On the surface, the internet is one of the greatest human inventions. It has given us the capacity to do things previously unimaginable and has made life so much more convenient. Now it permeates every part of our lives: in society, at work and at home. Yet, underneath its glossy façade, you’ll find it has dark and disturbing catacombs where cybercriminals, demon-like, stalk their unsuspecting prey. Here are some frightening facts from the dark side of the internet.
In the bright, shiny, everyday world, normal people search the internet using search engines like Google. These benign services are designed to find helpful information from websites or other published media like videos, images or documents. They supply us with links where we can visit sites or download the information we want.
There are, however, completely different types of search engines. Ones that aren’t interested in looking for web content what-so-ever. Their aim is to produce lists of devices that are connected to the internet. Today, with the IoT and other connected services, they can discover entire systems. These include CCTV cameras, traffic lights, nuclear power stations, household IoT products, industrial plants, smart motorways and anything else that is connected to the Internet.
Black Magic Tactics
The ability to search the internet for these types of information is achieved by what is known as ‘banner grabbing’. It is a technique that collects metadata transmitted from a server to a client when it uses protocols such as FTP, HTTP, Real Time Streaming Protocol (RTSP), SIP, SNMP, SSH and Telnet. This metadata provides information about a computer system on a network and the services which it runs on open ports. This type of activity is usually done by system administrators on their own networks in order to create a system and service inventory. These search engines, however, collect that data globally and make it publicly available.
What makes these types of search engines useful to cyber criminals and state-sponsored spies is that their results can be filtered to provide a list of specific types of devices, together with their services and software, including their operating systems.
Searches which have been used on one publicly available search engine have been able to discover such things as the command and control system of a science research particle accelerator and a nuclear power plant.
Perhaps more worrying for business readers is that it is possible to search for servers and devices that use default passwords (e.g., 0000 or 1234), and usernames (e.g., admin). Doing so provides an enormous list of results. With this information at their fingertips, all a hacker needs is to be able to access the login page via a web browser.
At the Defcon Cybersecurity Conference, one security expert used such a search engine to access the command and control systems for various IoT devices such as automatic garage doors and smart air coolers. They also discovered a traffic control system for a major city which could be accessed over the Internet and put into testing mode using a basic command.
Why are these search engines available?
Luckily, these types of search engines are mainly used by those trying to make the internet a safer place: security experts, anti-virus companies, penetration testing agencies, university researchers and government agencies like the National Cyber Security Centre at GCHQ. The information they find helps build a better picture of the vulnerable state of today’s internet. It not only tells them what the weaknesses are; it also tells them where. In this way, vulnerable services, such as nuclear power stations can be given the heads up.
However, if the good guys can find the weaknesses, so can the cybercriminals. And they don’t need to rely on these types of search engines, they also have access to botnets that can discover the same information without leaving their dirty fingerprints on the search engine for others to discover.
Protect your system from the dark side
The problem for many organisations is that when they begin to connect their systems via a web server, they do not protect themselves robustly enough from hackers. Often, they unintentionally leave their systems open to anyone with the desire to break in and in doing so share their data, money and intellectual property with the world.
To defend yourself, you need a strong security policy in place which includes a password policy, secure authentication, application updates and patching, firewalls, intrusion prevention, email protection and staff training.
The underbelly of the internet is a dark and mysterious place that most people have no real conception of. However, it is here, where different forms of information are transmitted, that those with less than honest intentions mine the data that helps them prey on unsuspecting victims. Hopefully, this post will have given you an insight into how this is done and how vulnerable it can make unprotected systems.