More Exposure to SCADA Devices Through Shodan

Sunday, January 22, 2012

Bob Radvanovsky

5cbe1364caf51f95cac6484a832d66d0

Wile I am certain that the majority of this membership knows what Shodan is and represents, honestly, they represent something slightly more than an automated port scanner, reporting back on some of the more common open ports (HTTP, SNMP, telnet, etc.) that appear to be "pingable" throughout the Internet. 

In a recent email sent by (kudos once again goes to...) KF on recent postings on the "pastebin.com" web site by yet-another-hacker group calling themselves "#ntisec", posted web site URLs of what appears to be embedded devices.

It should be interesting to note what these devices they (#ntisec) are providing represent: building automation controls. Yes, another form of "SCADA".

There are some smart meters from several known manufacturers sprinkled into the mix, but overall many of the devices' URLs look like they may be HVAC or environmental controls.  

Without knowing more, or going into further investigation about these devices, the question is whether the URLs being provided are simply "informational only", or do in fact, provide C&C functions to environmental controls of their designated owners.

One thing that appears to be a common factor is that majority of the URLs provided are utilizing the "Niagra AX" framework (http://www.niagaraax.com/cs/products/niagara_framework), which is owned and operated by "Tridium".

This appears to be a software development framework utilized for embedded or "smart" devices.

According to Tridium's main web page of their web site, they have *almost* 300,000 embedded devices utilizing their "Niagra" software (http://www.tridium.com).

Shown below are the URLs specific to this recent rash of recently discovered embedded device URLs:

Though not directly related to this discussion, this URL was mentioned in the third "pastebin.com" URL, and compliments activity in trying to understand environmental control systems:

(dated 18-Jan-2012)

Cross-posted from the SCADASEC Mailing List

Possibly Related Articles:
8650
Network Access Control SCADA
Industrial Control Systems Information Security
SCADA Shodan Vulnerabilities Scanners Network Security ICS Smart Meter Pastebin Industrial Control Systems Open Source Intelligence Bob Radvanovsky Niagra AX Command and Control Smart Devices SCADASEC Mailing List Embedded Device
Post Rating I Like this!
C9e1c731384c7e3b1cd9f350b6ef519d
Mike Dell Please note, ntisec is not a group. He identified himself as an artist (no IT expert) with currently too much free time.
1327435909
5cbe1364caf51f95cac6484a832d66d0
Bob Radvanovsky I'm sorry that I missed that -- you're right. Nonetheless, the fact that SCADA and ICS equipment vulnerabilities, exposures, disclosures, etc. are increasing is not a very comforting thought. Thanks for the correction!
1327441013
C9e1c731384c7e3b1cd9f350b6ef519d
Mike Dell IMHO it's even less comforting when someone with little in-depth knowledge can do this.
1327528250
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.