top of page
Search
  • Writer's pictureotw

Shodan: Using Shodan to Find Vulnerable Russian SCADA/ICS Sites

Welcome back, my aspiring cyberwarriors!


As the war between Russia and Ukraine escalates, the risks to the world's peace and prosperity intensifies. Russia has been using cyber war techniques against Ukraine for over a decade and if the sanctions against Russia intensify (their stock market fell nearly 50% on the first day of sanctions), it is likely that the Russian intelligence agencies will begin to use their well-honed skills against the West.






In 2020, the Russian hackers were able to implant shellcode into thousands of key computer systems throughout the US and the world using the Solar Winds update. Many of those implants are still active and can be used by the Russians when they need. An even more worrisome potential event is the potential for attack against the infrastructure of the western European countries and the US.


Russian hackers have developed various malware against these systems including Snake and Triton. The NSA and Homeland Security's CISA have both noted that Russian hackers have been probing various SCADA/ICS systems in the US and the West. If the pressure on Russia becomes unbearable, they could pull the trigger on these systems. The effects could be devastating.


Given the probability of these events, the West can respond in kind. Having probed and tested SCADA/ICS systems for over 10 years, it is clear to me that Russia is prepared for such events. In recent years, the SCADA/ICS systems in Russia have become much more secure, while those in most of western Europe and the US are still largely vulnerable. This doesn't mean that the Russian systems are invulnerable, but they are harder to compromise than the US systems, in general.


In the event of Russian attacks against western infrastructure, I give you a simple tutorial on finding vulnerable Russian SCADA/ICS systems.


More will follow.


Step #1: Open Shodan


The first step is to navigate to shodan.io and open an account. For more on the basics of Shodan, click here.





Step #2: Find Russian SCADA/ICS Sites


SCADA/ICS sites use entirely different protocols than your traditional TCP/IP. There are over 200 different protocols in use in these systems. Although the number of protocols is very large, the most common protocol is modbus. It was the first SCADA/ICS protocol, developed by Modicon (now a division of Schneider Electric) and is the most widely distributed. It uses port 502.


To find modbus-based systems in Russia, we can search using Shodan syntax for port 502 and country code RU


port:502 country:ru




Shodan finds over 1100 facilities using port 502 in Russia. Not all of these will be SCADA/ICS site, but most will be.


In addition to the port syntax, we can search using the name of the manufacturer. For instance, we can search for two of the largest manufacturers of these systems, Schneider Electric and Siemens, using the following syntax.


"schneider"country:ru

"siemens" country:ru






We can even get more specific and look for specific PLC's of an manufacturer such as the Schneider Electric TM221


"Schneider Electric TM221"country:ru



The SCADA/ICS protocol DNP3 is commonly used among the electrical transmission industry. It usually uses port 20000. We can search for facilities in Russia using that port by entering;


port:20000 country:ru


To search for other SCADA/ICS protocols, you can use this table to search for commonly used ports by SCADA/ICS systems.



Summary


The war in the Ukraine has brought to the forefront the risks of cyberwar. Among the greatest risks in this arena are the multitude of infrastructure systems commonly referred to as SCADA/ICS. While attacks against information systems risks the loss or ransoming of confidential data, the risk of attacks against SCADA/ICS systems amount to lives. The loss of electrical, water, sewage and other life supporting systems can be devastating to the civilian population. If the western nations united against Russia apply too much pressure, I believe that Russian hackers will begin their attacks against these systems. Although Russia has done a much better job of securing these systems than the West, they too are vulnerable to attack.


For more on SCADA Hacking and Security, click here.


9,450 views4 comments

4 Comments


astriddavina54
astriddavina54
Jan 03, 2023

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and on whatsapp him on +1262-236-7526...


Like

Hi everyone... I am Mike Luciano and I’m so addicted to winning the lottery. I’ve just scooped my FOURTH jackpot of $1million – taking my total winnings to $4.6million through the help of one legit spell caster named Dr Amber. My first ever win was $100,000. Last year, I won $500,000 from the Pennsylvania state lottery and I also won $3 million in 2016 bringing the grand total of my winnings to $4.6 million. All my winnings have been made possible with the numbers given to me by Dr Amber. I've been so blessed, winning big three times in my lifetime. His spell casting is unique and safe unlike some fake spell casters that are just after your money without…

Like

Hi everyone... I am Mike Luciano and I’m so addicted to winning the lottery. I’ve just scooped my FOURTH jackpot of $1million – taking my total winnings to $4.6million through the help of one legit spell caster named Dr Amber. My first ever win was $100,000. Last year, I won $500,000 from the Pennsylvania state lottery and I also won $3 million in 2016 bringing the grand total of my winnings to $4.6 million. All my winnings have been made possible with the numbers given to me by Dr Amber. I've been so blessed, winning big three times in my lifetime. His spell casting is unique and safe unlike some fake spell casters that are just after your money without…

Like

You can hire Henryclarkethicalhacker for all your hacking needs which include clearing of criminal and driving records, credit hack fix, college grade changes, cloning phones, spying on anyone, hacking all social media accounts, etc,. Reach him via Henryclarkethicalhacker at gmail com,

Text him,, Whatsapp,,+1 8 1 3 4 2 1 1 3 2 6.


Like
bottom of page