What is Shodan?

EDITOR NOTE: This is Jonny’s 75th post on Technology Bloggers! Jonny was a complete newbie to blogging when he wrote his first post (about prosthetic limbs) but he is now somewhat of an expert – although he probably wouldn’t agree! – note by Christopher

Recently a couple of articles have appeared on large US websites about a type of search engine called Shodan. This search engine has been about for about 3 years, but it is different from Google and its cohorts in many ways. I looked at it and could not understand it at all, so what is it then and why is it causing such concern?

A screenshot of the Shodan website

Expose online devices

I have seen Shodan described as “The scariest search engine on the Internet”. This CNN money article explains that Shodan navigates the Internet’s back channels. It’s a kind of “dark” Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet.

What interest could there be in such capability? Well a lot apparently. The system allows an individual to find security cameras, cooling systems and all types of home control systems that we have connected to the Internet. (See Christopher’s series about his British Gas system here).

One serious problem is that many of these systems have little or no security because they are not perceived as threatened. Shodan searchers have however found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

Hacking apart it turns out that the world is full of systems that are attached via router to the office computer and web server, and on to the outside world. Access for anyone who can find them and might like to turn of the refrigeration at the local ice rink, shut down a city’s traffic lights or just turn off a hydroelectric plant.

The Shodan system was designed to help police forces and others who might have legitimate need for such a tool, but what when it gets into the wrong hands. Security is non existent, just get your free account and do a few searches and see what you find.

See this Tech News World article for a further look at the ethical and practical issues that such a freely available product might bring

Regular readers will be aware of my interest in these types of problems through my work at the Bassetti Foundation for Responsible Innovation. I am not sure how the development and marketing of such a tool could be seen as responsible behaviour, but as I have been told on many occasions during interviews there are plenty of other ways of finding out such things. These types of systems are gathering already available information to make it usable, nothing more, so not doing anything wrong.

Do you agree?

Robotic Warfare

Noel Sharkey is a Professor at Sheffield University in the UK, and he has just written an article for CNN. He is interested in robotics and artificial intelligence, and he is leading a call to ban the development of “autonomous” killing machines.

We might be thinking about a killer robot here, and as many will know there are already plenty of unmanned systems in operation. Drones are very much in the press, but they are flown by a pilot and the decision to kill someone is taken by a human, even if they might be several thousand miles from the action.

But Sharkey is concerned about the future development of systems that can be programmed for a task, but then autonomously make decisions during that task. He does not believe that a computer can make the types of decisions necessary in warfare, or at least not with morality and judgement.

BAE Spider Robot

BAE Spider Robot

There are 2 real sides to the argument about robotics in war. One states that mechanization of warfare would lead to less casualties, more precision, less danger for the troops and all in all a cleaner fight. There would be no more massacres of civilians because a soldier takes retribution for an unrelated attack, fewer accidental deaths etc.

But on the other side we are talking about machines making decisions that should incorporate humanity, such as how many deaths are justified for a particular objective? Is the death of an individual really of strategic advantage? What if the machines malfunction, or are taken over by hackers? Who can be held responsible for their actions? And aren’t we more likely to go to war if we can send machines and leave the boys at home?

All of these arguments are fought over within the robotics community, but we should remember that we have already travelled some way down the road of computerized and mechanized war. Anti aircraft and missile defence as is being deployed in Asia today is no longer a mechanical affair, they are computerized systems that all but fire themselves, and they certainly do not require a person to aim them like in the old films.

Bomb disposal robots, unmanned vehicles and the likes are already deployed, mechanical spider troops that really do bring the idea of cyber war to the modern scenario are under development as this article explains.

One problem is that of foresight, how can we make legislation today when we do not have any real idea of how and how much technology will advance in the foreseeable future. Also this type of robotics often comes from or aids other developments, such as the robot surgical machinery that I reviewed in a previous post. Infiltration and influence is everywhere.

If you would like to get an idea of how far we have come in terms of movement, take a look at this BBC video. A Boston company has produced a robot for military use (testing chemical suits) that moves remarkably like a human.

I have also written a couple of articles covering this issue on the Bassetti Foundation website. Read this article about recruiting robots for combat for an overview and follow the links.

Here you will also find an interview with robotics professor Ronald Arkin in which he describes how looking for funding lead him into designing robots that were paid for by the US military. They are of course the largest investor, a rather sobering thought given the current state of University funding.

Governments using Spyare, but for What?

Last week the New York Times ran an article about some investigative work conducted by a researcher and student in the Toronto and Berkley universities. The two were investigating government use of surveillance software, and seem to have discovered evidence that many governments are using off the shelf software to spy on their own citizens.

And we are not talking about despot regimes here, the list of 25 countries includes Australia, Britain, Canada and the US. The chosen mode of dissemination is typical of virus or spyware spreading techniques, an email is sent to whoever is to be monitored, once opened the software is downloaded into the computer.

In Vietnam the system has been found running on Android phones, so I would say if they can do it in Vietnam they can do it elsewhere.

You are under survelliance poster

You are Under Surveillance

The alarm bells ring if you look at who is being targeted. In some cases political dissidents (as is the case in Ethiopia) receive the emails. Another worrying factor is where the spyware is sent from (IP addresses registered to Turkmenistan’s Ministry for Communication in one case).

The company manufacturing the program is British, and they state that they sell their product to governments to help them crack down on terrorism and organized crime, but the possibilities for abuse are obvious and also demonstrated.

One problem is that the sale of surveillance is largely unregulated. Commercially available software can remotely turn your webcam on and watch what you are doing, record Skype conversations, email exchanges, log keystrokes and look at images inside the machine, practically anything you would like to see you can. Useful maybe in a crime investigation, but a powerful tool in the wrong hands.

If you would like to ponder the matter of ethics in technological development and marketing more, I recently interviewed Chris Howard, CEO of online publisher LIBBOO. They have devised and patented a system of measuring how much influence an individual has upon a group, and which stimuli create and use that influence. In the interview I asked him about the responsibility he holds when his invention gets into the wrong hands, and you can read his response here on the Bassetti Foundation website.

I also have another post about other spyware and monitoring systems that are freely available on the Internet here, although they are toys in comparison to the system described above.

I have deliberately omitted all names above, but the New York Times article contains them all.