When you need to find something online, most people fire up their browsers and point Google to a set of keywords and phrases, and hope for the best. And if the desired results don?t come up, they figure it?s probably not online for them to find. Au contraire. Just because Google doesn?t give up the goods, doesn?t mean they don?t exist. Shodan can connect you to myriad things that fly a little below the radar ? stuff like traffic lights, security cameras, home automation devices, heating systems and anything else that?s connected to the Internet, but aren?t necessarily at the top of typical search results.
Using Shodan, you can find systems controlling water parks, gas stations, hotel wine coolers or crematoriums. It?s pretty unbelievable how easy they are to find. But don?t blame the tool. Sure, Shodan puts it right out there, but the lack of appropriate security is what makes them available. And that?s the learning lesson here.
If you neglected to change any of your logins from the default, here?s food for thought: A search for ?default password? results in countless printers, servers and system control devices that still have ?admin? and ?1234? as their username and password. Others don?t even have logins at all, not even cursory authentication. Once people find that and get in, all manner of crazy things can happen ? no real hacking required.
And it goes far beyond personal or business accounts. Someone even discovered?command and control systems?for a nuclear power plant and a?particle-accelerating cyclotron?using Shodan, as well as a French hydroelectric plant and?a?city traffic control system. The online traffic system was found to be easily manipulated ? the user could?ve put it in ?test mode? easily by entering one simple?command.
Shodan is the brainchild of John Matherly, who created this dark search engine a little over three years ago. People can use the site for free, but the limit is 10 results and 50 if you open an account. Need more? Then you?ve got to pay for it and answer a pile of questions about what you?re looking for and why.
The reason why is key here. Bona fide black-hat hackers have other ways that are far less detectable, leaving Shodan mostly in the hands of security professionals, researchers and law enforcement, who typically use the service to alert companies and organizations about the massive security vulnerabilities they?ve opened themselves up to. That?s not to say that some rogue Shodan user won?t do any harm some day. In fact, with the opportunity and access so frighteningly wide open, it?s probably just be a matter of time.
Join the discussion
hugo hugo nfl combine 84th annual academy awards beginners 2012 oscars the shore
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.