From time to time rumors about a possibility of a massive cyber-attack on Iran, carried by Israel, create a splash of attention in the media. This cyber-attack would have nothing in common with infamous Stuxnet’s attack that was precisely focused on the uranium enrichment facilities. This attack is supposed to be really big and overwhelming. It would disable the electric grid and all communication networks including the Internet, cellular and land-line phones, television and radio. Even though the majority of experts are skeptical about the possibility of the cyber-attack of this scale and magnitude, the possibility of this cyber-attack might be more real than they think.
John Bumgarner, from the U.S. Cyber Consequences Unit, agrees that Israel is very capable, when it comes to cyber-espionage and cyber-war. Still he hasn’t been convinced that a cyber-attack on a nationwide scale is actually possible. Bumgarner would assume a possibility of a successful cyber-attack of this type focused on one city, Teheran for example. Another security analyst Jeffrey Carr doesn’t believe that Israel is capable of shutting down the Iranian power grid. Since each power plant has its own computer network, at first, attackers should map all those networks. In his opinion, it is impossible to create a malware capable of mapping all computer networks before the attack, and then access all industrial computers scattered around the country and to take them over.
At a glance, mapping industrial computer networks that control the power grid of the whole country seems like an impossible task to accomplish. Unfortunately this task is much easier than it looks. Every computer that has an access to the Internet automatically displays identification information about itself, including, but not limited to IP address. Some computers give away more information than others. Often this information consists of a server name and type of operational system software used. Industrial computers are well-known for being unprotected. The majority of them use a hard-core password or no password at all, which makes them the most vulnerable for a possible cyber-attack.
The “map” or to be precise the searchable database of computers connected to the Internet around the globe already exists. This is the web-based search engine SHODAN. It has been around since 2009, and it is constantly updating itself. SHODAN is a different type of a search engine. Unlike Google, Yahoo, or Bing SHODAN doesn’t look for web-sites. Instead it searches for computers. Created by a programmer John Matherly, SHODAN let anyone search for computers connected to the Internet by using key-words. The home page of the SHODAN official web-site invites you to expose online devices such as webcams, routers, power plants, iPhones, wind turbines, refrigerators, and VoIP phones. SHODAN allows searching for computers based on their geographical location, hostname, type of operating system and IP address.
If you are not familiar with what SHODAN has to offer visit its web-site. The procedure of the search is very simple. Enter key-words into the search-box. Restrict your search by the country using a virtual map. Put a checkmark in an appropriate box to choose a type of service such as HTTP, Telnet, ITP or SSH. Now you are ready to narrow your search results down even more by adding more filters. For example, you can search for specific computers in a particular city of your choice. To make everything even easier, for beginners having trouble with key-words, the SHODAN’s home page displays the most popular search queries. For example, “routers that provide admin password” or “find results with default passwords”.
It appears that the virtual world of the Internet is much more organized than we thought. Even more, the world of local computer networks is already mapped out, and finding a geographic location of a particular computer doesn’t look like a problem anymore. The story about the computer worm Stuxnet has not left any doubts that cyber-weapons aimed against industrial control systems exist and are ready to use. That is why the possibility of a massive cyber-attack, which would leave the whole country without electric power and communications, might become much more than just rumors sooner that we think.