fbpx

Let’s talk seriously about industrial cybersecurity: What you don’t know can hurt you.

Industrial cyber security is all over the news, and not in a good way. Our most vital industries – including power, water, nuclear, oil and gas, chemical, food and beverage, and critical manufacturing – are under attack. The gravity of the situation became clear when the FBI and the Department of Homeland Security went public in October about existing, persistent threats. Virtually or not, bad actors are among us.

Unlike physical attacks, cyber attacks are nonstop. Cyber hackers have graduated from simple mischief and denial-of-service attacks to ransomware, theft of competitive information, interception or altering of communications, the shutdown of industrial processes, and even knowledge manipulation through the news and social networks (it’s bigger than just politics). Who knows what’s next?

Digitalization and connectivity are heightening cyber risk, though they are foundational to the Internet of Things (IoT), cloud computing, Big Data analytics, and artificial intelligence. Breaching a single connected operational technology (OT) device or system puts everything on the network at risk.

Low-security and small networks provide easy access for bad actors, whether they’re traditional hackers, black-hat hackers making money on the dark web, nation-states, or malicious insiders. Human error and negligence also are cyber risks.

To establish and sustain cybersecurity and restore the confidence of the public, greater awareness of threats and ownership of risks are imperative. In addition to mastering basic security measures, the industry needs to detect and respond to attacks with persistence and resilience. Trust is not a strategy.

Fortunately, industrial software, technology, equipment, and service providers are fast ramping up their defenses, and dozens of new cybersecurity technology and services firms are offering to help. Consultants, legislators, regulators, and standards bodies also have prominent roles, but it is the end users, ultimately, who must put the cybersecurity puzzle together.

Here, several industry and cyber professionals weigh in about industrial producers’ cybersecurity risks and responsibilities and offer their actionable recommendations.

How bad is the problem?

When companies are surveyed about their top business risk, the answer increasingly is cybersecurity, says Alan Berman, president, and CEO of the not-for-profit Disaster Recovery International Foundation (DRIF). The IoT – now a $3 trillion to $6 trillion industry – is opening new doors to cyber hackers. An estimated 50 billion connected devices (handhelds, sensors, etc.) are in use already.

Speaking at the Society of Maintenance and Reliability Professionals (SMRP) 2017 Conference, Berman noted that cyber hacking has matured to become a sophisticated industry seeking to penetrate devices and systems through the weakest link in the chain, with the goal of profitability. “It is a business and we have to deal with it as a business,” he explains.

The weakest link could be a vending machine in the plant, Berman says. “Once hackers get on the network, they can get into everything,” he says. “When that happens, it could be months before the breach is discovered. What looks like a malfunction could actually be a hack.”

Until there’s awareness within the maintenance organization of the security risks associated with adding or replacing a connected device, the number of cyberattacks an organization sees will continue to rise, says Howard Penrose, president of MotorDoc.

Penrose has easily uncovered industrial cybersecurity gaps using Shodan.io, a search engine for finding internet-connected devices. In one case, “We found numerous points of access to different IoT devices using (the organization’s) default passwords, including links to the documents with those passwords,” he says. “In another case, an OEM had installed software on wind generation systems that allowed them to be turned on or off with a smartphone app.”

Most people equate cybersecurity to the network or IT, but the things that go “boom” in the night are on the industrial control system (ICS) side, says Joe Weiss, managing partner at Applied Control Solutions. “Not enough people are looking at this,” he says.

Weiss has been compiling a nonpublic ICS cyber-incident database that he says already contains more than 1,000 actual incidents, representing about $50 billion in direct costs. Each new entry serves as a learning aid or reminder; often they’re logged in his cybersecurity blog.

“People worry about the IT/OT divide, but the real divide is what comes before and after the Ethernet packet,” suggests Weiss. “Before the packet is where the Level 0,1 devices live (sensors, actuators, drives), and that’s where cybersecurity and authentication are lacking.”

As managing director of ISA99, Weiss recently helped start a new working group for Industrial Automation and Control System Security standards to address the cybersecurity of Level 0,1 devices.

Fear or fight?

Digitalization adds significant value despite the cyber risk. “Don’t fear connectivity – the benefits are too great,” says Eddie Habibi, founder, and CEO of PAS Global. On the other hand, he cautions, the threat of cyber attack is imminent and proven; critical systems are vulnerable; and “every minute, day, or month that you put off securing your systems, they remain at risk.”

Malicious code can sit dormant on a network for months or years before it suddenly activates, explains Habibi. The consequences can be significant to safety, production, the company’s reputation, insurance costs, and even the cost of borrowing for organizations that are not considered secure. “It’s beyond the theft of data; it’s now hitting the bottom line,” he adds.

While OT operators face all of the cybersecurity risks common in IT environments, many of the tools used to mitigate those risks are not available for OT networks, observes Chris Grove, director of industrial security at Indegy. He notes the following crucial distinctions:

  1. OT networks are not designed from the ground up with security in mind, meaning that industrial controllers are not typically protected with authentication, encryption, authorization, or other standard security mechanisms.
  2. A successful cyber attack on an OT network could have safety, financial, and environmental implications.
  3. It is much more difficult to monitor OT networks than it is to monitor IT networks because of the lack of monitoring tools, the proprietary protocols in use, and network isolation.

With the right tools, such as those developed for OT asset discovery and for tracking of user activity and changes to operational code, operators can identify risky configurations, malware, human errors, and insider attacks.

“Security is not a static thing,” cautions Dr. Allan Friedman, director of cybersecurity initiatives at National Telecommunications and Information Administration (NTIA) in the U.S. Commerce Department. “It needs to be adaptive, resilient, and scalable.” He continues: “For example, don’t assume that an air-gapped system (unplugged from any network infrastructure) will stay that way. Improperly trained personnel may establish new connections, or the USB drive used for a software update may carry an infection.”

Security by design and necessity

Trust is the new currency; more regulations are coming, and cybersecurity is not an option because we are moving toward digital at the speed of light: Dr. Ilya Kabanov, global director of application security and compliance for Schneider Electric, made these three points at the ASIS 2017 international security conference.

Kabanov urges OEMs to embed privacy and security in the products themselves. “It is not security vs. innovation; security requires innovation,” he explains.

Richard Witucki, the cyber security solutions architect at Schneider Electric, agrees. “Since security by obscurity is no longer a viable option, it is incumbent upon manufacturers such as Schneider Electric to embed cyber security directly into their products,” he says. “By doing this, we enable the end users to take a much more defense-in-depth approach.”

Schneider Electric’s approach includes actively training its development teams and engineers in secure development life-cycle programs, incorporating established security controls into its products, and conducting exhaustive internal and external testing. The ISA99/IEC 62443 set of standards was chosen because it addresses cybersecurity at several levels, including the products, the systems, and the development life cycle of the products and solutions.

“We all rely on products that control our critical infrastructure to perform as expected,” Witucki says. “Ironically, because these systems are so reliable (e.g., PLCs controlling a seldom-used diesel generator for 20 years), they have now become a vulnerability within the shifting threat landscape.”

Predictive maintenance (PdM) system and service providers are also tackling cybersecurity. Paul Berberian, the condition monitoring specialist at GTI Predictive Technology, has heard customer comments ranging from “It is not an issue” and “Nothing in the plant is connected to the outside world,” to concerns about internal secrets being vulnerable through an internet connection.

“Maintenance and reliability departments want to use PdM technology, but some don’t want to fight the battle internally with IT,” explains Berberian. “In my opinion, the concern for most of these companies is that hackers will be able to find a way into their plant network through the PdM data portal.”

To mitigate this risk, GTI uses SSL certificates to ensure the security of its sites; it requires encrypted usernames and passwords for access; it encrypts the stored data, and it uses a secure (HTTPS) web address.

Operational security technology partnerships are also forming. “Manufacturers and utilities want a single, accountable provider with a reputation like Siemens’ rather than a dozen suppliers,” says PAS Global’s Habibi.

The Siemens-PAS partnership looks to help companies that are struggling to establish adequate cybersecurity regimens. The PAS Cyber Integrity analytic detection engine identifies and tracks cyber assets, enabling fleetwide, real-time monitoring of control systems. Forensic and analytics technologists at the Siemens Cyber Security Operations Center apply their expertise to this information so they can dig deeper and provide a more robust response to potential threats.

“There is a 100% probability that any company will suffer from a cyber attack, and these attacks travel with lightning speed – how resilient will your response be?” asks Leo Simonovich, vice president and global head of industrial cyber security at Siemens.

What should you do right now?

First, master the basics: access controls, backup and recovery, software updates and patching, network segmentation, system hardening, and malware prevention on endpoints. Consider using a search engine like Shodan.io to quickly gauge risk exposure.

Cybersecurity should be treated like lean manufacturing and Six Sigma initiatives; it should be a continuous process reviewed and assessed on a regular basis, says Schneider Electric’s Witucki. “It is not a goal, but a journey,” he says.

He suggests selecting a cybersecurity standard appropriate to your industry and organization and then focusing attention where it is needed most with a gap analysis or risk assessment. This starts with an inventory of all computer-based assets (hardware, software, etc.). “When you consider some of this equipment may have been operating for 20 years inside an enclosure, you start to understand why this may be difficult,” adds Witucki.

GTI’s Berberian’s urges both industrial solution providers and end users to establish a strategy and security protocol that suppliers must meet. “A strategy that everyone understands, other than ‘We will never use the cloud,’ is most helpful,” he says.

To secure complete operating environments, companies must begin by addressing the fundamentals: discovery, prioritization, monitoring, and protection of their assets, advises Siemens’ Simonovich. He also advocates that company leaders consider addressing OT cybersecurity as one of their core responsibilities. This requires ownership, a strategy that looks at the challenge holistically, and strategic partnerships with best-of-breed companies.

NTIA’s Friedman suggests the following when acquiring new equipment or devices:

  1. Ask questions regarding security: What are the risks, and how can they be mitigated?
  2. Employ basic security hygiene: Use strong passwords and security credentials; apply patches promptly; employ network segmentation; and “know what’s under the hood” (e.g., which operating system is used).
  3. Partner with other sectors and organizations on design principles: Your problems probably aren’t unique, and others may have developed useful security solutions.

Ensure that the default passwords are changed, especially in the settings of variable-frequency drives, energy monitoring devices, and other connected systems adds MotorDoc’s Penrose. Also, never let a vendor bypass security to connect to the network. “We once found that a USB WiFi card had been installed on a secure network so a vendor could access the system remotely, eliminating the isolation of the critical system's network,” he says. He adds that if the IT personnel are capable, they should be performing device vulnerability analyses.

Indegy’s Grove says that while active, passive, and hybrid ICS security monitoring approaches all have advantages, a hybrid approach is likely to provide the best value for most organizations because it “gives organizations total visibility into their OT network and environment.”

Applied Control Solutions’ Weiss reminds us that it isn’t always clear what is or isn’t a cyber event, and SCADA is not a fail-safe to identify potential cyberattacks. By design, in some cases it may not detect critical malfunctions. Weiss suggests getting involved in the new ISA99 working group and sharing your ICS cyber incidents with him (This email address is being protected from spambots. You need JavaScript enabled to view it.).

Finally, and perhaps of most importance, cautions Schneider Electric’s Kabanov, everyone from executives to end users must decide whether cyber protections make sense. If they don’t believe they do, they’ll work around them.

Much more needs to be done to protect the critical industrial sector. The bad actors already are planning their next move. What’s yours?

Source: This article was published plantservices.com By Sheila Kennedy

Categorized in Internet Privacy

We've been talking about the potential of hacker strikes on electric grids for years, and now it looks like the threat is imminent. Symantec reports that a group it calls Dragonfly is targeting energy and power sectors in the US and Europe, with the intention of both learning how these facilities operate as well as eventually gaining control over the systems.

This isn't the first time we've heard of Dragonfly. Back in 2014, Symantec and other researchers identified the group as responsible for a series of attacks on US and European energy systems that stretched from 2010 to 2014. A joint analysis between the Department of Homeland Security and the FBI in 2016 tied Dragonfly to Russian malicious activity, though Symantec has been careful not to speculate on the origins of the group. Now, it appears the hacker organization is active again in a campaign that Symantec has termed "Dragonfly 2.0."

 

This series of attacks began in December 2015 with an email scam sent to people within the energy sector. The group gathered network credentials and were able to install back doors that provided remote access to targets' computers. Symantec cautions that the 2010–2014 attacks may have been an intelligence-gathering phase. Now, the group could be trying to gain access to energy systems for all-out attacks.

Symantec notes that one of the most troubling aspects of this campaign is the use of screenshots. In several US attacks, hackers were able to capture screen grabs of actual control panels for these energy systems. "That's exactly what you'd do if you were to attempt sabotage," Eric Chien, a Symantec security analyst, told Wired. "You'd take these sorts of screenshots to understand what you had to do next, like literally which switch to flip."

It sounds frightening, to be sure, but now that we're aware the threat exists and is active, there are measures that can be put in place to thwart Dragonfly 2.0. Symantec's recommendations include encrypting sensitive data, implementing secure passwords and two-factor authentication and making sure overlapping defensive systems are in place. Even with these measures, though, it's important to remain vigilant to ensure that the group isn't able to take control of US and European energy systems.

Source: This article was published engadget.com By Swapna Krishna

Categorized in Internet Privacy

With so much of life lived online, it can be hard to remember passwords for every app and platform you're on, but re-using them is putting people at an ever-increasing risk of being hacked.

The recent data breach of food and restaurant search engine Zomato saw hackers steal 17 million users' data.

The company had to strike a deal with the hacker, who agreed to destroy all data and not sell it to someone over the dark web.

Cyber security researcher Troy Hunt said while the risk was mitigated by the company, it should be a wake-up call to users.

 

"If I've used that same password on Zomato and many other places, I would be quite concerned, because now someone literally has the key to get into my other services," he told 7.30.

He said the real risk is "credential stuffing": where hackers take credentials like emails and passwords from one system, and test them on a bunch of others.

"Last year we saw the LinkedIn data breach, about 158 million records were in there, they were selling that for thousands of dollars," Mr Hunt said.

"And people would buy that because then they can get the usernames and passwords and use them to break into other systems where people have re-used their credentials.

"So that might let them get into your eBay account for example, and buy things under your identity, which they can then go and sell at other places."

As they've become cheaper to make, the number of apps and websites has exploded.

But according to Chris Culnane from Melbourne University, security is often neglected.

"We're in an innovation-driven industry and you've got to be constantly innovating and constantly doing something new and security takes a long time and costs a lot of money," Professor Culnane said.

"Often the priority is getting a new app out there with a new feature and security comes as an after-thought."

What should you do if you've been hacked?

Mr Hunt, who runs a website that allows people to check whether accounts linked to their email addresses have been hacked, said there were a number of things people could do if their security information had been compromised.

"It really depends on what's happened," he said.

 

"My wife had her credit card exposed somewhere a couple of days ago, so obviously you cancel your credit card, change your direct debits.

"If it's been your password from a system, change your password, and take that opportunity to create different passwords everywhere, unique passwords everywhere.

"If it's been things like your personal address, and your gender and your birthdate or things that might be used for identity theft, have a look at identity protection services."

Professor Culnane agreed that passwords were key.

"The first priority is to change the passwords, to make sure that somebody can't use that information against that particular account," he said.

 

"Going forward, they should make sure that they're not using the same password on multiple accounts and they should try to use things like two fact authentication or any additional security measures that service providers give them."

What else can I do to stay safe online?

One measure available to consumers is password managers, which keep track of the many unique codes people would otherwise have to remember.

Mr Hunt admitted some had been subject to vulnerabilities in recent years but said they were still worth considering.

"Probably the worst we've seen in recent years is very strongly protected passwords being exposed for a small number of people for small amount of time," he said.

"And if you practised good password hygiene with that service — so you signed up to the password manager and you had a good, strong, unique master password — the chances of anything going wrong are actually very small.

"It's a risk trade-off, but as it stands you are much better off using a password manager and using it properly than trying to do it all in your head."

Professor Culnane believes people need to simply be less complacent about giving up their details online.

"It's become almost normal just to hand out your contact detail to any website or app and we're not really being made aware of exactly how that data's being used or how it's being stored," he said.

"[Consumers should] ask, does the app or company really need to know this information? If not, ask why they're collecting it.

"If you're not paying for the product, you probably are the product.

"Your data is becoming their revenue stream, so ask, 'should they be collecting it? Are you getting something in return for it?'"

Source: This article was published abc.net.au By Lauren Day

Categorized in Internet Privacy

WHATSAPP users are being targeted by cybercriminals, who have unearthed a new way to pilfer your online bank account details. This is everything you need to know about the new hack, and how to avoid the scam.

WhatsApp users should be careful to avoid a new scam that attempts to steal your bank account login details.

Hackers are targeting unsuspecting users with a mobile virus that is distributed via legitimate-looking Word documents sent inside WhatsApp .

Once opened, these documents are capable of siphoning sensitive information from users, including online banking credentials and other personal data.

 

The virus has also been disguised as a Microsoft Excel or PDF file, according to users.

So far, the technique has only been demonstrated in India, with the malicious files bearing the names of the NDA (National Defence Academy) and NIA (National Investigation Agency) to try and lure WhatsApp users into downloading and opening the virus-laced files.

According to a report by the Economic Times, central security services in India have issued a notification to the NDA and NIA, since it is believed the WhatsApp attacks are attempts to target people in uniform.

Officials told the publication, "As these two organisations are very popular and known within the country and abroad and there is a curiosity about them, it is possible that it may affect the mobile phones of people interested in these subjects.

"However, it has been analysed that the men and women in defence, paramilitary and police forces could be the target groups."

The virus is purportedly able to access personal data stored on the smartphone, including banking credentials and PIN codes.

This is not the first time cybercriminals have used .

Last year, WhatsApp users in the UK were warned about  that claimed to offer users a .

 

Worse still, the scam message appeared as if it was forwarded by someone within your contacts – such as a friend or family member.

However the recipient name was actually a fake designed to trick WhatsApp users into trusting the web address for the alleged £100 Sainsbury's voucher.

The scam message asks users to follow a link to the web for the Sainsbury's voucherThe WhatsApp scam message asks users to follow a link to the web for the Sainsbury's voucher

The messages reads: "Hey have you heard about this?

"Sainsbury's is giving away £100 gift cards. They are expanding their store network and they launched this promotion.

 

"Grab a gift card while its lasts. I got mine already." (sic)

The -owned app was recently praised by Amnesty International, which dubbed the Facebook-owned instant messenger as the "most secure" platform available to consumers.

But  was convinced by the praise.

WhatsApp is aware that cybercriminals use its app to try and steal users' information
WhatsApp is aware that cybercriminals use its app to try and steal users' information

According to Amnesty International, the chat app, which uses end-to-end encryption by default, was closely followed by Apple's iMessage and FaceTime, and Telegram.

However it is still possible to become the victim of a scam – like the above – within these secure apps.

 

WhatsApp is aware that spam messages manage to make their way onto its secure platform.

According to the hugely-successful firm, "We work diligently to reduce any spam messages that come through our system.

"Creating a safe space for users to communicate with one another is a priority. 

 "However, just like regular SMS or phone calls, it is possible for other WhatsApp users who have your phone number to contact you.

"Thus, we want to help you identify and handle these messages.

"Unwanted messages from unauthorised third parties come in many forms, such as spam, hoax and phishing messages. 

"All these types of messages are broadly defined as unsolicited messages from unauthorised third parties that try to deceive you and prompt you to act in a certain way."

If you think you have been tricked into clicking on any of these links –

Source: This article was published express.co.uk By AARON BROWN

Categorized in Internet Privacy

A few search terms can lead to an exposed Internet connection. That's apparently how an Iranian hacker accessed a dam in New York state.

Bad guys and good guys alike can use Google to find vulnerable targets online. What matters most, then, is who's fastest.

"Google dorking." It sounds goofy, but it could be just the ticket for a hacker looking to stir mayhem.

The search technique is one of several methods that bad guys can use to find vulnerable computer systems and trace them to a specific place on the Internet. All they have to do is type in the right search terms, and they're well on their way.

That's how an Iranian hacker found a vulnerable dam in the US, according to a The Wall Street Journal story that cited people familiar with the federal investigation into the security breach.

 

It's a troubling example of what security researchers have long known -- a computer system with out-of-date software is a sitting target. That's because information about old and buggy software and how to hack into it has a way of getting to the public very quickly.

Add dorking (or "Google hacking," a term preferred by some cybersecurity pros) to a growing list of tools that, used together, can help automate the process of finding and exploiting weak spots everywhere, from an element of a city's infrastructure to a surveillance camera in your home or the network of a business that holds records of all your personal information. Google is just one layer of this approach, and other search engines from Microsoft's Bing to the specialized Shodan.io can be substituted for it.

Experts say that with these tools, a hacker could roll out of bed, check his or her email and find alerts with information on how to hack you before breakfast.

"If you like it, then you can go attack it," said Srinivas Mukkamala, chief executive of cybersecurity company RiskSense.

"I don't need to know anything, and I can be a very bad guy.

What saved the day in the case of the small Bowman Avenue dam in Rye Brook, New York, is that at the time of the breach in 2013, the dam, undergoing maintenance, had been disconnected from the computer system that controlled it. Otherwise, the hacker might have been able to take control of the floodgate.

 

Similar techniques are known to have been used in espionage efforts.

Scary, right? But these search engines and alert systems are only making it easier to find information that's already public.

More important, said Mati Aharoni of cybersecurity company Offensive Security, these services help out the good guys much more than they could possibly help malicious hackers, who will get their hands on the information one way or another.

Aharoni trains people to use his company's repository of known hacking attacks, Exploit Database. The trainees are good guys who need to track down fatal flaws quickly, he said. Hackers already have access to illegal tools that guys good guys can't use. "We're helping to level the playing field."

Shodan CEO John Matherly, whose Shodan.io search tool is used by security companies to find specific computers, agreed. If you're a hacker looking for vulnerable systems, "you can do so fairly cheaply on your own," he said.

 

Hacking made easy

Layered on top of all the search services are systems that can send automated alerts. One is the Google Hacking Diggity Project. It draws on services like Google alerts, so you can get a message letting you know when a search engine indexes new information about a particular topic. Google is not involved in the creation or operation of Diggity.

A lazy hacker could conceivably use it to get an alert when a vulnerable system and a tool for hacking it are both available, RiskSense's Mukkamala said.

But Diggity creator Fran Brown said his tools help people who are defending websites and computer networks -- or, for that matter, Internet-connected dams -- to quickly find out when their systems are leaking sensitive information or have a known vulnerability.

"You basically can trip over dangerous and sensitive information just by Googling,

said Brown, co-founder of cybersecurity consulting firm Bishop Fox.

It's not clear how exactly the Iranian hacker got into the dam's systems after he reportedly found its location on the Internet using Google. He's been indicted along with six other Iranian hackers by the US Department of Justice for the dam attack and for attacks on banks.

He might have used the same vulnerability that flagged the dam in a Google dork search to break in, or he might have used a completely unrelated attack.

But the hack still highlights what can go wrong if a security flaw hangs around on a system after it goes public. When a manufacturer announces a fix, it's a race against time to patch up the problem. It's also a race that the people responsible for many Internet-connected systems are losing badly, said Michael Bazzell, a former cybercrimes investigator with the FBI.

"If that system hasn't been patched in the last few years," Bazzell said, "it's pretty trivial getting in."

This article was  published in cnet.com by Catalina Albeanu

Categorized in Internet Privacy

Karim Baratov poses in front of his house in Ancaster, Ont., in this undated photo. Online, Baratov presents himself as a high-end car enthusiast who made his 'first million' at age 15. (Facebook)

22-year-old Hamilton resident's social media profiles paint different picture than FBI's

The FBI alleges that 22-year-old Karim Baratov, from Ancaster, Ont., was one of four men connected with a series of cyberattacks carried out on Yahoo that began in early 2014.But you wouldn't know it from Baratov's online persona.

On Instagram, Baratov presents himself as a high-end car enthusiast. He has frequently posted pictures of Aston Martins, Audis, Mercedes and BMWs, among other cars that he claimed to own; gaining nearly 30,000 followers in the process.

In one post, he describes himself as "well off in high school to be able to afford driving a BMW 7 series and pay off a mortgage on my first house.

"In others, he's shown spreading handfuls of $100 bills.

 

Baratov, who has dual Canadian-Kazakh citizenship, goes by at least two other names according to the FBI. He does not list his profession, nor how he became so well off at such a young age, on social media.

Karim Baratov InstagramThe 22-year-old was arrested Tuesday morning in Ancaster by Toronto police and turned over to the RCMP. (Instagram)

His Instagram profile describes him only as a: "Workaholic. Occasional drawer. Gym rat.

"But a cached search reveals another description: "Self made entrepreneur/programmer/web developer/investor.

"Clues left on Baratov's various social media profiles and websites registered under his name — coupled with allegations of computer hacking and economic espionage made by the FBI — offer a glimpse into how Baratov may have made his living.

He claimed in postings on the social media site Ask.fm that he made his "first million" when he was 15, working on "online services."

 

 "I prefer online businesses because there is way less risk and less effort in a way," he wrote.

A call to the number tied with Baratov's home address was not answered.

Baratov made a brief appearance in a Hamilton courthouse on Wednesday morning and was returned to custody.

Old websites leave clues

Neighbours on Chambers Avenue where Baratov lives said Wednesday they often puzzled at the young man's lifestyle – to be able to afford to live alone in a large, new house in an expensive subdivision, and to always be seen driving pricey cars.

"His parents either bought him the house, or he's getting money somewhere else, because he doesn't seem to work all day; he just drives up and down the street," said Kerry Carter, a neighbour who lives a few doors down.

Karim Baratov House 56 Chambers Ancaster Yahoo hacking hackerKarim Baratov's house in Ancaster. A call to the number tied to Baratov's house address was not answered. (Kelly Bennett/CBC News)

 

Baratov's Facebook page links to a website called Elite Space, written in Russian, which claims to offer a number of services, including servers for rent in Russia, protection from distributed denial of service (DDoS) attacks, and domain names in China.

Though it does not specifically mention hacking, there are clues on other sites that this may also have been among his services.

For example, an email address matching one of Baratov's aliases was used to register an account with a Russian discussion forum, which lists DDoS and hacking as the Canadian user's interests. The profile then links to a website that claims to offer email hacking services for a handful of Russian email services, including Mail.ru, as well as Gmail.

There are also a number of websites registered in Baratov's name, including one called "mail-google.us," and another "mail-yandex.us." Though the websites are no longer online, the URLs appear designed to trick visitors into thinking they are visiting a legitimate Google or Yandex email site — a common phishing tactic. 

Karim BaratovKarim Baratov is shown in a photo from his Instagram account. In online postings, he claims he made his 'first million' when he was 15, working in online services. (Instagram/Canadian Press)

While it is difficult to definitively link the sites to Baratov, they appear to fit the FBI's description of his alleged illicit work.

According to the agency's indictment, Baratov's job was to use the information gleaned from the Yahoo intrusion to gain access to targets' email accounts with other service providers.

 

​Baratov's last Instagram post was a photo from the 70Down restaurant and lounge in Toronto's Yorkville neighbourhood, the night before his arrest.

Source : cbc.ca

Categorized in Internet Privacy

Hiring a hacker could reveal security flaws in your organisation.

The global cost of cybercrime could reach £4.9 trillion annually by 2021, according to a recent report from Cybersecurity Ventures. Cyber crime incidents continue to plague organisations globally, even as businesses pour money into boosting their security. 

But how do businesses deal with vulnerabilities they cannot identify? It only takes one smart hacker to discover a backdoor and get access to your sensitive data and systems. 

Organisations must identify the weaknesses in their cyber security, before -- not after -- they’re exploited by hackers. However, to beat a hacker you’ll need to think like one. Here’s how -- and why -- you should hire a hacker in 2017.

 

 

The stakes have never been so high 

State sponsored hacking wreaked havoc in 2016 when Yahoo revealed that 1billion accounts were compromised in the largest data breach in history. And as cyber crime becomes increasingly advanced, the threat hackers pose to businesses will only increase. 

Leave your organisation open to a data breach and it could cost you a massive £4.25m (on average). And that’s without considering the painful remediation and brand damage you’ll be subject to as a result. 

These attacks aren’t restricted to huge multinationals, the latest Government Security Breaches Survey found that 74% of small organisations reported a security breach in the past year. 

For any organisation, a security flaw passing undetected is a huge risk, and when GDPR hits in 2018 the stakes will only increase.    

The EU General Data Protection Regulation will come into force in 2018 and will govern how businesses handle customer data. Compliance won’t be easy, and the risk of non-compliance is massive, with potential £17million fines.

  

Big businesses aren’t safe from this, and they’ll need to boost their data security to ensure compliance. Tesco were recently lucky to escape a £1.9bn fine for a recent data breach. 

How hackers will boost your cyber security 

Not every hacker wants to attack your business and leak your sensitive data. There are hackers out there who are paid to protect, not provoke. 

Known as ‘white hat’ or ‘ethical hackers’, these security professionals strive to defend organisations from cyber criminals.   

They’re not your conventional dark web lurking delinquents. Ethical hackers are IT security experts -- trained in hacking techniques and tools -- hired to identify security vulnerabilities in computer systems and networks.   

According to ITJobsWatch, the average salary for an ethical hacker is £62,500. Considering the average cost of a data breach sits at £4.23m, that’s a small price to pay.  

Businesses and government organisations serious about IT security hire ethical hackers to probe and secure their networks, applications, and computer systems. 

But, unlike malicious ‘black hat’ hackers, ethical hackers will document your vulnerabilities and provide you with the knowledge you need to fix them.  

Organisations hire ethical hackers to conduct penetration tests - safe attacks on your computer systems designed to detect vulnerabilities.   

To test their security, businesses often set goals or win states for penetration tests. This could include manipulating a customer record on your database, or getting access to an admin account –potentially disastrous situations if they were achieved by malicious hackers. 

Ethical hackers leverage the same techniques and tools used by hackers. They might con employees over email, scan your network for vulnerabilities or barrage your servers with a crippling DDoS attack.   

But instead of exploiting your business, ethical hackers will document security flaws and you’ll get actionable insight into how they can be fixed. It’s your responsibility to act on the ethical hacker’s guidance - this is where the hard work begins. 

Without these harmless penetration tests security holes remain unseen, leaving your organisation in a position that a malicious hacker could exploit.   

Not your typical dark web delinquents 

Thankfully, the days of hiring underground hackers and bartering with bitcoins are over. There’s now a rich pool of qualified security professionals to choose from, complete with formal ethical hacking certifications.   

Ethical hackers, or penetration testers, can be hired just like any other professional, but be certain to get tangible proof of your ethical hacker’s skills.   

Ethical hackers, or penetration testers, can be hired just like any other professional, but be certain to get tangible proof of your ethical hacker’s skills. 

 

Candidates with the CEH certification have proved they know how to use a wide range of hacking techniques and tools.     

What’s more, CEH certified professionals must submit to a criminal background check. These experts are committed to their profession and do not use their hacking knowledge maliciously. 

Despite the relative youth of the ethical hacking field, these professionals have already proved their worth to some of the largest businesses in the world. 

This year Facebook awarded a white hat hacker £32000 -- its largest ever bounty -- for reporting one ‘remote code execution flaw’ in their servers.   

That’s not the first time Facebook have paid out either. They’ve long supported the efficacy of bug bounties, having paid more than £4 million to ethical hackers since it’s program debuted in 2011. 

How to hire a hacker (legally) 

It’s important to understand what you actually want from your ethical hacker. Do this by creating a clear statement of expectations, provided by the organisation or an external auditor. 

Ethical hackers shouldn’t be hired to provide a broad overview of your policies, these professionals  are specialised experts with a deep knowledge of IT security. Instead, ask specific questions like “Do we need to review our web app security?” or “Do our systems require an external penetration test?” 

Before hiring an ethical hacker to conduct a penetration test, businesses should ensure an inventory of systems, people and information is on-hand.   

Instead of hiring, many organisations develop ethical hacking skills in their own businesses by up-skilling team members through ethical hacking courses, like EC-Council’s CEH or the more advanced ECSA.   

Your staff will get the skills they need to conduct ethical hacking activities on your own businesses, finding and fixing security flaws that only a hacker could find.   

Secure your business now 

 

Complex threats -- like rapid IoT expansion -- are set to dominate 2017. To defend your organisation in 2016, you’ll need to think like a hacker. 

Source : itproportal.com

Categorized in Internet Privacy

Last month cybersecurity firm Nuix released The Black Report, a white paper that contains specific tactics used by hackers, cybersecurity experts, and CISO and CSOs to attack and defend systems. The report, dissected extensively by ZDNet, found that some widely used defensive tactics are unreliable and that 60% of hackers are able to infiltrate targets within 12 hours. An additional 81% were able to identify and exfiltrate sensitive data in 24 hours. The research also found that it can take days, weeks, and sometimes months for organizations to detect a discreet intrusion. The current average response time is between 250 and 300 days.

The report was created to highlight the magnitude of modern cyber attacks. "When we decided to write our own threat report we looked at as many other reports as we could," said Nuix's CISO Chris Pogue, "and tried to identify the commonalities that made them look and feel so similar. What we found was that most were limited by the client base of the publishing organization, and all of them looked at the threat landscape from one specific perspective, that of the victim. While this information is useful, it only provides one facet of a multi-dimensional issue. We saw this as an opportunity to provide the market with a different perspective—that of the attacker."

 

The hacker perspective is critically important, agreed Nuix's Principal Security Consultant of Advanced Threats and Countermeasures Thomas McCarthy. "It very much is a cat and mouse game where the attacks try to stay one step ahead," he said.

Pogue and McCarthy spoke with TechRepublic about the The Black Report, effective cybersecurity countermeasures, and the tools hackers use to exploit systems.

nuixblackreport.jpg
Image: Nuix

What are the key takeaways of The Black Report?

The key takeaways are:

  • An amazing 69% of attackers report that they are almost never caught by security teams during their testing. This staggering number is the result of several key failures.
  • The inability [of organizations] to see certain types of attacks. This is due mainly to the failure of security vendors to perform threat modeling and fully understand the stages of an attack—from reconnaissance to final exfiltration.
  • [Organizations are challenged by] a lack of experienced staff tasked with monitoring alerts. In many breaches we have investigated, the security detection technologies properly identified the attack but the human beings whose job it was to act on those alerts failed to recognize them and take action.
  • Most security vendors do not continually analyze attack patterns. Because attack patterns change regularly, [vendors] don't adequately understand the dynamic threat landscape. Meanwhile, attackers regularly identify and use new vulnerabilities, exploits, and malware variants.
  • For security vendors to remain on the bleeding edge of threat detection, they need to research and analyze attack patterns regularly. Nuix does these things every day, thereby enhancing our detection and investigative capabilities. Nuix also conducts regular attack detection and fine tuning exercises to make sure our customers are getting the most out of our products and enabling their security teams to constantly improve their response capabilities. It is only through this marriage of people and technology that companies can hope to defend what is most valuable to them—their data!
  • 50% of attackers change their methodologies with every target. Many security technologies base their detection of breaches around indicators of compromise (IOC). These are sets of behaviors and trails of evidence left behind by previous attacks that the security community has detected and analyzed. When attackers change up their methodologies, it means the evidence generated by those attacks also changes. So, if a security solution only identifies static IOCs—a specific set of unchanging identifiers—our research indicates that they are missing at least half of the attacks.

What are the most effective penetration test countermeasures?

Penetration tests should mimic real world attacks. So, the question should be, "What is the best countermeasure against all attacks?" Talented, knowledgeable, and well-supported staff is the best defense. Many attacks are direct copies, or slight variations of pre-existing attack patterns - the old adage of, "if it ain't broke don't fix it applies here. If you want to protect your organization, you need to know your enemy, know your environment in and out and tailor your defenses to compensate for both. This approach is far more effective than blindly spending millions on products. It's true that people need products to help them scale, and to integrate actionable intelligence into their defensive strategy, but the key is that both are needed. Either one by themselves have proven themselves to be inadequate.

 

What are the most effective social engineering tactics?

The most effective social engineering tactic is the one that works. Attackers have unlimited time to try and can always call more people, send more phishing emails. Phishing is overwhelmingly the most common we see because of ease of creation and use. You can send thousands upon thousands of automated phishing emails and wait for people to open them. With these sorts of attacks, just one person clicking on a link or opening an attachment can provide the hackers with the access they need to establish a beachhead.

istockstevanovicigor.jpg
Igor Stevanovic, Getty Images/iStockphoto

What tools do modern hackers rely on?

There are many tools out there, such as Metasploit, Cobalt Strike, Core Impact, BeEF, and the Burp Suite, just to name a few. Some of these tools are free, and some have a hefty price tag. For the most part, the most popular tools are the ones that are publicly available that hackers use and know well. The good hackers don't need to rely on tools; there are always other methods or techniques that can be used to accomplish similar goals.

What is the state of the cyber-weapon ecosystem?

This is a bit of a difficult question to answer, as it really depends on what you mean by a "cyber-weapon." In the historical sense, this would mean the use of technical means of capabilities to target enemy systems to elicit some sort of desired outcome. This could be anything from malware like Stuxnet to controlling critical infrastructure to disrupting emergency management systems. To hackers, the technical aspects of these sorts of attacks are really no different than harvesting credit card numbers or stealing intellectual property, like drug formulas. There may be some subtle nuances based on the technology of the target systems, but the theory and methodologies used in the attack are no different. This is really more a factor of source and motivation than it is technology.

What does the cutting-edge of malicious code tech look like?

There are no such things as "weapons" per se, although it makes for good media. There are exploits and payloads. Exploits are bought and sold often and payloads are created all the time. [Threat actors have] both of these. Most people can buy either. The only such thing as cutting edge is using ones that haven't been seen or detected before. [Buying and selling occurs] through private contracts between organizations and governments, or simply through the Dark Web that pretty much anyone can get to. It is really only a matter of money.

The game of cat and mouse will continue and techniques and attacks will change with the landscape.

Author : Dan Patterson

Source : http://www.techrepublic.com/article/the-black-report-attacking-your-system-from-the-hacker-perspective/

Categorized in Internet Privacy

60 Minutes showed how hackers only needed a congressman's phone number to record his calls and track his location. The congressman said people at intelligence agencies, who are aware of the SS7 flaw and abuse it, should be fired.

You might know that if a hacker has nothing more than your phone number, then he or she can listen into and record your calls, read your texts, or track your location, but does your grandma know it? That’s what I liked about a 60 Minutes phone hacking segment; it can reach non-security minded audiences who may have thought such a hack could only happen in movies.

If you use a mobile phone, then you use Signaling System Seven, or SS7; “Every person with a cellphone needs SS7 to call or text each other,” 60 Minutes explained. “The SS7 network is the heart of the worldwide mobile phone system. Phone companies use SS7 to exchange billing information. Billions of calls and text messages travel through its arteries daily. It is also the network that allows phones to roam.”

 

Security researchers have been warning about SS7 protocol flaws for years. Granted, most people would not be targeted by this type of attack. Then again, some companies sell “the ability to track your phone number wherever you go with a precision of up to 50 meters” as researcher Tobias Engel pointed out during the 2014 Chaos Communication Congress presentation “SS7: Locate. Track. Manipulate.” Karsten Nohl of SRLabs also presented that year before releasing “SnoopSnitch.” You may remember other times when Nohl revealed vulnerabilities which affected millions of phones.

Some people believe the SS7 flaw has never been fixed “because the location tracking and call bugging capacity has been widely exploited by intelligence services for espionage.” Yet if intelligence agencies don’t want the flaw fixed because they can abuse it for spying, to glean valuable intel from targets, then Congressman Ted Lieu said those people should absolutely “be fired.”

Congressman Lieu agreed to use an iPhone supplied by 60 Minutes even though he knew it would be hacked. He’s no technical illiterate either; he has a computer science degree from Stanford and serves on the House Oversight and Reform Subcommittee on Information Technology. The congressman didn’t have to fall for social engineering or accept a text with an attachment; all Nohl and his team needed was the phone number of the iPhone Lieu was using.

Although “some US carriers are easier to access through SS7 than others,” and the cellular phone trade association told 60 Minutes that “all US cellphone networks were secure,” the hackers were able to intercept and record the congressman’s calls, read his texts, view his contacts and track his location even if GPS location services were turned off.

Nohl explained, “Any choices that a congressman could've made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network.”

When 60 Minutes played a sample of Congressman Lieu’s recorded conversation back for him, it included his colleague saying, “I sent you some revisions on the letter to the N.S.A., regarding the data collection.” Lieu was both angered and creeped out. He said attackers abusing the SS7 vulnerability “could hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute. It could be calls with a bank.” He has received a call from President Obama before when he was using a cellphone and if hackers were using SS7 to listen in, then they would know what was said.

If the SS7 vulnerability has not been fixed because it is a favorite spying tool for intelligence agencies, then the people aware of the flaw should be fired, Lieu said. He added, “You cannot have 300-some million Americans – and really, right, the global citizenry be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data. That is not acceptable.”

Ironically, Australia’s 60 Minutes aired a similar phone hacking segment last year detailing how the SS7 flaw could allow “remote bugging of any mobile phone user’s calls” and included examples of firms which sell such an ability; one example was the US company Verint, which sells SkyLock to “Locate. Track. Manipulate.” The US version did not include a similar list of companies or get the congressman’s opinion on those companies.

Nohl explained that there is “no global policing of SS7” and it’s up to each mobile network to protect their customers. “And that is hard.”

 

John Hering, cofounder of mobile security firm Lookout, told 60 Minutes there are only two types of people . . . those who know they’ve been hacked and those who are unaware they were hacked. “We live in a world where we cannot trust the technology that we use.”

So when will the vulnerability in SS7 be fixed? It’s a question that has been asked for years; beyond false assurances that US networks are secure, all we get in reply are crickets chirping in otherwise silence. If that is because intelligence agencies don’t want it fixed, then let the firing begin.

Source : http://www.computerworld.com/

Categorized in Science & Tech

CNN called Shodan the “scariest search engine on the Internet” in its April 8, 2013 story. Even its name sounds a little intimidating.

While that was three years ago, Shodan has expanded quite a bit since then. For those of you who are still unfamiliar with it, Shodan searches for internet-connected devices across the world. As I’m sure you can guess, that doesn’t only include computers and smartphones. It can find such things as wind turbines, traffic lights, license plate readers, refrigerators, and practically anything else with an internet connection.

If that doesn’t seem like a big deal, here’s the caveat. Many of these devices that we rely on every day have little to no security protecting them. For a hacker, that’s a dream come true (is it not?).

Now, I don’t simply want to repeat old news, but Shodan isn’t the only search engine of its type; there are quite a few others. So I’m going to discuss four other web vulnerability search engines that you may (or may not) be familiar with.

First off, let’s learn a little more about Shodan.

“Sho” Me, Shodan

To reiterate, Shodan isn’t exactly new, but it is constantly being updated. Its name is a reference to SHODAN, a character from the System Shockgame series. One of its top saved search terms is “Server: SQ-WEBCAM,” which reveals a number of IP cams that are currently connected. If you’re trying it out for the first time, use that as your first search and see what comes up.

The main reason that Shodan is considered hacker-friendly is because of the amount and type of information it reveals (like banner information, connection types, etc.). While it is possible to find similar information on a search engine like Google, you would have to know the right search terms to use, and they aren’t all laid out for you.

If you aren’t frightened yet, take a look at this. Another one of the most popular searches is “default password.” This search term finds results with “default password” in the banner information. You would be surprised how many devices are listed. (Hopefully yours isn’t on there. If it is, I’d recommend changing your password.)

Where Shodan becomes really useful is when you look for more specific information. Here’s a good example: do a search for “SSH port:’22’”. You’ll see a multitude of devices that are running on SSH using port 22.

In the results, you can also see the IP address, location, hosting service, ISP, and ports that the device is using.

Usually, Shodan will also reveal a device’s fingerprint, key exchange (kex) algorithms, server host key algorithms, encryption algorithms, MAC algorithms, and compression algorithms (if they exist, that is).

If, by chance, one of your personal devices shows up in a Shodan search, and reveals information you’d rather not have made public, then that’s your opportunity to patch up the holes! For pen testers, this sort of data is just as valuable.

Of course, even for non-hackers, it can just be fun to explore Shodan and see what kind of information turns up.

One of the scarier searches that someone recently shared was “port: ‘6666’’ kiler,” which finds devices infected with the KilerRat trojan.

Credit: 2015 AlienVault 1

KilerRat is a remote access trojan that can do such things as steal login credentials, manipulate the registry, and open a reverse shell, giving the attacker the capability to input commands directly into the system. It also can allow access to the victim’s webcam.

I think I’m going to put electrical tape over mine…now.

PunkSPIDER


At first glance, PunkSPIDER may not look like much (especially compared to a behemoth search engine like Shodan). On the other hand, it has somewhat of a similar purpose.

PunkSPIDER is a global web application vulnerability search engine. The driving force behind it is PunkSCAN, a security scanner that can execute a massive number of security scans all at once. Among the types of attacks that PunkSPIDER can search for include Cross-Site Scripting (XSS)Blind SQL Injection (BSQLI)Operating System Command Injection (OSCI), and Path Traversal (TRAV).

Even if you’re completely unfamiliar with the definitions of these common attacks, you can still use PunkSPIDER, whether for fun or to see if your site is vulnerable. In my experimentation with it, I came up with far fewer results when I scanned specific URLs, as opposed to using generic search terms. (Though it may be that the URLs I selected didn’t happen to be vulnerable at the moment.)

Here’s an example: do a search for “Deepdotweb.com.” The results are as follows:

Bsqli:0 | sqli:0 | xss:0 | trav:0 | mxi:0 | osci:0 | xpathi:0 | Overall risk:0

The first line shows the domain of the result. The timestamp on the second line shows the date and time that the domain was added to PunkSPIDER’s system. On the third line, you’ll see a list of the various types of attacks that it searches for, and whether or not any were found.

In the case of Deepdotweb, all the scan results returned “0.” Well, that’sreassuring, isn’t it, DDW?

 

On the contrary, if you do a more generalized search using terms like “blog,” “social media,” “forum,” or “porn,” you’re likely to come up with hundreds of results – especially if you type in “porn.”

Simply because a URL shows up in the results doesn’t necessarily mean that the site is infected, however. For a more detailed explanation of how you can use PunkSPIDER to your advantage, see PunkSPIDER Search Help.

By the way, out of curiosity, I wanted to see if this worked with sites on the Tor network as well. Although it doesn’t scan all of Tor’s hidden services, if you do a search for “.onion,” at present, you’ll get 588 results. I didn’t take the time to see whether or not they were all infected, but if one of those sites is yours, you may want to check that out.

IVRE

Here’s a little analogy for you: Shodan is to Tor as I2P is to IVRE. In other words, though Shodan is a powerful search engine, and has advanced capabilities, it’s friendlier to a newcomer as well. The same goes for Tor: you could, for the most part, run it and use it without being an IT expert; at the same time, it has options for advanced users.

I2P, as darknets go, is geared more toward experts; even its main console requires basic knowledge of networking. Likewise, IVRE seems as though it’s designed more for hackers, coders, and/or pen testers than Shodan or PunkSPIDER, though hackers could make use of all three.

So what is it? IVRE (Instrument de veille sur les réseaux extérieurs) is a network recon framework. It’s open source, and is written in Python with a MongoDB backend. It uses tools such as BroArgusNFDUMP, and ZMap to return data about internet-connected devices. It can also import XML output from Nmap and Masscan. Though I could go into detail about how each of these tools works, that would encompass a separate article!

The main IVRE site presents results of Nmap active scans that can be filtered with keywords (which is somewhat similar to Shodan.) A few keywords you can try are “phpmyadmin,” “anonftp,” or “x11open.” Searching for “phpmyadmin” returns results for phpMyAdmin servers; “anonftp” looks for FTP servers allowing anonymous access; “x11open” looks for open X11 servers. This may not sound all that revolutionary, but if you take the time to play around with IVRE a bit, you may discover some buried treasures, so to speak.

The search below, for example, shows results for the keywords “phpmyadmin” and “sortby:endtime.”


Obviously, this is just one of many things you can do with IVRE, but I’m trying to keep it simple. If you haven’t already, I suggest you hackers go there and start digging. It may not take long to find some of the “scary” data.

Speaking of which, for those who are interested in finding out more about the technical end of IVRE, they maintain a doc/ folder in their GitHub repository, so you can go into detail about its inner workings. Fork them, I say!

For further reading, you can also check out their blog, but it hasn’t been updated in a while.

ZoomEye


ZoomEye, like its counterparts, finds internet-connected devices and vulnerabilities. You might say, “Yawn…I’ve seen this before,” but before you nod off, let’s investigate.

The mad geniuses behind ZoomEye are some developers from Knownsec Inc, a Chinese security firm based in Beijing. Though its original version (like Shodan’s) was released in 2013, its newest version goes by the name of ZoomEye 3.0. Think of it as the final version of the Omindroid in The Incredibles…but a little less deadly.

Once again, this search engine is much more helpful if you know of specific search strings that can help you find what you’re looking for, but here are a few suggestions:

Apache httpd – finds results for Apache http servers.

device:”webcam” – finds a list of webcams with an internet connection.

app:”TED 5000 power use monitor” – finds a list of The Energy Detective (TED) monitors.

Obviously, there are thousands of other searches you can try, but that’s a good start. ZoomEye, like Shodan, also makes it easy to filter searches by country, public devices, web services, etc. If you have no idea what to search for, the search engine flashes some popular searches on the screen as well.

On occasion, even just searching for a random word that you may not think will turn up anything might have fantastic results. Try typing in “zombie,” for instance. You just may find out how soon the apocalypse will start.

Censys

Last but not least, let’s take a look at Censys. Like its search engine brethren, it’s designed to search for internet-connected devices.

It collects data using both ZMap and ZGrab (an application layer scanner that operates via ZMap), which in this case scan the IPV4 address space.

You can experiment with Censys too and see what data you uncover. Testing it just may make you feel like Darth Vader blowing up Alderaan…well, maybe not that powerful. Here are a few sample searches:

https://www.censys.io/ipv4?q=80.http.get.status_code%3A%20200 – this allows you to search for all hosts with a specific HTTP status code.

You can also just type in an IP address, such as: “66.24.206.155” or “71.20.34.200” (those are fake; I assure you.) To find hosts in 23.0.0.0/8 and 8.8.8.0/24, type in “23.0.0.0/8 or 8.8.8.0/24.”

In addition, Censys can perform full-text searches. If you do a search for “Intel,” it will find any hosts with the word “Intel” in the record; you’ll come up with more than just Intel devices. Like most standard search engines, you can also use Boolean operators like “and,” “or,” and “not.”

 

Again, this may not be the fun stuff, but that’s just to get you started. By playing around somewhat, you could certainly uncover a plethora of valuable data.

Wait…I Need an Instruction Manual

Most of these search engines will require a little practice before they become efficient tools, but even then, they can just be fun to play around with, and see what results they produce.

However, for those of you who are far beyond the beginner phase, any one of these by themselves, or in combination, could prove to be powerful. In particular, I’d recommend these to developers, because they open all sorts of possibilities.

So, if searches like “SMTP server” and “APC AOS cryptlib sshd” make you laugh like a mad scientist, I’d recommend any and all of these search engines to you.

Source : https://www.deepdotweb.com

Author : CIPHAS

Categorized in Search Engine
Page 1 of 2

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media