DOCSLIB.ORG

Project SHINE Findings Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Project SHINE Findings Report Project SHINE (SHodan INtelligence Extraction) Findings Report 1 Oct Based on intelligence gathered from the SHODAN search engine between 2014 14 Apr 2012 through 31 Jan 2014 This following findings report contains specific details of devices that are directly connected to the Internet that may be utilized for mission critical operations associated to one (or more) critical infrastructure sectors (and their respective industries). Information contained within this report should only be used for awareness purposes. This document is licensed under Creative Commons v4.0: http://creativecommons.org/licenses/by-nc/4.0 LEGAL DISCLAIMER Project SHINE is a research project designed to harvest and ingest data used to correlate potential threats and risk associated with SCADA and industrial control system devices that appear to be directly connected to the Internet. The project is a collaborative effort of individuals and organizations to raise public awareness of such devices that may impact one (or more) critical infrastructure sectors (and their respective industries), while demonstrating the level of magnitude of the quantity of these devices that are publicly accessible through the Internet. Project SHINE (SHodan INtelligence Extraction) – Creative Commons v4.0: Attribution/Non-Commercial Use Page 1 Findings Report – 1 Oct 2014 Infracritical – Your Infrastructure, Their Future Table of Contents Legal Disclaimer ................................................................................................................................. 1 Table of Contents ............................................................................................................................... 2 Acknowledgements............................................................................................................................ 6 Contact Information ........................................................................................................................... 6 Preface .............................................................................................................................................. 7 Introduction ...................................................................................................................................... 8 What Does “Lightly Configured” Mean? ................................................................................................... 8 Exposure to the Internet ........................................................................................................................... 8 What is Project SHINE? ....................................................................................................................... 9 Concerns with Project SHINE .................................................................................................................. 11 Role and Function of Project SHINE ........................................................................................................ 13 Search Term Selection ............................................................................................................................ 14 Data Artifacts .......................................................................................................................................... 14 Found Discoveries ................................................................................................................................... 15 What is SHODAN? ............................................................................................................................ 15 What Service Ports does SHODAN Look For? ......................................................................................... 16 Results from Project SHINE: Manufacturers ...................................................................................... 17 Manufacturer Results.............................................................................................................................. 17 Manufacturers Discovered – Top 11 Manufacturers .............................................................................. 18 Results from Project SHINE: HVAC/Building Automation ................................................................... 19 HVAC/Building Automation Results ........................................................................................................ 19 HVAC/Building Automation Manufacturers – Top 5 Manufacturers ...................................................... 20 Results from Project SHINE: Serial-to-Ethernet Converters ................................................................ 21 Serial-to-Ethernet Results ....................................................................................................................... 21 Project SHINE (SHodan INtelligence Extraction) - Creative Commons v4.0: Attribution/Non-Commercial Use Page 2 Findings Report – 1 Oct 2014 Infracritical – Your Infrastructure, Their Future Table of Contents (continued) Results from Project SHINE: SCADA/Control Systems Ports ............................................................... 22 SCADA/Control Systems Port Results ..................................................................................................... 22 Background Regarding the SCADA/Control Systems Protocols .............................................................. 22 Siemens / ICCP (Port 102) ................................................................................................................... 22 MODBUS/TCP (Port 502) .................................................................................................................... 22 DNP3 (Port 2000) ................................................................................................................................ 23 Ethernet/IP (Port 44818) .................................................................................................................... 23 BACNet (Port 47808) ........................................................................................................................... 23 Siemens SIMATIC / ICCP (Port 102) – Top 5 Countries ........................................................................... 24 Siemens SIMATIC / ICCP (Port 102) – All Countries ................................................................................ 25 MODBUS/TCP (Port 502) – Top 5 Countries ........................................................................................... 26 MODBUS/TCP (Port 502) – All Countries ................................................................................................ 27 DNP3 (Port 20000) – Top 5 Countries ..................................................................................................... 28 DNP3 (Port 20000) – All Countries .......................................................................................................... 29 Ethernet/IP (Port 44818) – Top 5 Countries ........................................................................................... 30 Ethernet/IP (Port 44818) – All Countries ................................................................................................ 31 BACNet (Port 47808) – Top 5 Countries ................................................................................................. 32 BACNet (Port 47808) – All Countries ...................................................................................................... 33 Comparison of All Protocols .................................................................................................................... 33 Results from Project SHINE: Master Counts ...................................................................................... 34 SCADA/Control Systems Master Count Results ...................................................................................... 34 Search Terms Found (Per Day) ................................................................................................................ 35 Total Counts (Per Day) ............................................................................................................................ 36 Results from Project SHINE: Counts by Country ................................................................................. 37 Country Summarized Results .................................................................................................................. 37 Country Count – Top 21 Countries.......................................................................................................... 38 Countries Identified with Total Count Results ........................................................................................ 39 Lessons Learned from Project SHINE ................................................................................................. 41 Conclusion ....................................................................................................................................... 42 Project SHINE (SHodan INtelligence Extraction) - Creative Commons v4.0: Attribution/Non-Commercial Use Page 3 Findings Report – 1 Oct 2014 Infracritical – Your Infrastructure, Their Future Table of Contents (continued) Figures and Tables Figure 1: Search Term Counts Table ....................................................................................................... 17 Figure 2: Search Term Difference Counts Table ....................................................................................
Load more

Recommended publications
  • 2K Games and Irrational Games Announce Bioshock(R) Infinite
    2K Games and Irrational Games Announce BioShock(R) Infinite August 12, 2010 2:01 PM ET Creators of original BioShock(R) look to the sky in the next chapter of the award-winning franchise NEW YORK, Aug 12, 2010 (BUSINESS WIRE) -- 2K Games announced today that BioShock(R) Infinite, a first-person shooter, is currently in development at Irrational Games, the studio behind the original BioShock(R) which has sold over 4 million units worldwide. Set in 1912, BioShock Infinite introduces an entirely new narrative experience that lifts players out of the familiar confines of Rapture and rockets them to Columbia, an immense city in the sky. BioShock Infinite is currently planned for release during calendar 2012. Originally conceived as a floating symbol of American ideals at a time when the United States was emerging as a world power, Columbia is dispatched to distant shores with great fanfare by a captivated public. What begins as a brand new endeavor of hope turns drastically wrong as the city soon disappears into the clouds to whereabouts unknown. The player assumes the role of former Pinkerton agent Booker DeWitt, sent to the lost city to rescue Elizabeth, a young woman imprisoned there since childhood. He develops a relationship with Elizabeth, augmenting his abilities with hers so the pair may escape from a city that is literally falling from the sky. DeWitt must learn to fight foes in high-speed Sky-Line battles, engage in combat both indoors and amongst the clouds, and harness the power of dozens of new weapons and abilities. "We are excited to expand the world of BioShock, which is one of the industry's most critically acclaimed and beloved franchises," said Christoph Hartmann, president of 2K.
    [Show full text]
  • Deus Ex (2000) by Ion Storm Inc
    A zeitgeist game is reflective of its corresponding social climate. Titles that gain zeitgeist status have in some way challenged the norms of their associated era and revolutionised a pre-established genre by bending traditional conventions. Thus, zeitgeist titles are also timeless. They transcend time, remaining popular and famous due to the societal standpoints they raise and the impact their innovation has on the wider gaming communities and markets. Sci-Fi cyberpunk FPS/RPG Deus Ex (2000) by Ion Storm Inc. is an example of one such title that has built upon its sociological, artistic and technical influences to create a game that resonates innovation through its unique application of emergent gameplay; driven by character interaction and choice. Through analysis of these three fundamental influences in relation to the unique emergent gameplay construction of Deus Ex and correspondingly by comparing the game with its peers gives insight into how this game achieved zeitgeist status. Deus Ex was not the first game to challenge the norm by hybridising FPS/RPG genres. It was inspired by the gameplay of previous FPS/RPG 90’s games Ultima Underworld (1992) and System Shock (1994) by Looking Glass. (Spector, 2000). However, Spector also states he wanted to build upon the foundation laid by these games. He goes on to say his influence for the setting of the game came from his research into millennial conspiracies and his wife’s obsession with the X-Files. (2000). The game world of Deus Ex acts as a basis for the innovative success of its emergent gameplay. Without a lively game world gameplay choices would feel uninspiring.
    [Show full text]
  • Bioshock® Infinite: Burial at Sea – Episode Two Available for Download Starting Today
    BioShock® Infinite: Burial at Sea – Episode Two Available for Download Starting Today March 25, 2014 8:00 AM ET Irrational Games delivers its final episode and concludes the story of BioShock Infinite and Burial at Sea NEW YORK--(BUSINESS WIRE)--Mar. 25, 2014-- 2K and Irrational Games announced today that BioShock® Infinite: Burial at Sea – Episode Two is downloadable* in all available territories** on the PlayStation®3 computer entertainment system, Xbox 360 games and entertainment system from Microsoft and Windows PC starting today. BioShock Infinite: Burial at Sea – Episode Two, developed from the ground up by Irrational Games, is the final content pack for the award-winning BioShock Infinite, and features Elizabeth in a film noir-style story that provides players with a different perspective on the BioShock universe. “I think the work the team did on this final chapter speaks for itself,” said Ken Levine, creative director of Irrational Games. “We built something that is larger in scope and length, and at the same time put the player in Elizabeth’s shoes. This required overhauling the experience to make the player see the world and approach problems as Elizabeth would: leveraging stealth, mechanical insight, new weapons and tactics. The inclusion of a separate 1998 Mode demands the player complete the experience without any lethal action. BioShock fans are going to plotz.” *BioShock Infinite is not included in this add-on content, but is required to play all of the included content. **BioShock Infinite: Burial at Sea – Episode Two will be available in Japan later this year. About BioShock Infinite From the creators of the highest-rated first-person shooter of all time***, BioShock, BioShock Infinite puts players in the shoes of U.S.
    [Show full text]
  • Not of Woman Born: Monstrous Interfaces and Monstrosity in Video Games
    NOT OF WOMAN BORN: MONSTROUS INTERFACES AND MONSTROSITY IN VIDEO GAMES By LAURIE N. TAYLOR A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2006 Copyright 2006 by Laurie N. Taylor To Pete. ACKNOWLEDGMENTS I have many people to thank for this dissertation: my friends, family, and teachers. I would also like to thank the University of Florida for encouraging the study of popular media, with a high level of critical theory and competence. This dissertation also would not have been possible without the diligent help and guidance from my committee members, Donald Ault and Jane Douglas, as well as numerous other faculty members and graduate students both at the University of Florida and at other institutions. Thanks go to friends and loved ones (and cats): Colin, Jeremiah, Nix, Galahad, and Mila. And, thanks go always to Pete, for helping with research, discussion, giving me love and support, and for being wonderful. iv TABLE OF CONTENTS Page ACKNOWLEDGMENTS ..............................................................................................iv ABSTRACT.................................................................................................................viii CHAPTER 1 INTRODUCTION....................................................................................................1 Introduction..............................................................................................................1
    [Show full text]
  • Who Is Knocking on the Telnet Port: a Large-Scale Empirical Study of Network Scanning
    Session 15: Network Security 2 ASIACCS’18, June 4–8, 2018, Incheon, Republic of Korea Who is Knocking on the Telnet Port: A Large-Scale Empirical Study of Network Scanning Hwanjo Heo Seungwon Shin KAIST KAIST ETRI [email protected] [email protected] ABSTRACT this information (i.e., who serves what) is absolutely imperative for Network scanning is the primary procedure preceding many net- attackers. Hence, attackers aggressively gather this information by work attacks. Until recently, network scanning has been widely directly searching target hosts or even employing already deployed studied to report a continued growth in volume and Internet-wide malware (e.g., botnet) for efficiency. trends including the underpinning of distributed scannings by lin- As such, since this network scanning is an indispensable process gering Internet worms. It is, nevertheless, imperative to keep us for cyber attacks, attention should still be paid to it, even though informed with the current state of network scanning, for factual it has been studied, investigated, and monitored for a long time. and comprehensive understanding of the security threats we are Indeed, researchers and practitioners have already deeply surveyed, facing, and new trends to serve as the presage of imminent threats. analyzed, and measured this behavior [3, 8, 26, 34, 35]. However, it In this paper, we analyze the up-to-date connection-level log should be kept in mind that the characteristics of network scanning data of a large-scale campus network to study the recent scanning (e.g., main target services and scan origins) are quite sensitive to the trends in breadth.
    [Show full text]
  • Video Game Collection MS 17 00 Game This Collection Includes Early Game Systems and Games As Well As Computer Games
    Finding Aid Report Video Game Collection MS 17_00 Game This collection includes early game systems and games as well as computer games. Many of these materials were given to the WPI Archives in 2005 and 2006, around the time Gordon Library hosted a Video Game traveling exhibit from Stanford University. As well as MS 17, which is a general video game collection, there are other game collections in the Archives, with other MS numbers. Container List Container Folder Date Title None Series I - Atari Systems & Games MS 17_01 Game This collection includes video game systems, related equipment, and video games. The following games do not work, per IQP group 2009-2010: Asteroids (1 of 2), Battlezone, Berzerk, Big Bird's Egg Catch, Chopper Command, Frogger, Laser Blast, Maze Craze, Missile Command, RealSports Football, Seaquest, Stampede, Video Olympics Container List Container Folder Date Title Box 1 Atari Video Game Console & Controllers 2 Original Atari Video Game Consoles with 4 of the original joystick controllers Box 2 Atari Electronic Ware This box includes miscellaneous electronic equipment for the Atari videogame system. Includes: 2 Original joystick controllers, 2 TAC-2 Totally Accurate controllers, 1 Red Command controller, Atari 5200 Series Controller, 2 Pong Paddle Controllers, a TV/Antenna Converter, and a power converter. Box 3 Atari Video Games This box includes all Atari video games in the WPI collection: Air Sea Battle, Asteroids (2), Backgammon, Battlezone, Berzerk (2), Big Bird's Egg Catch, Breakout, Casino, Cookie Monster Munch, Chopper Command, Combat, Defender, Donkey Kong, E.T., Frogger, Haunted House, Sneak'n Peek, Surround, Street Racer, Video Chess Box 4 AtariVideo Games This box includes the following videogames for Atari: Word Zapper, Towering Inferno, Football, Stampede, Raiders of the Lost Ark, Ms.
    [Show full text]
  • Read Book Ultimo: 9 Ebook, Epub
    ULTIMO: 9 PDF, EPUB, EBOOK Hiroyuki Takei,Stan Lee | 210 pages | 21 Nov 2013 | Viz Media, Subs. of Shogakukan Inc | 9781421558844 | English | San Francisco, United States Ultimo: 9 PDF Book Download as PDF Printable version. Um die Rezensionen bei uns vorzeigbar und hilfreich zu halten, werden wir jede Rezension entfernen, die diesen Richtlinien oder unseren Nutzungsbedingungen widerspricht. Im Besitz Jetzt kaufen Jetzt vorbestellen. Many aspects of the previous plot still seemed to be present, but Britannia appeared to be a world much more firmly under the Guardian's grasp. Bleib mit Freunden in Kontakt. Archived from the original on February 28, Ultimo East is 1. Deine Freunde. Reihe Kaufen 9. Anzahl: 5 pro Seite 15 pro Seite 30 pro Seite 60 pro Seite. However, he criticized its technical issues, and docked the game one star from a perfect score until "after EA patches it up some. Yelp Sep 30, Following the Avatar 's escape from Pagan , he is transported back to Britannia for one final battle with the Guardian, who is increasingly ruining the physical and moral fabric of that land by use of eight columns. Name that government! We highly recommend purchasing from Ultimo Motors!! Keine Aktivierung oder Internetverbindung zum Spielen erforderlich. The player is able to accomplish this via an Armageddon spell cast behind a Barrier of Life, which takes the Avatar and the Guardian to a higher plane out of Britannia. Most of the game consists of traveling through the dungeons to recover the glyphs and visiting the Shrines of the Virtues to meditate and cleanse them.
    [Show full text]
  • German Cities Exposed a Shodan-Based Security Study on Exposed Cyber Assets in Germany
    German Cities Exposed A Shodan-based Security Study on Exposed Cyber Assets in Germany Natasha Hellberg and Rainer Vosseler Trend Micro Forward-Looking Threat Research (FTR) Team A TrendLabs Research Paper Contents TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and 4 should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Exposed Cyber Assets Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro 5 reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are Exposed Cities: intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise Germany related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or 12 enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro Exposed Cyber Assets makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree in Germany that access to and use of and reliance on this document and the content thereof is at your own risk.
    [Show full text]
  • An Intelligent Improvement of Internet-Wide Scan Engine for Fast Discovery of Vulnerable Iot Devices
    S S symmetry Article An Intelligent Improvement of Internet-Wide Scan Engine for Fast Discovery of Vulnerable IoT Devices Hwankuk Kim ID , Taeun Kim and Daeil Jang * Korea Internet & Security Agency, 9, Jinheung-gil, Naju-si, Jeollanam-do 58324, Korea; [email protected] (H.K.); [email protected] (T.K.) * Correspondence: [email protected]; Tel.: +82-61-820-1274 Received: 31 March 2018; Accepted: 7 May 2018; Published: 10 May 2018 Abstract: Since 2016, Mirai and Persirai malware have infected hundreds of thousands of Internet of Things (IoT) devices and created a massive IoT botnet, which caused distributed denial of service (DDoS) attacks. IoT malware targets vulnerable IoT devices, which are vulnerable to security risks. Techniques are needed to prevent IoT devices from being exploited by attackers. However, unlike high-performance PCs, IoT devices are lightweight, low-power, and low-cost, having performance limitations regarding processing and memory, which makes it difficult to install security and anti-malware programs. Recently, several studies have been attempted to quickly search for vulnerable internet-connected devices to solve this real issue. Issues yet to be studied still exist regarding these types of internet-wide scan technologies, such as filtering by security devices and a shortage of collected operating system (OS) information. This paper proposes an intelligent internet-wide scan model that improves IP state scanning with advanced internet protocol (IP) randomization, reactive protocol (port) scanning, and OS fingerprinting scanning, applying k* algorithm in order to find vulnerable IoT devices. Additionally, we describe the experiment’s results compared to the existing internet-wide scan technologies, such as ZMap and Shodan.
    [Show full text]
  • Edge Interview
    CREATE PEOPLE, PLACES, THINGS People DORIAN HART Meet the numbers guy who helped create smarter shooters Long before he was in the industry, Dorian created games for children at holiday camps: “I just liked to make up games. I had an obsession with game rules” 118 EDG248.c_people.indd 118 11/7/12 4:06 PM CV orian Hart is the man who worked out Hart’s interests in stat-tweaking and storytelling URL www.cardhunter.com precisely how hard a Big Daddy should combine again in his current project: a browser- Selected Softography Ultima Underworld II, Thief, System Shock, Thief II, System Shock 2, be to kill. BioShock’s melancholy, based fusion of RPG dungeon crawling with Terra Nova, Flight Unlimited II, Freedom Force, lumbering beasts had health bars that trading card battle mechanics called Card Hunter. Freedom Force Vs The 3rd Reich, BioShock, Drequired an approach more tactical than a full- It’s being developed by Blue Manchu, a studio set Choice Of The Star Captain, Card Hunter frontal assault, and encounters with the diver-suited up by Irrational Games co-founder Jonathan Chey. protectors gave rise to the game’s most emergent But while Hart’s first contact with the game and interesting scenarios. Players would lure industry was an interview for a writer’s role with splicers into attacking the Daddy, or set trip mines the studio that became known as Looking Glass, and traps around corners before goading the he soon found himself working on level design monster into a suicidal charge. But one thing on Ultima Underworld II, System Shock and all the divergent approaches had in common is Thief.
    [Show full text]
  • Full Arcade List OVER 2700 ARCADE CLASSICS 1
    Full Arcade List OVER 2700 ARCADE CLASSICS 1. 005 54. Air Inferno 111. Arm Wrestling 2. 1 on 1 Government 55. Air Rescue 112. Armed Formation 3. 1000 Miglia: Great 1000 Miles 56. Airwolf 113. Armed Police Batrider Rally 57. Ajax 114. Armor Attack 4. 10-Yard Fight 58. Aladdin 115. Armored Car 5. 18 Holes Pro Golf 59. Alcon/SlaP Fight 116. Armored Warriors 6. 1941: Counter Attack 60. Alex Kidd: The Lost Stars 117. Art of Fighting / Ryuuko no 7. 1942 61. Ali Baba and 40 Thieves Ken 8. 1943 Kai: Midway Kaisen 62. Alien Arena 118. Art of Fighting 2 / Ryuuko no 9. 1943: The Battle of Midway 63. Alien Challenge Ken 2 10. 1944: The LooP Master 64. Alien Crush 119. Art of Fighting 3 - The Path of 11. 1945k III 65. Alien Invaders the Warrior / Art of Fighting - 12. 19XX: The War Against Destiny 66. Alien Sector Ryuuko no Ken Gaiden 13. 2 On 2 OPen Ice Challenge 67. Alien Storm 120. Ashura Blaster 14. 2020 SuPer Baseball 68. Alien Syndrome 121. ASO - Armored Scrum Object 15. 280-ZZZAP 69. Alien vs. Predator 122. Assault 16. 3 Count Bout / Fire SuPlex 70. Alien3: The Gun 123. Asterix 17. 30 Test 71. Aliens 124. Asteroids 18. 3-D Bowling 72. All American Football 125. Asteroids Deluxe 19. 4 En Raya 73. Alley Master 126. Astra SuPerStars 20. 4 Fun in 1 74. Alligator Hunt 127. Astro Blaster 21. 4-D Warriors 75. AlPha Fighter / Head On 128. Astro Chase 22. 64th. Street - A Detective Story 76.
    [Show full text]
  • Andrews Ku 0099M 16872 DA
    Evaluating the Proliferation and Pervasiveness of Leaking Sensitive Data in the Secure Shell Protocol and in Internet Protocol Camera Frameworks Ron Andrews B.S. Computer Science, University of Kansas, 2003 Submitted to the graduate degree program in Electrical Engineering and Computer Science Department and the Graduate Faculty of the University of Kansas in partial fulfillment of the requirements for the degree of Masters of Science in Computer Science. Chair: Alexandru G. Bardas Fengjun Li Bo Luo Date defended: Nov 18, 2019 The Dissertation Committee for Ron Andrews certifies that this is the approved version of the following dissertation : Evaluating the Proliferation and Pervasiveness of Leaking Sensitive Data in the Secure Shell Protocol and in Internet Protocol Camera Frameworks Chair: Alexandru G. Bardas Date approved: Nov 18, 2019 ii Abstract In George Orwell’s nineteen eighty-four: A novel, there is fear regarding what “Big Brother”, knows due to the fact that even thoughts could be “heard”. Though we are not quite to this point, it should concern us all in what data we are transferring, both intentionally and unintentionally, and whether or not that data is being “leaked”. In this work, we consider the evolving landscape of IoT devices and the threat posed by the pervasive botnets that have been forming over the last several years. We look at two specific cases in this work. One being the practical application of a botnet system actively executing a Man in the Middle Attack against SSH, and the other leveraging the same paradigm as a case of eavesdropping on Internet Protocol (IP) cameras.
    [Show full text]