Shodan: A search engine for hackers

This could be Google's dark twin: a "scary" search engine that looks not for things waiting to be discovered but for backdoors that lead to sensitive equipment like security cameras and command-and-control systems.

 

Shodan —launched way back in 2009— is designed to potentially grant access to an agency via its back doors, tech site GCN.com reported.

 

"Shodan (an acronym for Sentient Hyper-Optimized Data Access Network) crawls the Web and logs every undiscovered device it finds. The site says that it catalogs more than 500 million devices every month," GCN said.

 

However, it said Shodan's owner has taken steps to keep the site from becoming a boon for terrorists or hackers by limiting search results to 10. It also requires a subscription for 50 results per search.

 

GCN's John Breeden II said that with Shodan, he discovered a security network for a jail in Canada.

 

"In fact, by understanding the naming conventions and knowing the IP ranges, a dedicated hacker might be able to do almost anything within a specific city," he said.

 

Breeden said power and water plants and other parts of the infrastructure are potentially vulnerable, along with SCADA (supervisory control and data acquisition) systems used in industrial settings.

 

On the other hand, GCN said part of the potential danger also lies in the discovered devices not being secured or being protected only by default passwords.

 

It added Shodan could be put to good use as a tool looking for unsecured devices and those that do not need to be connected to the Internet. — TJD, GMA News