No Stone Unturned with Shodan, the World’s Scariest Search Engine on the Internet Designed for Hackers and Experimenters
For as long as your internet is connected to servers, webcams, printers, routers and all the other stuff, you can pretty well imagine Shodan has seen its content and presumably accessed it. Suffice to say, the Internet technology has gone creepier by the minute.
"When people don't see stuff on Google, they think no one can find it. That's not true," John Matherly, creator of Shodan, dubbed the scariest search engine on the Internet, told CNNMoney.
In true confirmation to its branding "Expose Online Devices" on its Web site, Shodan essentially leaves no stone unturned in rummaging everything there is that the Internet is connected with.
By description, Shodan was designed to help users locate certain pieces of software, establish the most popular applications, detect anonymous FTP servers, as well as investigate new vulnerabilities and experiment what hosts they could infect.
Essentially, it is a hacker's dream haven and most important tool.
It has accessed traffic lights for an entire city, the controls for a hydroelectric plant in France, security cameras and even home automation systems. Also dubbed the "dark Google," the search engine, so named after the villain in the cyberpunk role-playing games System Shock and System Shock 2, have amassed information on at least 500 million devices monthly since it was launched in 2010.
But what's creepy is that many of the devices that Shodan got into were not equipped to handle hackers. Because it is rarely indexed, many didn't see a need to set up typical security controls. What's worse, many were accessed because of the all too familiar default password "1234."
Mr Matherly said prevailing attitude of connecting systems to the Internet must be already limited. IT departments these days automatically hook up systems to a server, thus rendering both system and devices available - and weak - to anyone with an Internet connection.
"Of course there's no security on these things. They don't belong on the Internet in the first place," he said.
So far, most of Shodan's users were security professionals, academic researches and law enforcement agencies. Account users get 50 results per search while visitors receive up to ten results per search. To get more results, users need to pay a certain undisclosed fee.