Shodan - the scariest search engine on the Internet
The internet has some amazing details which not many know about. What are the five most amazing details about this universal resource?
1. It’s true size
The size of the hidden Internet is estimated to be more than 500 times the size of the accessible Internet. It depends on how one counts 420 million IPs, plus 36 million more that have one or more ports open. The statistics show that 141 million IPs were firewalled, so that they could appear “in use”, this means 591 million IPs used. 729 million more IPs had reverse DNS (Domain Name System) records. If those are added it would make for a total of 1.3 billion, are definitely reachable and in use from the rest of the internet. The other 2.3 billion addresses showed no sign of usage. These are devices that can’t be found through Google search.
“When people don’t see stuff on Google, they think no one can find it. That’s not true” said John Matherly, creator of ‘the scariest search engine on the Internet’- Shodan.
In 2003 this computer programmer conceived the idea of searching devices that were linked to the Internet. In 2009 he launched Shodan, a search engine unlike any other, named after a character from the video game series called “System Shock”. It runs 24/7 and collects information on about 500 million connected devices and services each month.
It’s impressive what can be found with a simple search on Shodan .What began as a pet project years ago now can be used to find systems including traffic lights, security cameras, as well as control systems for gas stations, power grids, nuclear power plants; and anything else anyone leaves unprotected on the Internet. The positive is that Shodan is mostly utilised for good. Matherly has limited searched to just 10 results without an account, and 50 with an account. If you want to see all the information that Shodan has to offer, than you need to inform the creator what you intend to do with the data, sometimes along with a payment.
2. What makes the internet so terrifying?
Shodan collects data primarily on web servers HTTP, as well as FTP, SSH, Telnet, SNMP, SIP and Real Time Streaming Protocol (RTSP). The latter is used to access webcams and video streaming.
A user can find specific types of computers connected to the internet by just using a variety of filters. Some describe it as a search engine of service banners, which is Meta-content being sent to the client by the server. It can inform you about the server software, the service support or anything else the client can find out before interacting with the server.
Shodan searches have located command and control systems for nuclear power plants and a particle accelerating cyclotron to cyber security researchers. A search for “default password” reveals countless servers and system control devices that use “admin” as the user name and “1234” as the password, the only requirement for access being a web browser to connect. Independent security penetration tester Dan Tentler demonstrated at The Defcon cyber security conference the use of Shodan to access control systems for evaporative coolers, pressurized water heaters, and garage doors. He also found an entire city’s traffic control system connected to the Internet and could be put into “test mode” with a single command entry. “You could really do some serious damage with this,” Tentler said, in an understatement. Other search engines, such as the global mammoth for information, Google (GOOG) crawls the Web looking for websites whereas Shodan navigates the Internet’s back channels. It looks for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the internet. It’s kind of the “Dark” Google.
The larger picture is that a number of these devices should not be online at all. The problem lies when most IT departments connect all system into a web server, which without noticing shares them with the rest of the world.
“Of course there’s no security on these things,” said Matherly, “They don’t belong on the Internet in the first place.”
“It’s a massive security failure,” said HD Moore, chief security officer of Rapid 7, who operates a private version of a database like Shodan for his own research purposes.
Shodan is mainly used by penetration testers, security professionals, academic researchers and law enforcement agencies .Bad actors may use it as a starting point, Matherly admits. But it’s the cybercriminals that typically have access to botnets that are able to achieve the same task without detection. Most cyber-attacks are focused on stealing money, identity or intellectual property. Security professionals are hoping to avoid these scenarios by spotting these unsecured, connected devices and services using Shodan. There are too many terrifying things connected to the Internet with no security to even consider the thought of being attacked.
3. How far across the world has the internet spread its World Wide Web?
A detailed map generated by Shodan founder John Matherly displays every internet-connected device around the world. He achieved this by sending a ping request to every IP address on the internet.
This map demonstrates that USA and Europe have a high level of internet connectivity. As for the developing world, India, South America, Thailand and Indonesia show a promising level of internet penetration. It took Matherly over twelve hours to generate the map.
4. Traceroute
If you thought that using your computer was highly secure as long as you didn’t fall prey to some overly flamboyant websites, think again.
In 2012, a researcher conducted what is called the ‘Internet Census.’ And the experiment entailed exactly that – millions of unprotected computers were accessed across the globe, in an attempt to have ‘fun with computers and the internet.’ He developed a modified telnet scanner to find and log into open devices. However, the target computers were limited as the researcher claims that about 70% of all open devices are either too small, don’t run linux or only have a very limited telnet interface. This makes it impossible to start or even upload a binary.
He then justified this by claiming that this was just a ‘fun idea’ to allow ‘very small devices log into even smaller and less capable devices to use them for something.’ However, the report is startling – this project resulted in 68 million traceroute records.
5. What can the internet do?
Technically, this means that if your device is left open, it is possible for a computer wizard to use the internet into manipulating your system. Your computer could possibly be remotely controlled by someone else through the internet, and you wouldn’t even know how it could have happened.
The next time your computer spazzes out or the cursor goes berserk and you think it’s just a virus that can be cleared, think again. Possibly, it could be someone controlling your computer through the internet!
The internet is a vast and largely untapped resource which we use every day, yet don’t know enough about. If programmers have already discovered such startling things about computers connected to the internet, what will we see next? So whenever you are online, stay vigilant!