Arrange the uprising of machines via the Internet?

"If people can not find something at Google, they think that it can not find one. This is not so, "- says John Mezerli, creator of Shodan, the worst of the Internet search engine.

Unlike Google, which looks for simple web sites, Shodan working with shady Internet channels. It is a kind of "black» Google, you can search for servers, web cameras, printers, routers, and very different techniques, which is connected to the Internet and is a part.

Shodan is open 24 hours a day, 7 days a week, collecting information on 500 million connected devices and services on a monthly basis.

It's amazing at what could be found in the Shodan a simple request. Countless lights, security cameras, home automation systems, heating systems - all connected to the Internet and can be easily detected.

Members found Shodan control water park, gas station, wine cooler in the hotel and the crematorium. Experts on Cybersecurity using Shodan even found a command and control system of nuclear power plants and atomic particle accelerator.

It is especially notable in his Shodan frightening possibilities of the fact that very few of these systems have at least some security.

"This is a huge security failure," - says HSBC Dee Moore, chief security officer at Rapid 7. The company has a private database type Shodan for their own research purposes.

If you do a simple search request «default password», you can find an infinite number of printers, servers and control systems with the login «admin» and password "1234". Even more connected systems do not have the details of access - they can connect with any browser.

Independent expert on the penetration of the system Dan Tentler last year at Defcon cybersecurity conference demonstrated how he found with the help of Shodan control system evaporative coolers, heaters, water pressure, and the garage door.

He found the car wash, which can be switched on and off, and an ice arena in Denmark, which can be thawed at the touch of a button. In one town to the Internet has connected the whole system of management of the road transport network, and only one team that it can be translated into "test mode." And in France he found a hydroelectric power plant control system with two turbines, each of which generates 3 MW.

Scary stuff if falling into the wrong hands.

"This can cause serious damage," - said Tentler, and he has put it mildly.

So why are all these devices connected to the network and almost not protected? In some cases, such as door locks with control through iPhone, it is assumed that they are very difficult to find. And then think about the safety of leftovers.

A more serious problem is that many of these devices do not need to be online. Companies often buy devices that allow using a computer to control, say, heating system. How to connect a computer to the heating system? Instead of a direct connection in many IT departments simply connect and then, and more to the Web server, thus unwittingly revealing them worldwide.

"Of course, these things just do not have the security, - says Mezerli. - But first, they have no place on the Internet ».

But the good news is that Shodan almost entirely used for good purposes.

Mezerli himself, who three years ago created Shodan just for fun, has restricted the number of requests to 10 without and 50 account with your account. If you want to use more opportunities Shodan, Mezerli ask you for additional information about your order - and payment.

Testers penetration, security professionals, researchers and law enforcement agencies - are the main users Shodan. Mezerli agree that Shodan can use as a starting point, and the bad guys. But in doing so he adds that cybercriminals usually have access to botnets - large collection of infected computers that can do the same thing, but discreetly.

Today, the majority of cyber attacks are focused on stealing money and intellectual property. The bad guys have not yet tried to hurt someone by blowing up a building or turning off lights.

Security specialists are hoping to prevent such scenarios, identifying these vulnerable connected devices and services using Shodan and warn their owners vulnerabilities. Meanwhile, a lot of things on the internet without any security just sit and wait for the attack.
www.shodanhq.com/





Source: