Found a Medical Device via SHODAN? Project SHINE search term contribution suggestion
141 views
Skip to first unread message
Shawn Merdinger
Mar 6, 2014, 5:18:33 PM3/6/14
to iamthe...@googlegroups.com
Hi All,
In the event that you encounter a medical device on public IP via the Shodan Search Engine, I encourage you to let Bob Radvanovsky of Infracritcal and Project SHINE know the search term you used so it can be added to the daily run (feed also goes to DHS ICS-CERT). Fwiw, I've found several devices prompting varying levels of concern and believe this is a decent means of letting the right folks gain awareness of the issues.
For more on Project SHINE, please see the following:
About Bob: http://www.infracritical.com/?page_id=20
Cheers,
--scm
Tim West
Mar 6, 2014, 7:34:21 PM3/6/14
to iamthe...@googlegroups.com
This is awesome, thanks!
Jack Whitsitt
Mar 6, 2014, 7:37:34 PM3/6/14
to iamthe...@googlegroups.com
Didn't Bob Rad just end SHINE? Like in the past few days?
> --
> You received this message because you are subscribed to the Google Groups "I
> am The Cavalry" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iamthecavalr...@googlegroups.com.
> To post to this group, send email to iamthe...@googlegroups.com.
> Visit this group at http://groups.google.com/group/iamthecavalry.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Art & Security --> http://sintixerr.wordpress.com
> You received this message because you are subscribed to the Google Groups "I
> am The Cavalry" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iamthecavalr...@googlegroups.com.
> To post to this group, send email to iamthe...@googlegroups.com.
> Visit this group at http://groups.google.com/group/iamthecavalry.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Art & Security --> http://sintixerr.wordpress.com
Jack Whitsitt
Mar 6, 2014, 7:39:26 PM3/6/14
to iamthe...@googlegroups.com
Yeah, it looks like he did (I hit send too fast). See below. A good
question, though, is if he suggests anyone else ("good") who is
collecting that info. I'll send a note to that list...
--
Folks --
I have been thinking of an appropriate way of saying this in as diplomatic
manner as possible, and have determined that simply stating facts is
(probably) the best for everyone.
As of 30-Jan-2014, Project SHINE has been discontinued and shutdown. the
project is no longer collecting data from the SHODAN search engine, and
both Jake and I feel that what information we have acquired thus far is
more than sufficient to present our findings of SCADA/control systems'
devices directly connected to the Internet to the general public.
We will be providing a findings report with redacted intelligence gathered
information as time permits on a date that is to be determined, hopefully
sooner than later.
To date, we have collected upwards of 2M data sets collected from slightly
over 700 search terms from a defined criteria set. This is a staggering
and monumental task of sifting, categorizing, redacting, and providing our
findings in a meaningful and useful manner that many would find informative
for their respective organizations, esp. those asset owners who depend
quite heavily on SCADA.control systems' devices for their automated
operations.
For those who have expressed strong interests in either/both the SHINE
application and/or raw data collected thus far, neither one is available
for public review nor consumption.
Additionally, neither the application nor the raw data is for sale.
Whatever findings we do present, will not identify those asset owners or
organizations whose devices appear to be connected directly to the
Internet. This is a privacy (and perhaps a matter of nation security)
issue, and we feel that providing such raw data publicly would mean
providing data that could (potentially) be "weaponized" for those who may
not have ethical intentions for their use. Therefore (again), none of the
raw data will be provided publicly.
We apologize that the raw data cannot be provided publicly; however, do
know that our findings report will provide some very useful and informative
aspects that (we feel) everyone may benefit (greatly) upon.
Thank goes to those who have supported and contributed to this project, but
at this time, we feel it must be concluded.
Sincerely,
Bob
question, though, is if he suggests anyone else ("good") who is
collecting that info. I'll send a note to that list...
--
Folks --
I have been thinking of an appropriate way of saying this in as diplomatic
manner as possible, and have determined that simply stating facts is
(probably) the best for everyone.
As of 30-Jan-2014, Project SHINE has been discontinued and shutdown. the
project is no longer collecting data from the SHODAN search engine, and
both Jake and I feel that what information we have acquired thus far is
more than sufficient to present our findings of SCADA/control systems'
devices directly connected to the Internet to the general public.
We will be providing a findings report with redacted intelligence gathered
information as time permits on a date that is to be determined, hopefully
sooner than later.
To date, we have collected upwards of 2M data sets collected from slightly
over 700 search terms from a defined criteria set. This is a staggering
and monumental task of sifting, categorizing, redacting, and providing our
findings in a meaningful and useful manner that many would find informative
for their respective organizations, esp. those asset owners who depend
quite heavily on SCADA.control systems' devices for their automated
operations.
For those who have expressed strong interests in either/both the SHINE
application and/or raw data collected thus far, neither one is available
for public review nor consumption.
Additionally, neither the application nor the raw data is for sale.
Whatever findings we do present, will not identify those asset owners or
organizations whose devices appear to be connected directly to the
Internet. This is a privacy (and perhaps a matter of nation security)
issue, and we feel that providing such raw data publicly would mean
providing data that could (potentially) be "weaponized" for those who may
not have ethical intentions for their use. Therefore (again), none of the
raw data will be provided publicly.
We apologize that the raw data cannot be provided publicly; however, do
know that our findings report will provide some very useful and informative
aspects that (we feel) everyone may benefit (greatly) upon.
Thank goes to those who have supported and contributed to this project, but
at this time, we feel it must be concluded.
Sincerely,
Bob
Tim West
Mar 6, 2014, 7:49:09 PM3/6/14
to iamthe...@googlegroups.com
Just seeing the Bob discontinued SHINE note... I retract that awesomeness and replace with frown. :(
Jack Whitsitt
Mar 6, 2014, 7:54:49 PM3/6/14
to iamthe...@googlegroups.com
Yeah, I don't know what's going on with that. It seems a little
dramatic, but I've always thought he and Jake were ratcheting up the
natsec factor around the dataset a little bit too much (since the same
information was available to everyone else already - and few people
would need to wide a net) but I guess having all the data in one place
could save a bad guy a few extra cycles and what they were doing was
still valuable.
dramatic, but I've always thought he and Jake were ratcheting up the
natsec factor around the dataset a little bit too much (since the same
information was available to everyone else already - and few people
would need to wide a net) but I guess having all the data in one place
could save a bad guy a few extra cycles and what they were doing was
still valuable.
> --
> You received this message because you are subscribed to the Google Groups "I
> am The Cavalry" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iamthecavalr...@googlegroups.com.
> To post to this group, send email to iamthe...@googlegroups.com.
> Visit this group at http://groups.google.com/group/iamthecavalry.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "I
> am The Cavalry" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iamthecavalr...@googlegroups.com.
> To post to this group, send email to iamthe...@googlegroups.com.
> Visit this group at http://groups.google.com/group/iamthecavalry.
Shawn Merdinger
Mar 6, 2014, 8:00:17 PM3/6/14
to iamthe...@googlegroups.com
Hi Tim, All,
With that clearly stated, I still encourage everyone, at the least, send to ICS-CERT the search terms for locating medical devices via Shodan. Speaking for myself, I will continue to send to both ICS-CERT as well as to Bob and a very few highly trusted security professionals.
Cheers,
--scm
Reply all
Reply to author
Forward
0 new messages