Alden's Blog Home

Shodan Stories Day 56: Buying Souvenirs in Bethlehem, Schneider Electric spaceLYnk, EXIF Data, and Does It Count as a Pilgrimage If You Are Just Remotely Opening and Closing Gates via a Store's Insecure SCADA System?

Posted on Feb 28, 2019

I saw a search today for someone looking for spaceLYnk logic controllers, a kind of logic controller for SCADA systems made by Schneider Electric (SCADA, if you remember from day 30, stands for supervisory control and data acquisition).

spaceLYnk SCADA System on 213.6.102.238

There were quite a few results from all over the place, but I noticed that most of them didn’t have visualizations of the system. So I picked one that had the whole system mapped out, in Palestine. It’s the control system for a building housing a store called Bethlehem Nativity Souvenirs, and, unsurprisingly at this point, I seem to have complete control over the system. I can turn lights on and off, open and close the gate, turn central fan systems on and off.

I’m not doing any of that of course.

These aren’t live camera feeds by the way, they are just image stills. Images taken with a Nikon D7200 Camera on May 8th 2018 between 3PM and 4PM, using a AF-S DX VR Zoom-Nikkor 18-200mm lens. The serial number of the lens is 9418427. Yes I checked the EXIF data, but I was desperate. For you see, even though I know the name of this store, even though I can turn its lights on and off and cause all other kinds of mayhem, I can’t figure out exactly where it is. They have a website. And they have a Facebook page.

And on that Facebook page they have an address, but on Google maps, at that address, there is, well, see for yourself. Yes it is a Bethlehem Nativity Souvenirs store! But it is not the one in the SCADA visualizer, which is clearly a much more recent construction. Nowhere in any of their online presence do they indicate having another shop. The Google street view images are from 2017, so I thought that perhaps they remodeled, but I checked on Trip Advisor reviews of the hotel next door, looked through all of the recent images of the hotel to see if I could spot the store, and yes, as of late 2018 it appears that the store looks the same as it does here.

I also want to point out that this amazing, unique and original cafe is across the street. I fruitlessly searched Google maps for a bit, looking either for it a place that could inhabit this newly renovated building. The closest I got was this building. If you look at it just right, then… maybe? No, it’s pointless. I should just call them.

But speaking to another human? That might be a step too far. Plus, how to explain? See you tomorrow.