FRIENDLIEST SCADA ON THE NET
August 15, 2014 11:04 AM Subscribe
A scan for systems allowing remote desktop connections without passwords performed during a Defcon talk about the Masscan tool found a wide variety of system open for anyone with knowledge of the correct IP address, such as access to a hockey rink, a manufacturing plant for a Swedish condiment, hydroelectric plants and
a lot more.
Dan Tentler has posted screenshots of systems that allows anonymous VNC (a remote desktop solution) connections
Dan Tentler has posted screenshots of systems that allows anonymous VNC (a remote desktop solution) connections
Coming in 2015 The Net 2: Zamboni Terror.
posted by yoink at 11:15 AM on August 15, 2014 [2 favorites]
posted by yoink at 11:15 AM on August 15, 2014 [2 favorites]
AHHHHH!!!!! That creepy video is his first link! It's following me now!
posted by Mogur at 11:39 AM on August 15, 2014 [1 favorite]
posted by Mogur at 11:39 AM on August 15, 2014 [1 favorite]
Shouldn't the people who managed to get VNC running inside of DOS, grub, and Windows 3.0.0(!!) be smart enough to put a password on the thing?
posted by schmod at 11:42 AM on August 15, 2014 [5 favorites]
posted by schmod at 11:42 AM on August 15, 2014 [5 favorites]
Seeing some of those power stations listed gives me the creeps. You could make a lot of people's lives very shitty (or short) if you pressed the wrong thing.
posted by scruss at 12:03 PM on August 15, 2014
posted by scruss at 12:03 PM on August 15, 2014
Interesting. This reminds me of that thread (maybe two of them) listing unsecured webcams around the world.
posted by Ik ben afgesneden at 12:12 PM on August 15, 2014 [1 favorite]
posted by Ik ben afgesneden at 12:12 PM on August 15, 2014 [1 favorite]
...be smart arsed enough to put a password on the thing?
posted by maxwelton at 12:42 PM on August 15, 2014 [2 favorites]
posted by maxwelton at 12:42 PM on August 15, 2014 [2 favorites]
Most companies don't want to spend a lot of time or money on support so they make things as easy as possible to install so no one has to call them up and ask questions. Plus, when something is made secure it's likely that it will not work for everyone in every situation so they open everything up to make it more compatible. The result is a whole lot of very insecure devices that quietly sit on your network and never cause a problem until they get used as the entry point to an attack.
posted by tommasz at 1:29 PM on August 15, 2014 [1 favorite]
posted by tommasz at 1:29 PM on August 15, 2014 [1 favorite]
The traditional SCADA excuse is 'but it's an airgapped network anyways'. Not in 2014, it's not.
posted by pwnguin at 1:36 PM on August 15, 2014 [6 favorites]
posted by pwnguin at 1:36 PM on August 15, 2014 [6 favorites]
Shouldn't the people who managed to get VNC running inside of DOS, grub, and Windows 3.0.0(!!) be smart enough to put a password on the thing?
I'd assumed those were VM consoles, actually. You can run VirtualBox (for example) without a local display, in which case it presents itself as either an RDP or VNC server, depending on version and configuration.
From what I remember, the VNC server configuration in VirtualBox is quite badly documented, or has been in the past. I only got as far as getting it to demand a password - getting it to actually accept a password turned out to be a task rather beyond me, so I just gave up and left it unprotected.
It was an unimportant test machine, running on a host without an internet-routable IP address, but I was still nervous about doing that.
posted by reprise the theme song and roll the credits at 1:55 PM on August 15, 2014 [1 favorite]
I'd assumed those were VM consoles, actually. You can run VirtualBox (for example) without a local display, in which case it presents itself as either an RDP or VNC server, depending on version and configuration.
From what I remember, the VNC server configuration in VirtualBox is quite badly documented, or has been in the past. I only got as far as getting it to demand a password - getting it to actually accept a password turned out to be a task rather beyond me, so I just gave up and left it unprotected.
It was an unimportant test machine, running on a host without an internet-routable IP address, but I was still nervous about doing that.
posted by reprise the theme song and roll the credits at 1:55 PM on August 15, 2014 [1 favorite]
@schmod: almost certainly those are virtual machine guests. I know VMware and Xen (and probably others) let you view the vm console over a VNC connection.
posted by sbutler at 1:58 PM on August 15, 2014 [1 favorite]
posted by sbutler at 1:58 PM on August 15, 2014 [1 favorite]
Interesting. This reminds me of that thread (maybe two of them) listing unsecured webcams around the world.
Shodan will let anyone w/out the know-how to use Masscan get a feel for just how many web-facing devices there are out there.
Here's a simple search for 'camera'.
I'm guessing someone w/even rudimentary hacking skills could quickly find many using flimsy or manufacturer's default passwords.
posted by ryanshepard at 1:58 PM on August 15, 2014
Shodan will let anyone w/out the know-how to use Masscan get a feel for just how many web-facing devices there are out there.
Here's a simple search for 'camera'.
I'm guessing someone w/even rudimentary hacking skills could quickly find many using flimsy or manufacturer's default passwords.
posted by ryanshepard at 1:58 PM on August 15, 2014
Given how many variations of that classic Swedish caviar spread (creamed smoked roe) they've released over the last few years, that screen might be a honeypot run by the product development department.
(fun fact: the little face is the then-CEO's son Carl, 6 years old at the time. He got a lifetime supply of Kalles as compensation, and is supposedly still receiving regular deliveries 60 years later.)
posted by effbot at 2:03 PM on August 15, 2014 [2 favorites]
(fun fact: the little face is the then-CEO's son Carl, 6 years old at the time. He got a lifetime supply of Kalles as compensation, and is supposedly still receiving regular deliveries 60 years later.)
posted by effbot at 2:03 PM on August 15, 2014 [2 favorites]
scruss: "You could make a lot of people's lives very shitty (or short) if you pressed the wrong thing."Indeed. Having the controls for your sauna publicly available over the net could lead to sudden overheating. Worst thing is the cops would probably never figure out how the thermostat "malfunctioned".
posted by brokkr at 2:53 PM on August 15, 2014
Colonel Mustard rerouting the Swedish condiments to the hockey rink in the hydroelectric plant with the laptop
That read like having a stroke in a Cory Doctorow novel.
posted by Itaxpica at 5:57 PM on August 15, 2014 [3 favorites]
That read like having a stroke in a Cory Doctorow novel.
posted by Itaxpica at 5:57 PM on August 15, 2014 [3 favorites]
pwnguin: “The traditional SCADA excuse is 'but it's an airgapped network anyways'. Not in 2014, it's not.”Yes, but why? I can see small operations being casual, but a hydroelectric plant? Those people are supposed to be professionals.
posted by ob1quixote at 1:52 PM on August 17, 2014
GNU hackers discover HACIENDA government surveillance and give us a way to fight back
posted by jeffburdges at 5:31 AM on August 21, 2014
posted by jeffburdges at 5:31 AM on August 21, 2014
« Older "But really, if you can make tea, then you can... | What's not to like? Newer »
This thread has been archived and is closed to new comments
posted by fallingbadgers at 11:10 AM on August 15, 2014 [20 favorites]