Alex Goldman is a producer for On the Media. One time he got run over by a car.
Eireann Leverett and Shodan
Friday, August 10, 2012 - 03:22 PM
This week, I did a piece assessing the risk of "cyberwar," and the concern about so-called “kinetic” cyber attacks - cyber attacks that would cause real-world damage. One of the people I talked to was Eireann Leverett, a security researcher at IO Active. He told me that in spite of the danger it posed, he found more than 12,000 industrial control systems, the kind of systems that control critical infrastructure, connected to the public internet. But how, exactly, did he do it?
Amazingly, Leverett told me that when he had a hard time even starting this project. When he tried to scan for these pieces of infrastructure on the internet, the very act of scanning would cause the computers to crash. Luckily for Leverett, there was SHODAN.
SHODAN (named by its creator, John Matherly, for the rogue artificial intelligence in the video game
Deus Ex System Shock) is like Google for computers. It allows users to search for computers, routers, webcams, smart phones, anything that is directly connected to the internet. Leverett used it to map what are called SCADA systems - systems control industrial equipment, which can mean everything from milking machines to power plants.
In the interview above, Leverett talks about how he found these systems and the effects his research has had in terms of securing vulnerable infrastructure.