
I scanned Austria - mpweiher
https://blog.haschek.at/2019/i-scanned-austria.html
======
davb
This was a really interesting idea and inspired me to do something similar. I
had some Shodan credits from a Humble Bundle, so searched for all servers on
port 80 in my city. Then I wrote a very simple Python program to screenshot
each of those (using wkhtmltoimage), with 20 concurrent threads.

I didn't stitch the images together and didn't try to login to any of the
sites (that would be crossing a line, and simply mapping geographically local,
public servers seems harmless). Just flicking through the 7,000-ish
screenshots has been pretty fun.

Lots and lots of:

\- router admin panels on the WAN interface. Loads of different brands and
models

\- DVR and NAS units

\- HikVision CCTV (like, hundreds of these - I wonder if they're being used at
local hospitals or city centre surveillance by the police)

\- IIS servers (especially IIS 7)

\- 403s (mostly with the IIS default template)

\- University department and team websites (there are a few universities in my
city so there are lots of these)

Some weird and wonderful personal websites. Lots of one-line jokes just to
fill a space on a public server, presumably. A few wikis.

Overall it's been really fun looking at all the servers that are public but
just not really indexed, physically surrounding me.

~~~
bjoli
I once found a control panel for a power plant in the megawatt range in a
neighbour country. I don't know exactly how powerful since no sane person
would start clicking around, but there was easy access to maintenance things.

I called the Swedish government agency responsible for the same thing in
Sweden and was quickly escalated and ended up with someone who knew what they
were talking about. Hours later the page was down.

I suspect this was the correct path since having a foreign national calling
about "hacking" a mw power plant might have ended with me in trouble.

~~~
davb
Similarly I did come across some water treatment plant SCADA panels in another
country because I didn't limit my Shodan query to my own country. Turns out my
city's name exists in another country where there are a bunch of exposed SCADA
systems with web interfaces... I didn't touch anything but it doesn't seem
very safe.

It does raise the issue of responsible disclosure. I've approached companies
in the past after identifying security flaws and had the whole range of
responses. Thanks for telling us, we'll take it from here. Let us reward you
for telling us. Let us sue you for hacking us... Now it's safer, if less
socially responsible, to stay quiet. ️

------
piokoch
I think soon or later we will need some kind of public institution that will
do this sort of scans; all those unsecured IoT printers, vacuum cleaners,
fridges, abandoned servers, Synology servers, etc. would become a real threat
at some point and the costs of dealing with issues caused by them like
identity theft, false accusations because on someone's server there is child
porn uploaded by a cracker, bot nets will be more costly than having some
institution running routine scans and sending warnings.

~~~
lazyjones
We don't need public institutions. It's the responsibility of ISPs to prevent
security problems, spam zombie servers/appliances etc. in their networks, so
they should perform these scans and warn first, then disconnect customers with
problematic devices.

~~~
evrydayhustling
I like the distributed spirit of this, but it only works where there is
another layer holding the ISPs accountable - whether it's other ISPs or a
government body. Right now their incentives are only to satisfy customers'
perceived needs, which leaves nobody incentivized to prevent endpoint-to-
endpoint harm.

------
simonsaidit
I scanned public writable ftps for months back between 97-99 to distribute
warez. I Think it was those gov ranges that cost me the relationship with a
few ISPs.

~~~
dev_dull
Tell us more (I love to hear things about the wares days).

~~~
simonsaidit
This was for fxp sites. I was a mod on a fxp board. We would make locked
directories eg with deep paths and Lots of Whitespace that ftp clients
couldent handle easy and Hence not Enter without knowing the tricks. Also
using reserved Windows names like aux would prevent owner to delete or even
crash his server trying anything. Later came tricks like undeletable files as
different sites would fight over the same ftps. I did however find a way to
make the undeletable files 0 bytes to reclaim space. Later we just started to
hack servers and install our own protecteed ftp server but by that time i has
moved into the Real scene and running multi TB top rated sites in unis in US,
netherlands and Korea with affiliation to top traders and release groups.
Thats how my programming interrest started being the guy who set up glftpd
servers and bots for IRC. After a few big FBI operations in 99 and 2001 i had
enough excitement and left the scene.

~~~
simonsaidit
Here is a pretty good explaination of how it worked.
[https://www.reddit.com/r/CrackWatch/comments/92uz49/the_ware...](https://www.reddit.com/r/CrackWatch/comments/92uz49/the_warez_scene_how_it_works/)
I have No idea how it is today but back then it was pretty organised. We would
have people funding eg a university apartment and servers and paying for eg
10x100mbit we would Bond or Having direct access to oc connections just so
they could get leech.

~~~
simonsaidit
What it doesnt explain is that this was very hard work to be eg a trader for
top sites near impossible to even get access to one. You would work 8-16 hours
a day to always be ready for a release and then when a release hit your
Heartrate would double as you rushed to transfer files to the sites the
allowed it All of Whom had hundreds of rules and Which you had to know by
heart as the races on the Best sites were over in less than a minute and you
would be lucky to transfer 5x15mb rar. 20-30 times a day you would have this
short but intense moment. If your group dident perform Well it would be
changed for another as top groups were rated against eachother. It became an
addiction. Getting into building sites was much better for my health.

~~~
SSLy
I'm pretty sure that today all trading is automated. And the quality of
releases have also gone (relatively) down - for movies good P2P is better than
any scene pre.

~~~
simonsaidit
It would make sense. Taking on good groups was nessasary to build a good rated
site but it was up to the groups to hand out the slots and you never knew who
you were really dealing with. It could be FBI or some hacker. There was
however scriptet ftp clients but even though they were known many places had a
ban on them and did a client not obey site rules then too many nukes or banned
content would get them kicked off sites.

~~~
SSLy
BTW, nowadays it seems the power is held at least by some degree by the
nukenets

------
DyslexicAtheist
great work. Pretty sure you can find a lot more scary stuff online by looking
for IoT (CoAP, MQTT, etc).

There was a rather scary talk by Lukas Lundgren at defcon 2016 on
unauthenticated MQTT[0][1] ... the things he found exposed were just insane.
He also used MASSCAN[2], a phenomenal tool, which isn't just useful to probe
endpoints but also to actually send payloads (with all its performance/speed
benefits).

[0]
[https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20pre...](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Lucas-
Lundgren-Light-Weight%20Protocol-Critical-Implications.pdf)

[1]
[https://www.youtube.com/watch?v=o7qDVZr0t2c](https://www.youtube.com/watch?v=o7qDVZr0t2c)

[2]
[https://github.com/robertdavidgraham/masscan](https://github.com/robertdavidgraham/masscan)

~~~
achillean
Shodan indexes both MQTT and CoAP if you want to see the current exposure for
those protocols:

[https://www.shodan.io/search?query=CoAP+Resources](https://www.shodan.io/search?query=CoAP+Resources)

[https://www.shodan.io/search?query=mqtt](https://www.shodan.io/search?query=mqtt)

------
moron4hire
It's amazing to me just how much of "security" is an illusion, random
happenstance, and just being really lucky.

Considering how open, exploitable devices like this represent a significant
public risk from their ability to be used to launch attacks on others, it
would seem that it is high time for public regulation bureaus with the
authority to issue shutdown notices and in extreme cases sequester non-
compliant systems. We have radio broadcast regulators that will come
physically to a pirate radio station and shut it down. We have registration
and inspection systems for vehicles running on public roads to ensure a
minimum safety standard. We need to do the same for the public information
network.

------
arendtio
For the screenshot collage, the author might have wanted to compare the
screenshots and double the size of one of them appeared four times, etc.
Similar page would pop-out a bit more (there seem to be quite a few).

------
fitzroy
Webcam with an Orwellian sense of humor.
[https://www.insecam.org/en/view/638839/](https://www.insecam.org/en/view/638839/)

~~~
dmix
Not loading for me. I'm guessing it was overwhelmed by your comment?

~~~
r3bl
It was overlayed with a giant ASCII-art styled to write "1984".

------
dewey
It looks like a lot of the webcams just went down on the first few pages of
that [https://www.insecam.org](https://www.insecam.org) site. Probably the HN
affect giving the back some privacy.

------
igama
Exposed (Open/NoAuth) Databases in Austria: MongoDB: 26 ElasticSearch: 14
Memcached: 4 Redis: 6

Others: Synology DiskStation NAS ftpd: 299

------
butz
What's the best way to inform owner of unsecured device about vulnerabilities
and simple ways to fix them? On printers one could just print out a message,
but what about webcams or home automation systems?

~~~
pmontra
I wouldn't do anything myself, too risky. Printing on somebody's else printer
could get me sued.

What about a state level authority doing this scans, contacting owners, maybe
even fining them? That would be like authorities for food safety, etc. It
would put pressure on manufacturers because people don't want to buy things
that get their owners fined.

~~~
icebraining
What's the reasoning for fining someone for leaving stuff available? Should
self-hosting a site be made illegal? If not, how do you distinguish the two?

~~~
pmontra
Unsecured cameras, internet facing lights, etc. It's not like leaving the home
door open, which harms only me. Those devices can be used to harm others. IMHO
fines for customers will lead to more secure devices, by design.

~~~
craftinator
Ooooo and we can fine them for leaving doors unlocked, and for not being
inside after curfew!

~~~
pmontra
I explicitly wrote this is not the case.

------
astrea
Slightly off topic, but I noticed it in the article. You can run "wc"
directly, you don't need to pipe from cat. Especially since cat on any
sufficiently large file takes quite a while.

~~~
pgeorgi
It's sometimes easier when you're composing command lines: `cat foo | bar` is
easier to transform into `cat foo | baz` (esp. when foo or bar are rather
long).

Also, piping doesn't mean that cat does all its work and only then will it be
passed into wc, cat only acts as a rather tiny buffer.

~~~
pletnes
Just get into the habit of typing < foo bar which is then easier to edit to <
foo baz | grep hamspam.

------
bjoli
Y'all should try to scan a large subnet of an ISP with lots of corporate
clients. You can't imagine how many open (as in r/w access) KNX systems you'll
find. Lights, doors, fire alarms, cameras, thermostats, speaker systems,
displays, HVACs and shutters.

There are too many to responsibly disclose to the parties affected. Some
buildings are so connected one could cause quite a havoc.

------
born2discover
This actually gave me an idea of doing the same in the neighbouring
Switzerland, thanks!

------
Spooky23
I see this as progress. I would imagine that an exercise like this done a
decade ago would be much worse.

~~~
achillean
It's actually getting worse in some ways. We've tracked industrial control
systems connected to the Internet for nearly 10 years now and the number of
them has only ever increased. We're seeing a 10% YoY growth in exposure for
ICS devices despite news coverage, security research etc.

------
shadowashe
you can also checkout app.binaryedge.io for more data like this from other
countries! it's crazy the amount of stuff that is out there. to me the most
baffling is still the amount of DBs with customer information on 'em

------
achillean
For an overview of Internet exposure by country I created a bunch of
dashboards, including Austria:

[https://exposure.shodan.io/#/AT](https://exposure.shodan.io/#/AT)

~~~
sweetcherrypie
This looks really cool, and would probably be cooler if I could understand
what is going on here.

------
praeconium
What exactly are the columns 1 and 2 in csv file?

------
lazyant
There are more Zope servers than IIS servers!

------
I_am_tiberius
Site is offline for me - server not found

------
Joyfield
mb != MB, regarding the screenshot.

