Can you imagine any one person attempting to collect data from every device in the world connected to the internet?
No. But a man described simply as ‘Mr Moore’, (in fact HD Moore), a computer security researcher from Austin, Texas is reputed to have achieved that very task.
Why? You may well wonder.
Well, he wanted to carry out a survey that would examine the flaws which make us vulnerable to cyberattack.’ And to do it he messaged almost 4 billion Internet Protocol addresses. He got replies from 310 million.
This Story Has Legs
The project was described by Ross McGuiness in Metro (3 May 2013) with the intriguing headline, ‘You’ve got 310 million new messages…..’ He hoped to collect a mountain of data and then go through it to determine the risks that businesses and individuals are prone to.
The man is actually chief research officer at Rapid7, a security company, but he did this in his spare time. He built an automated net scanning system in Chicago which ran for just over a year, gathering some 11 million records each and every day, processed 1000 miles away in Austin.
Each server cost $10,000 and devoured about $200 of power a month each. But the money was not the biggest aspect of undertaking the challenge. It took time to process the 4 billion addresses on IPv4, of which 3.7 billion can be used.
It took a lot of time and energy to handle abuse complaints, too. Many were not happy simply to opt-out, but took issue with someone ‘scanning their networks’ and he received over 3000 complaints ‘phrased as threats.’
Is Anything Actually Safe?
It was soon obvious to him that literally millions of devices are wide open to breaches leading to criminal control of many. Company servers with personal details are especially at risk. The fact that criminals can take over and control certain infrastructures is quite frightening.
‘The software industry’s security track record is poor, with botnets and worms being given space to thrive,’ said Moore.
Traffic lights, road systems, airports, ships at sea, gas pipes and oil platforms are all vulnerable. Moore guessed from his research that at least 100 million directly internet connected devices ‘expose a common security weakness.’
It was the scale, the sheer number of weak systems and their ‘geographical and industrial concentrations.‘ that is alarming. Rapid7 carried out further research and concluded there are hundreds of thousands of ‘vulnerable serial port servers’. Businesses could be hit at points of sale, systems controls, routers, virtual private networks and many Automated Identification systems (AIS) exposing streams to the net are themselves vulnerable to attack, thus compromising systems still further.
McGuiness asked him if highlighting weaknesses didn’t just put ideas in criminal minds? He responded, ‘the challenge of disclosure is balancing the need for public awareness with the chance that the criminal will use the same information.’
He feels organisations must be told, ‘it’s the only way to realistically address the problem.’
Fair point, or not? Do you want to know how vulnerable you are?
Safe, related links:
Cyber Attack in the UK Set to Be the Biggest Growth Industry, 21 January 2013
Another Week, Another Systems Malfunction, 3 July 2012
Personal Data: Government Plans a Rich Harvest, 9 April 2012
The Internet Hides More Secrets than a Magician’s Box of Tricks, 7 December 2011
11 Worst Computer Viruses, Worms and Trojans (So Far), 21 November 2011
Cyber-Crime High on People’s Fear Lists, 8 September 2011
Image:Christian A Diez