cyber search engine shodan exposes industrial control systems to new risks - where to buy a document camera

It started as a hobby for a teenage computer programmer named John marselly, who wanted to know how much Internet-related equipment he could learn.
After nearly a decade of patching the code, Matherly finally developed a way to map and capture specifications for everything from desktop computers to network printers to Web servers.
In the late 2009 s, he began letting friends try out his search engine.
He does not know that this will change the security balance of cyberspace.
"I just think it's cool," said Matherly, 28 . ".
Matherly and other Shodan users quickly realized that they revealed an amazing fact: countless industrial control computers, automatic control systems such as water plants and power grids are connected together, and in some cases, they can even be used by some talented hackers.
The control computer was built to run behind a safe brick wall.
But links to the Internet are rapidly eroding this security.
Recently, an unknown hacker broke into a water plant in southern Houston using the default password he found in the user manual.
A shoddy user has discovered and entered the rotary accelerator at Lawrence Berkeley National Laboratory.
Another user found thousands of insecure Cisco routers, computer systems that transmit data over the network.
"There is no reason for these systems to be exposed in this way," Matherly said . ".
"It seems ridiculous.
"The rise of Shodan illustrates the rapid integration of the real world and cyberspace, and the extent to which machines on which millions of people rely every day are vulnerable to intrusion and digital disruption.
It also shows that the online world is more interconnected and complex than anyone else fully understands, making us more exposed than we previously thought.
Over the past two years, Shodan has collected data on nearly 100 million devices, recording their exact location and the software systems that run them.
The site said it was "exposing online devices ". “Webcams. Routers. Power Plants. iPhones. Wind Turbines. Refrigerators. VoIP Phones.
Homeland Security officials have warned that the obscurity to protect many industrial control systems is rapidly disappearing from the torrent of digital light.
"It means these subtle [
Control Computer
Malicious and skilled opponents are likely to arrive from the Internet, "a Department of Homeland Security document concluded on 2010.
The number of US incursions and attacks is growing rapidly.
From October to April, the Department of Homeland Security received 120 accident reports, roughly the same as for the whole of 2011.
However, no one knows the frequency or severity of violations.
The company has no obligation to report such intrusion to the authorities.
Industrial Control System is the main force in the information age.
Like other computers, they run on code and are programmable.
Unlike laptops, smartphones and other consumer technologies, they have little style or glitz.
They cost only a few thousand dollars, up to $50,000, usually in a normal metal box with few lights or switches.
Now, the control system turns the water pipes on and off, adjusts the flow of natural gas, manages the production of chemicals, and runs the data center
Plant turbines and commuter trains.
The control computer collects data from electronic sensors, analyzes the data and sends it to a desktop computer that is "human"
Machine Interface.
They provide managers with precise and remote control of the machine. The most far-
The powerful functions of these network systems are called monitoring and data acquisition systems (SCADA ).
They enable companies to centrally control large volumes of pumps, generators, oil rigs and other businesses.
Charm of the Dragon-
Distance Network control is difficult to resist.
Controlling computer manufacturers promises that this network can reduce costs by reducing the number of workers in the field.
Siemens Industrial Corporation
The leader in the field said in a recent marketing manual that adopting control devices "to cope with the increasing pressure of international competition" is "more important than ever.
"These systems often become hard in weather or harsh conditions and can run continuously for months or years.
However, many systems are designed for another era, and some rely on outdated hardware and software before the network enters every corner of the world.
Six hackers recently checked the main control system
Researchers working with security firm Digital Bond found that 6 of the 7 devices in the study had hardware and software defects.
Some also include a back door that allows hackers to download passwords completely or circumvent security.
Researchers found a machine made by General Electric.
20, use the same microprocessor installed on the Apple computer 20 years ago.
The company that manufactured its operating software stopped updating on 1999.
It is often shipped to safe customers who do not make any sense.
"Security is disabled by default," the manual says . ".
"To log in, please enter any name;
You don't need a password.
In a statement to The Washington Post, Ge said: "The Washington Post
20 is designed for deployment in a layered security environment where asset owners and operators adopt a range of measures to prevent, detect and respond to intrusion.
GE actively works with our customers to design and support these security measures.
The company added that the software for the machine "is designed to be secure and includes a layer of password --
Protection, protection can be activated if the customer chooses to do so.
"Other machines are flawed, allowing researchers to control through electronic back doors.
In January, Digital Bond said the results were "basically a massacre ".
"Most people are able to crack their controllers in a day," K said . "
Digital Bond security researcher Reid Wittman, a former Pentagon cyber fighter.
"It's too easy.
If we can, imagine.
Foreign investment can be done.
The owner of the control computer has always believed that few people know or care about how the power plant and other facilities work.
They also believe that these systems are secure within their facilities and disconnected from external networks.
But like the rest of the world, these systems are rapidly being linked to global networks, often through indirect connections.
Many of these connections were established when executives sought finer operational details.
With a few exceptions, the corporate network used by executives is connected to the internet in some way.
Due to the strange nature of cyberspace, even employees at a factory connected wirelessly on a laptop can create a temporary data link that exposes the control system to intruders.
Marty Edwards, senior cyber security officer at the Department of Homeland Security, said: "They have some sort of connection through penetration . ".
"All we do is connect everything.
In 2003, when John martherley was a teenager, he attended a community college in California.
He is obsessed with the digital world, and in a video game called System Shock II, he named his project after a malicious character.
The character of emotional Super-
The optimized data access network is an artificial intelligence entity that considers itself a goddess and begins to eradicate humans.
Growing up in Switzerland, Matherly has been playing with his system for years as he has earned a degree in bioinformatics from the University of California, San Diego, and built a career as a programmer, data miners and Web developers.
His early Shodan version found only hundreds of devices on the Internet every day, and this information could not be searched.
In 2009, he spent months making breakthroughs on the project, solving the search problem and finding more equipment.
When he launched his first real-time version of the program in November of that year, he thought it might appeal to software manufacturers who want to know what Systems potential customers are using.
On his website, Matherly described his program as "the first computer search engine in the world that allows you to search for computers on the Internet ". . . .
Find devices according to city, country, latitude and longitude, host name, operating system and IP.
The Shodan software runs 24 hours a day.
It will automatically reach the World Wide Web and identify the digital locator called the Internet Protocol (IP)
Addresses of computers and other devices.
The program then tries to connect to the machine.
If the connection is successful, "fingerprint" the machine and record other data contained in its software, geographical location and identification "banner" displayed by devices on the Internet.
This recognition information is called "metadata "--
It's more common, useful, and problematic than anyone else realizes.
Shodan compiles information on Matherly's server-
Now there are about 10 million units per month.
This makes online queries almost as easy as Google search.
At first, Shodan's findings seemed trivial: Devices that typically connect to networks such as printers and Web servers.
But as problems become more complex, disturbing discoveries begin to emerge.
A researcher using the system found that a nuclear particle accelerator at the University of California, Berkeley, was connected to the internet with little security.
Thousands of data routers were also found
Make the network a possible deviceopen to anyone.
They can take over easily because they don't need a password.
Matherly said: "It was not until nearly a year later that individual researchers began digging deep into the shoddy data to locate devices that did not belong to the known, discovered internet. “Water-
Traditional search engines have hidden processing facilities, power plants, particle accelerators and other industrial control systems.
As the scale of the challenge presented by Shodan became clear, the Department of Homeland Security's Industrial Control System Network Emergency Response Team issued a stern warning on October 2010, pointing out the "increased risk" of violence"
Attack "systems available on the Internet" by force.
"Alerts recommend using security to remotely place all control system assets behind the firewall
Access Method and disable default password.
Eireann Leverett, a researcher at the University of Cambridge, used Shodan to identify more than 10,000 control computers connected to the Internet, many of which have known loopholes.
Leverett concluded that many operators do not know how exposed they are
Even realize that their machines are online.
"This can be used to remotely attack selected devices, or to identify networks for further reconnaissance and utilization," Leverett wrote in a paper . " Published in June 2011.
"Malicious actors may already be doing so.
"In the United States, security experts Billy Rios and Terry mccauler said this spring that their research shows that the situation is even worse than what was shown by bewitte.
Rios working for Google and McCorkle working for Boeing all studied the shoddy users of control systems at their own time.
"The number of control systems on the Internet is far more than anyone's imagination," McCorkle said . " He recently discussed with Rios the control computer vulnerability at Fort McNair's Defense University.
"These systems are inherently insecure.
He said he hopes his search engine will improve security.
But it can also be used to shred it, he said.
"Shodan lifted the barrier.
There's no way back, "said marselly.
"Once you know something about it, you can no longer hide.
"A story from the Cold War period shows that cyber attacks on control systems have been in the imagination for a long time.
While some details are difficult to confirm, it describes the attacks that experts believe could happen today.
In 1981, a Soviet colonel KGB became a French spy, codenamed Farewell, and shared with the Soviet Union the use of secret acquisition technology by Canadian frontline companies to automate cross-border
According to former Pentagon official Thomas Reid's abyss: Cold War insider, the Siberian gas pipeline.
Revealed by the French, the United StatesS.
Officials have set up a cutting-edge company to sell the technology, but only if they make some undetectable changes to computer code.
Reid wrote 20 years later that the changes ended up "resetting the pump speed and valve settings to create pressure far beyond the pipe joints and welds ".
"The result is the most memorable
Nuclear explosions and fires can be seen from space.
A kgb veteran later objected to the account.
A document on the CIA website only confirmed that "artificial computer chips" were provided to the Soviet Union and that "defective turbines were installed on gas pipelines ".
Evidence of control of computer threats.
In 1997, a teenager hacker who uses personal computers and dials
Up connection shut down some telephone networks in Worcester, Massachusetts.
Cut off flights at the local airport. traffic-
Control communication.
According to Joseph Weiss, in 2000, Vitek Boden, the head of a technology company in Australia, was distressed that he did not find a job in the mallochi County Council, author of protecting industrial control systems from electronic threats.
Boden attacked wastewater using a radio transmitter
Queensland's treatment system, remote access control system, and discharge thousands of gallons of raw sewage to local streams and parks.
He was sentenced to two years in prison.
An Australian Environmental Protection Agency official later said: "Marine life is dead, the river is black, and residents can't stand the stench . ".
In 2007, skeptics still claim the threat of cyber attacks
The World Machine is theoretical.
In a demonstration called the Aurora project, DHS and power industry officials decided to test the theory in person.
In the end, many skeptics were suppressed.
The target is 5,000.
A horsepower diesel engine, this machine is often used as a backup generator for manufacturers and large organizations.
Engineers at Idaho's National Laboratory have hacked the embedded control computer of the generator over the network.
By repeatedly triggering the circuit breaker, they generate huge torque on the machine and eventually start to shake, smoke and tear.
Mark Zeller, who specializes in industrial power systems at Schweitzer Engineering Lab.
He said the Aurora project triggered a scramble in the power industry to identify connections to cyberspace and improve security around the "electronics.
These efforts include assessing the connection between the control system and the network and establishing layers of defense against intruders.
In some cases, this means making "air gaps "--
Physical separation of wireless connections that cannot be destroyed-
Between the network and the control system, and more powerful password protection.
"They really take things around this electronic security very seriously," Zeller said . ".
"It's a big problem now.
At the same time, the Department of Homeland Security has stepped up its efforts, including advising and assisting the industry to reduce cyber attacksrisks.
The government now regularly alerts new threats to control the system.
In addition, the North American power reliability company also issued an alarm.
, Or NERC, an organization of US power grid operators.
Three weeks ago, NERC said control computers on the Internet "face more exposure" due to shoddy and hacking tools ".
NERC alert said, "hackers or hacker groups may cause sporadic component failures when identifying and interacting with these devices.
Last week, a complex new type of virus called "Flame" was revealed, apparently designed to gather intelligence about Iran, again highlighting the threat of cyberspace.
But the most powerful and ingenious cyber attacks publicly disclosed involve Iran's Industrial Control System.
In the summer of 2010, when Stuxnet's code was discovered on the Internet, the attack was called Stuxnet, which alerted the world to the real potential for attacks on critical infrastructure.
Last week, the New York Times reported that Stuxnet was part of an American Internet company. S. -
President Obama has approved a secret Israeli operation against Iran.
Stuxnet's goal is a control computer called S7, which is produced by Siemens and used by the Iranian government to operate the centrifuge during the enriched uranium process.
Malicious code designed to attack a machine is included as a payload in a software package called a computer "worm.
"This worm is being put on the Internet and is spreading rapidly around the world like the flu season virus.
But most of the infected computers and systems are in Iran.
The worm code is designed for itself. replicate.
Investigators say this apparently infected Iran's flash drive, helping it jump from the network to an unconnected computer at the Iranian nuclear processing facility in Natanz.
Stuxnet uses four unknown software defects, zero days, to crack security holes in various computer systems.
The attack code finally indicates the operation of uranium-
Refine the centrifuge at a speed beyond the tolerance while sending misleading data to the display to show that everything is OK.
It is brilliant and devastating.
Analysts believe hundreds of centrifuges have been damaged, although no one knows exactly outside of the action. “The real-
Stuxnet's impact on the world is beyond any threat we 've seen in the past, "said the author of the worm analysis released by computer security company Symantec.
"Stuxnet is the type of threat we want to never see again.
"The core of this is Siemens.
"Stuxnet marks a turning point across the automation industry, turning theoretical issues into headlines," Raj Batra, president of Siemens industrial automation, told the Post.
Stuxnet's news shocked hackers around the world like double espresso, waking them up to what they used to be-
The fuzzy world of industrial control systems.
One of them is Dillon baylesford, an energetic hacker and security consultant in Texas.
He read an article about the attack in Wired.
"It inspired me," Beresford said . ".
"I want to prove that a country needs
State to solve this problem.
"I think, no, I'm going to do it in my living room.
Beresford is more than a spur of the moment.
He found zero.
Days of loopholes over the years.
"At the end of the day, it's all just Code," he said . ".
Beresford has been working for two consecutive months since January 2011.
He focuses on Siemens S7 series controllers.
Like any good hacker, it started with research.
Beresford found a "coding Library" run by German researchers online ".
It contains the source code of various computers, including the S7s.
He studied day and night, paying special attention to the so-called machine communication protocol.
He found that the agreement aims to make it easier for machines to communicate with the Internet.
Safety comes to mind afterwards.
Beresford convinced his boss at the time.
Manager of security company NSS Labs-
He bought him four industrial control systems for thousands of dollars each.
"If you do find something, let people know that you are from NSS," his boss told him . ".
The equipment is installed on a heavy board and ready for testing.
The S7 is a normal rectangular metal container with a vent and cable port, about the size of a large shoe box.
Beresford put them on his work desk in the bedroom of his suburban apartment in Austin.
He connected them to his laptop and began hunting.
"I didn't get up until 5 in the morning. m. ,” he said.
"I like to write code.
A few weeks after the experiment, Beresford found the first of several defects in the S7s.
One of the hackers took advantage of the fact that the protocol did not encrypt its communication with other networks, allowing hackers to easily read and steal "plain text" passwords.
Beresford said the protocol was created by designers who thought the machines would operate with the "air gap" between them and the open network safe.
At the time, no one expected to use the thumb drive as in the Stuxnet attack to close the gap.
He also found a digital back door that allowed him to read the internal memory of the device, including the password stored on the device.
Beresford sent his findings to the Department of Homeland Security on May 2011.
The FBI studied his work and confirmed it.
In an alert issued on July 5, the agency announced that it was working with Siemens to resolve the S7 vulnerability.
"I crushed it," he said . "
"All ordinary people, your typical hacker, can easily replicate this.
Since then, Beresford has used his Shodan account to find more than 100 S7s online, all of which are potential targets.
Siemens's Batra acknowledged the loopholes and said the company was working to resolve them.
The company announced last week that it will provide new security enhancements to its industrial control system.
"Siemens's automation products are strictly tested in terms of industrial safety, but must be designed to balance the requirements of open industrial solutions, which will increase productivity," he said . ".
"There will never be an end point in industrial security threats, but companies can, under the guidance of government agencies, better protect their systems by keeping up to date with the research community, through cooperation with responsible and innovative suppliers such as Siemens.
"Other hackers also began to turn their attention to industrial control computers after hearing about Stuxnet.
One of the Anonymous hackers who claimed to be pr0f was a smart and unemployed 22-year-
Love hoodie jerseys, old man living in home of parents overseas.
He is one of the more and more shoddy users.
After studying the control system after Stuxnet, he believes that the insecurity of these devices seems crazy and irresponsible.
"In the end, someone will go into a major system and people will be hurt," he later said . ".
"It's just a matter of time.
He vowed to prove how easy it was to get in. On Nov.
On the 17 th, he saw an article on the Internet about the obvious attack on American industrial control systems.
The article says a Russian hacker apparently destroyed a water pump for a water company in Springfield.
Pr0f has been looking forward to such a thing, but when he read a statement from an official at the Department of Homeland Security, he did not believe it.
"There is no credible solid data yet that suggests that key infrastructure entities are at risk or pose a threat to public security," the statement said . ".
The hacker said angrily: how can the Department of Homeland Security downplay such an important thing?
"This is the last straw," Pr0f said . ". “I was angry.
I said, yes, let's do something.
Springfield's episode proved to be an accident that had nothing to do with Russia, but he didn't know it until later.
On impulse, he began to program with computers and search for Siemens S7 controllers online.
The first one he found happened to be the S7 south of Houston, a small town thousands of miles away from where he was sitting.
Hackers navigate to the internet address of the machine.
When prompted to be a qualified operator, he knows what to do because he has read the manual.
He entered the default password: Three simple numbers.
After a while, he was under the control of a water plant serving 16,000 Texans.
"It hardly requires skills," Young people wrote in an email online shortly afterwards.
Mailing address in Romania to cover up his identity
S7 was installed more than ten years ago when the town upgraded its water plant.
Before most people thought the industrial control system was the target, it was a long time ago.
"No one will think about it again," said Mayor Joe Soto . ".
"We don't have terrorists when it's put in.
It took 10 minutes to invade.
The hacker did not do any harm.
Instead, he recorded an image of the control system to prove how easy it was for him to get into the control system.
"When I started, I didn't actually know what the machine would control, but I logged in, well, I saw what I took a screenshot of and he said in an emailmail exchange.
"I was just surprised.
"After he saw an image of the factory control panel on the Internet, so did Soto.
He and other town officials ordered an immediate closing of the gap and then considered the impact.
"We may not be the only one who is completely open," Soto said later . ".
"He took all our pants down.