Project SHINE Findings Report

Project SHINE Findings Report

Project SHINE (SHodan INtelligence Extraction) Findings Report 1 Oct Based on intelligence gathered from the SHODAN search engine between 2014 14 Apr 2012 through 31 Jan 2014 This following findings report contains specific details of devices that are directly connected to the Internet that may be utilized for mission critical operations associated to one (or more) critical infrastructure sectors (and their respective industries). Information contained within this report should only be used for awareness purposes. This document is licensed under Creative Commons v4.0: http://creativecommons.org/licenses/by-nc/4.0 LEGAL DISCLAIMER Project SHINE is a research project designed to harvest and ingest data used to correlate potential threats and risk associated with SCADA and industrial control system devices that appear to be directly connected to the Internet. The project is a collaborative effort of individuals and organizations to raise public awareness of such devices that may impact one (or more) critical infrastructure sectors (and their respective industries), while demonstrating the level of magnitude of the quantity of these devices that are publicly accessible through the Internet. Project SHINE (SHodan INtelligence Extraction) – Creative Commons v4.0: Attribution/Non-Commercial Use Page 1 Findings Report – 1 Oct 2014 Infracritical – Your Infrastructure, Their Future Table of Contents Legal Disclaimer ................................................................................................................................. 1 Table of Contents ............................................................................................................................... 2 Acknowledgements............................................................................................................................ 6 Contact Information ........................................................................................................................... 6 Preface .............................................................................................................................................. 7 Introduction ...................................................................................................................................... 8 What Does “Lightly Configured” Mean? ................................................................................................... 8 Exposure to the Internet ........................................................................................................................... 8 What is Project SHINE? ....................................................................................................................... 9 Concerns with Project SHINE .................................................................................................................. 11 Role and Function of Project SHINE ........................................................................................................ 13 Search Term Selection ............................................................................................................................ 14 Data Artifacts .......................................................................................................................................... 14 Found Discoveries ................................................................................................................................... 15 What is SHODAN? ............................................................................................................................ 15 What Service Ports does SHODAN Look For? ......................................................................................... 16 Results from Project SHINE: Manufacturers ...................................................................................... 17 Manufacturer Results.............................................................................................................................. 17 Manufacturers Discovered – Top 11 Manufacturers .............................................................................. 18 Results from Project SHINE: HVAC/Building Automation ................................................................... 19 HVAC/Building Automation Results ........................................................................................................ 19 HVAC/Building Automation Manufacturers – Top 5 Manufacturers ...................................................... 20 Results from Project SHINE: Serial-to-Ethernet Converters ................................................................ 21 Serial-to-Ethernet Results ....................................................................................................................... 21 Project SHINE (SHodan INtelligence Extraction) - Creative Commons v4.0: Attribution/Non-Commercial Use Page 2 Findings Report – 1 Oct 2014 Infracritical – Your Infrastructure, Their Future Table of Contents (continued) Results from Project SHINE: SCADA/Control Systems Ports ............................................................... 22 SCADA/Control Systems Port Results ..................................................................................................... 22 Background Regarding the SCADA/Control Systems Protocols .............................................................. 22 Siemens / ICCP (Port 102) ................................................................................................................... 22 MODBUS/TCP (Port 502) .................................................................................................................... 22 DNP3 (Port 2000) ................................................................................................................................ 23 Ethernet/IP (Port 44818) .................................................................................................................... 23 BACNet (Port 47808) ........................................................................................................................... 23 Siemens SIMATIC / ICCP (Port 102) – Top 5 Countries ........................................................................... 24 Siemens SIMATIC / ICCP (Port 102) – All Countries ................................................................................ 25 MODBUS/TCP (Port 502) – Top 5 Countries ........................................................................................... 26 MODBUS/TCP (Port 502) – All Countries ................................................................................................ 27 DNP3 (Port 20000) – Top 5 Countries ..................................................................................................... 28 DNP3 (Port 20000) – All Countries .......................................................................................................... 29 Ethernet/IP (Port 44818) – Top 5 Countries ........................................................................................... 30 Ethernet/IP (Port 44818) – All Countries ................................................................................................ 31 BACNet (Port 47808) – Top 5 Countries ................................................................................................. 32 BACNet (Port 47808) – All Countries ...................................................................................................... 33 Comparison of All Protocols .................................................................................................................... 33 Results from Project SHINE: Master Counts ...................................................................................... 34 SCADA/Control Systems Master Count Results ...................................................................................... 34 Search Terms Found (Per Day) ................................................................................................................ 35 Total Counts (Per Day) ............................................................................................................................ 36 Results from Project SHINE: Counts by Country ................................................................................. 37 Country Summarized Results .................................................................................................................. 37 Country Count – Top 21 Countries.......................................................................................................... 38 Countries Identified with Total Count Results ........................................................................................ 39 Lessons Learned from Project SHINE ................................................................................................. 41 Conclusion ....................................................................................................................................... 42 Project SHINE (SHodan INtelligence Extraction) - Creative Commons v4.0: Attribution/Non-Commercial Use Page 3 Findings Report – 1 Oct 2014 Infracritical – Your Infrastructure, Their Future Table of Contents (continued) Figures and Tables Figure 1: Search Term Counts Table ....................................................................................................... 17 Figure 2: Search Term Difference Counts Table ....................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    42 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us