back to article Hackers tap SCADA vuln search engine

A search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable to tampering, the US Computer Emergency Readiness Team has warned. The year-old site known as Shodan makes it easy to locate internet-facing SCADA, or supervisory control and data acquisition …


This topic is closed for new posts.
  1. Originone

    Greatest computer game antagonist of all time

    Come on! How can you reference what SHODAN stands for without referencing System Shock as the source.

    System shock is still one of my favourite games of all time and was years ahead of its comtemporary FPS games.

    1. Aaron Em
      Thumb Down


      ...that'd be too much explaining, and it would kill the joke.

      You dope.

      1. amanfromMars 1 Silver badge

        Alien ProgramMING for Shocking Ore into Source Lode CodeXSSXXXX Armed and Almed

        Which just goes to prove, beyond any shadow of doubt, that fact follows fiction and fiction is future fact and thus is Reality, a Virtual XSSXXXXPeriment in AIMagic Mystery Turing Circles ...... Live Operational Virtual Environments?

        And shared as a question so as not to Immediately Disturb and Concern/Excite and Engage ........ well, I suppose Earthlings and Crazy Programmed Robots with HyperRadioProActive Text Command and Control Facilities ...... Awesome Alien Abilities?

        Now that is also a Novel BetaTest, hereby Registered and Logging in to Systems Administrations and Patently Provocatively Phorming and Phishing Intelligence Communities with SMARTer Analytical Search Memes ...... for Global Currency Control and Command Powers in ITs AIdDistribution Networks.

        Fact or Fiction? Present Facility with Future Capability or just Impossible Spin Alarming Nonsense?

        Ladies and Gentlemen, Place your Bets.

  2. Anonymous Coward
    Anonymous Coward

    Reminds me of a search hack

    ...I ran across one time - by entering in a URL fragment you could find unsecured security cams. You couldn't really do anything with it (well, I didn't really try at least), and there was really no way to tell what you were looking at... but I did find it interesting that people would just drop stuff onto a public network with seemingly no thought/consideration for security or privacy.

    It doesn't take a PHD or millions of dollars to implement common sense security measures like the ones outlined in the article. Hell, you can buy a Cisco/Linksys small business switch/router with VPN built into it for under $200 (I think I saw their cheapest one for $118). I don't personally know a single small business that doesn't bother to take *some* precaution with their Internet connection... to leave industrial control systems out in the open is pure negligence. If you know enough to install a system like this you know enough to protect it - ignorance is not an excuse.

    1. The BigYin

      I was thinking of the exact same thing

      Some of the cams are deliberately public, and configured to be so.

      Some are public by mistake but could be considered benign.

      Some really shouldn't be public at all.

      It's very similar to the tricks you can use to find poorly configured FTP sites etc if you want content for nowt.

      And do other things. Ahem.

  3. Anonymous Coward


    ...that most computer users are Dumb F***s. Including the Control Engineers who run industrial plants.

    If I were the director of a 2 billion Euro refinery, I would certainly shell out 1 million Euros to hire a security expert and follow his advice to tighten up security.

    For one million Euros, you can buy 200 Linux boxes which will act as firewalls for all the control systems behind. You can train people to securely use ssh. You can set up extensive logging. You can make sure everything has properly set passwords.

    But who said an M.B.A. makes you think rationally ? After all "beans you can't count do not exist".

  4. Anonymous Coward
    Anonymous Coward

    Wise words from the boogeyman

    I find it much scarier that similar databases have been built and are already being doled out --for pay-- by shady private companies to, oh, the military and assorted other TLAgencies. Since that will be the case anyway, I'd rather have this one be free and public for all to see.

    While breaking and entering is and will remain illegal, securing your own house is and will remain your responsibility and a good idea to boot. The /cyber-/ prefix and /on the internet/ suffix change nothing.

    A comparable google maps overlay with facebook "I'm on vacation" notices has already seen the light, amidst predictable controversy. What of it? The demonstration ought to be enough for people to realise it's much smarter to stop publishing "I live here" and "I'm on vacation" together. Much like it's not smart to put notices saying "no milk for the next two weeks, dear milkman" next to the front door, for all to see.

    It sometimes is good to realise again that the internet /is public/ and that therefore it is a good idea to keep your machines updated. You only have to keep track of security advisories for whatever software you use, not everything in the world. And a well-maintained distribution packs all that neatly together for you. All you need to do is regularly roll out the updates. But putting things /on the public internet/ implies that you do have to be prepared to put in the maintenance, or suffer the consequences.

    In that, this is no more than a public service announcement.

  5. Etrien Dautre

    Been Here?

    A simple connection to m i c r o s o f t . c o m and k a s p e r s k y . c o m can give you a full picture of your vulns, so is there anything new here?

    It's enough to leave your HiJack pack on an antivirus forum if even the slightest _anything_ goes wrong @yourplace... you'll be taken care of (-;

    I trust it's #2, for can anyone believe IT to happen another w4y?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022