Thread: The world’s most dangerous search engine

Wednesday, Feb 06, 2013

The world’s most dangerous search engine

Aren’t you glad Shodan is in the hands of good guys like John Matherly?

By Dave Maass

John Matherly’s search engine Shodan scans the Internet looking for devices, from webcams to ice-rink control systems.
- Photo by Dave Maass

Ask John Matherly if he’s a hacker, and he’ll struggle for a moment with the term.

On one hand, he’s a hacker, in the sense that he’s an innovative programmer, arms deep in the information-security industry. On the other, he’s hypersensitive to how his baby—a project called Shodan—is portrayed in the press. In the past year, it’s surged in notoriety and not just in technology publications, such as Ars Technica and Wired. Shodan’s been the subject of multiple Washington Post investigative features, profiled on Dutch television and name-dropped by Sen. Joe Lieberman both in a statement on the Senate floor and in a New York Times op-ed, in which he characterized the site as a “nefariously named” hacking tool that was becoming more powerful and easier to use each year.

“I’m not doing anything malicious,” Matherly, who lives in Encinitas, says. “I’m trying to be a good citizen on the Internet.”

Simply put, Shodan is a search engine. While Google crawls the Internet looking for websites, Shodan is scanning for devices connected to the Internet and recording information about the software running on those devices.

What has the press and security professionals worried is that Shodan has revealed wide-scale holes in Internet safety, from somewhat embarrassing privacy oversights to keep-you-up-at-night vulnerabilities in critical infrastructure.

Imagine a building. Now imagine a private detective checking out the building, snooping around the perimeter, noting what security company’s sticker is on the window, what kind of locks are on the doors, what kind of sprinkler system waters the landscaping, what brand of air conditioner is mounted on the roof, what electric company services the smart meter around the back.

Now imagine that investigator does the same thing for every office, every home, every school, every factory, power plant, hospital and football stadium and uploads it to a publicly available database. That’s what Shodan does, but with IP addresses.

It’s almost like an automated way to digitally case every joint in the world.

“But casing already usually implies some malicious intent,” Matherly says. “Because why are you casing in the first place if you’re not trying to get inside? My intention obviously is not to get inside. For the record, everything I do is 100-percent legal.”
American-born and raised in Switzerland, Matherly, now 28, dropped out of his Swiss high school and moved to San Diego in 2001 to live with his aunt and obtain a GED. He designed the first iteration of Shodan—named after the villainous artificial intelligence from the video game System Shock—while studying at Mesa Community College, but his original goal was to create a way for technology firms to conduct market research. When he formally launched Shodan in 2009, the hacking community quickly realized it had much greater potential; Matherly had created a living database of every insecure machine connected to the Internet, from home printers to large-scale industrial systems.

Related content
Takeaways from ToorCon 2012

Related to:John MatherlyThe InternetShodanhackers

“The fact that somebody is basically shining a flashlight into a dark room shouldn’t be the part people are afraid of,” says Dan Tentler, a San Diego-based information-security consultant. “The part people should be afraid of is the fact that some genius decided to take, for example, a five-megawatt hydroelectric plant in France, put its control computer on the Internet and allowed everybody that knew about the IP address to connect to it and make changes to this dam, with no encryption or authentication to speak of.”

In other words, don’t blame the messenger.

http://www.sdcitybeat.com/sandiego/article-11458-the-worlds-most-dangerous-search-engine.html

SHODAN - Computer Search Engine

Here it is.

Take a Tour - SHODAN - Computer Search Engine

www.shodanhq.com/help/tourCached

Check out Shodan Exploits if you want to search for known vulnerabilities and exploits. It lets you search across Exploit DB, Metasploit, CVE, OSVDB and ...

With this, a little knowledge, a little luck and a little bit of effort you can track anything posted anywhere on the internet back to the IP address it was sent from. With the IP address you can get the location of that computer, with that info you can find any cell phone, land line or other electronic device that is used from that same location. That gets you a list of phone numbers, phone calls, bank accounts, etc. connected to anyone using that address, IP address, cellphone, etc. Everything on the internet is now public information, not just to hackers but for everyone on earth that wants it.

SHODAN - Computer Search Engine

NO ONE IS SAFE

Bush family emails hacked; 'can happen to anyone,' experts say ...

www.latimes.com/.../la-na-nn-texas-bush-email-hacked-201...Cached

by Molly Hennessy-Fiske 1 day ago – A hacker accessed emails and other information of the Bush family, including both former presidents.

RELATED http://www.alipac.us/f19/internet-se...thread-281117/