A little-known search engine which indexes information on computers attached to the internet is increasingly leaving itself open to be used by hackers as fears about cyber attacks an American infrastructure and banking systems heighten. Shodan, which CNNMoney’s David Goldman calls the “scariest search engine on the internet,” sorts background data on every computer attached to the internet—including industrial control systems and computers embedded in household objects such as televisions and garage doors. The security researcher-oriented site sits at the nexus of the much vaunted “internet of things” and of the start-stop world of public utilities, power plants, and factories whose servers are connected to the internet.
Shodan, which is named after a fictional artifical intelligence in the videogame System Shock, is the brainchild of programmer John Matherly, who first created the site more than 10 years ago as a teenager. Matherly’s creation collects information on more than 500 million connected devices and services each month; site users have found information for nuclear power plant command-and-control systems, control systems for a water park, and servers that control gas stations publicly available on Shodan. The site, which is designed for use by security researchers but can be accessed by anyone, limits searches to 10 results without an account and 50 with an account. Accounts are available on a subscription basis.
The information that Shodan collects is publicly available on the internet and is easily accessible to criminals, intelligence agencies, and foreign militaries with basic community college-level information technology experience.