Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Internet Accessible ICS in Japan (English)

Dale Peterson of Digital Bond gathered reports and examples from Shodan researchers to quantify and describe ICS devices that are connected to the Internet in Japan. It is not a small number and some of the examples are compelling.

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

  • Gehören Sie zu den Ersten, denen das gefällt!

Internet Accessible ICS in Japan (English)

  1. 1. Internet Accessible ICS in Japan Dale Peterson Digital Bond, Inc. peterson@digitalbond.com Twitter: @digitalbond
  2. 2. Is Internet Accessible ICS A Problem? • To critical infrastructure and society in general? – In the US, no – In other countries, some yes and some no • Hydroelectric Dam in France – In Japan, needs further investigation, but likely no • To individual companies – Yes, clearly YES – In the US, in Japan and everywhere in the world – Insecure by design ICS connected to the Internet can be exploited. Only limit is the input/output.
  3. 3. Scanning the Internet for ICS • You can use or build your own scanner – Example: Project Redpoint discussed yesterday • You can use a search engine for Internet connected devices … Shodan – http://www.irongeek.com/i.php?page=videos/showme con2014/1-10-inside-the-worlds-most-dangerous-search- engine-john-matherly – HD Moore’s Project Sonar – Project Shine – Private efforts
  4. 4. Shodan “I crawl the Internet every month” “Modeled the output after Google Maps” “Tracking 550 million devices” John Matherly http://www.irongeek.com/i.php?page=videos/showmecon2 014/1-10-inside-the-worlds-most-dangerous-search-engine-john- matherly
  5. 5. https://ics-radar.shodan.io/
  6. 6. https://www.shodan.io/report/wKyGlXWq
  7. 7. Searching Banners • Many ICS devices have web, ftp, ssh, snmp and other IT protocols that Shodan searches • Create a search string and find devices
  8. 8. Combining Search Techniques • EtherNet/IP search identified a device in Japan – But no useful information came back • A secondary search of the IP address found an FTP server and banner – It’s a Yokogawa device, Data Management Device for a paperless recorder • The FTP server allowed anonymous FTP – PERL Data Language file (PDL) – Data Display File (DAD)
  9. 9. Further Analysis • PDL files has names/email addresses – Belongs to major energy and mining company – Could use these emails in spear-phishing attack • Tags / Points – ST1,沈砂池川側水位 – ST2,沈砂池山側水位 – ST3,三号開渠水位 – ST4,川側レーキ電流
  10. 10. Let’s Find Some CC-Link • CC-Link originally developed by Mitsubishi and is widely deployed in Japan – Now a standard run by the CC-Link Partner Association • CC-Link IE does not use IP (or even Ethernet) • So you can’t use Shodan to search directly for it
  11. 11. Maybe There Is A CC-Link Gateway Anybus
  12. 12. https://www.shodan.io/search?query=Anybus+country%3Ajp
  13. 13. What Should You Do? • Asset Owners – Search Shodan for your IP address space • Vendors – Search Shodan for your products – A nice service for your customer • Industry Group(s) / CERTS / Others – Find ICS assets on the Internet and notify owners
  14. 14. Thanks • John Matherly and Shodan • Eireann Leverett – http://www.digitalbond.com/blog/2012/02/09/s4- video-denial-of-surface-ics-on-the-internet/ • Stephen Hilt • A number of anonymous researchers
  15. 15. Questions