The personal blog of Alden.
Shodan Stories Day 58: Climbing the Global Cyber Vandalism Ladder in Westminster, Crypto Airdrops, and the Shady Underworld of Monetized Link Shortening Services
Today I felt like going for another hacked website, so I again searched for “hacked by” on Shodan like I did all the way back on day 18.
A Hacked Server on 94.76.219.226 There were so many results, I picked the first one I got, in the UK. It had ftp and ssh running, as well as email and the usual 80 and 443 webservers. It also had a cPanel login page running, cPanel being, in my experience, the most miserable way to run a webhost backend.…
Read more ⟶
Shodan Stories Day 57: Shodaning Myself, Ye Olde Telnet Service, and the Weather Underground
Yes today I Shodaned myself. Nothing shows up for my full name, thankfully, but “alden” has a lot of results.
The Weather Underground on 35.160.169.47 I picked a result in Boardman, Oregon, largely because of how charming it was. It’s just a telnet server, running on port 23 and mirrored on port 3000. You almost never see telnet anymore these days, since it’s been primarily replaced with the much more secure ssh.…
Read more ⟶
Shodan Stories Day 56: Buying Souvenirs in Bethlehem, Schneider Electric spaceLYnk, EXIF Data, and Does It Count as a Pilgrimage If You Are Just Remotely Opening and Closing Gates via a Store's Insecure SCADA System?
I saw a search today for someone looking for spaceLYnk logic controllers, a kind of logic controller for SCADA systems made by Schneider Electric (SCADA, if you remember from day 30, stands for supervisory control and data acquisition).
spaceLYnk SCADA System on 213.6.102.238 There were quite a few results from all over the place, but I noticed that most of them didn’t have visualizations of the system. So I picked one that had the whole system mapped out, in Palestine.…
Read more ⟶
Shodan Stories Day 55: Dancing with Skunks and Annotating Goats in Fremont, Ornamental Hermits, Gopherspace, and the Mysteries of Time
Some Cisco routers say “SAN FRANCISCO” when telneting into them, and so someone had searched for that on Shodan looking for these routers (they say other things too of course, but that’s just an easily searchable commonality). That kind of dragnet obviously pulls in a lot of other stuff too and I was particularly taken with one result.
An Ornamental Hermit on 74.207.243.202 What caught my eye on this IP was that Shodan was indicating that it was running gopher on port 70.…
Read more ⟶
Shodan Stories Day 54: Pumping Your Own in Saint-Denis
I read this old blog post from 2015 talking about how many internet connected pumps at gas stations were vulnerable to hacking. I wanted to see if anything had really changed in the last four years.
Automated Tank Gauge on 81.248.205.246 Based on that blog post it seemed that the best thing to search for was “I20100”. I immediately found several thousand results and yes all of them seemed to be accessible.…
Read more ⟶
Future's Market at the Schemers, Scammers, and Subverters Symposium
This past weekend I was speaking at the Schemers, Scammers, and Subverters Symposium in Portland, OR, and I asked the organizers if I could also run a prototype of my thesis at the event. Obviously I didn’t describe it as such to them, in keeping with the spirit of the event I said that I had a fully polished performance ready named “Future’s Market”. As part of the conference they were also running a market called “The Totally Honest Barter Bazaar”, and they told me I could take up a little corner of the room in order to hawk my wares.…
Read more ⟶
Shodan Stories Day 53: Just an IoT Highway Sign in Los Angeles
I had a red eye flight last night and am deliriously sleepy, and somewhere in this state bubbled up a strong desire to find an electronic highway billboard and read what it said remotely. I read Skyline makes internet connected billboards and use port 161. So I got searching.
A Skyline Sign on 173.4.137.205 Skyline manufactures quite a few different kinds of signs, but all of them are related to car transit.…
Read more ⟶
Shodan Stories Day 52: The Littleborough Losers in Ramsgate, Having a Few Pints with the Lads, Fantasy Football Since 1995, Rick's Footy Challenge, and Wayne Rooney the True Ledge
I saw an amazing search on Shodan today, it was just named “self-explanatory” and the search was just for the word “losers”. How could I say no?
Littleborough Losers on 94.7.201.171 The results were pretty varied, there’s apparently a sex kink that has to do with being dominated and called a loser and so quite a few results were communities related to that, but I found a result in England that more closely fits my particular kink: 90s web design.…
Read more ⟶
Shodan Stories Day 51: Keeping Abreast of the Hyperlocal Weather in Uppsala, Yawcam, and Multinational Pest Control
A quick webcam day as I was busy with a conference most of the day.
A Yawcam on 85.224.37.79 This time I went looking for “yawcam”, a webcam server software whose name stands for Yet Another Webcam. Like most free DIY webcam servers the default seems to be “completely insecure”, and I found quite a few interesting cameras, but chose one in Sweden that was running on port 8888. I love this because this person has so clearly come up with the exact perfect hack for their needs.…
Read more ⟶
Shodan Stories Day 50: Pondering a Loading Bay in Saint Petersburg
To celebrate my 50th day and the fact that there haven’t been any interesting new searches the past few days, I went to find an open RTSP video stream from an IP camera.
Security Camera on 85.143.138.242 Unfortunately after searching for awhile I only found one open stream, from Russia, and it wasn’t particularly interesting. Definitely a warehouse or factory or some kind of industrial building. If only I could make out that sign in the upper corner.…
Read more ⟶