22 | November 2016
BY JEREMIAH TALAMANTES, REDTEAM SECURITY
Dorking and Shodan
Electric utilities have a wide range of new cyber threats that require
active planning, from phishing attacks on
employees to advanced malware like Black
Energy to vulnerabilities in their supply
chain. There is one risk that is often overlooked: open source intelligence or OSINT.
OSINT is a term used to describe online
reconnaissance methods used by criminal
hackers to glean highly-sensitive information from a target—like a power grid
operator—without having to actually
break into the computer network. This
information may include data files accidentally uploaded to the public Web, back-end Web pages indexed on public search
engines or industrial control system (ICS)
devices with Internet connectivity.
For cybercriminals, OSINT can be
an easy way to steal information from a
company or to find a
vulnerability that will
enable him or her to
breach the computer
network or industrial
A good example of the
threat posed by OSINT
is the 2013 hack of a
New York dam. In that
case, an Iranian hacker used advanced Web
search techniques to
locate a vulnerable network port on the dam,
which then allowed him
to gain remote access to
its sluice gate controls.
Fortunately, the dam’s
systems were taken
offline for routine main-
tenance, but had they
not been, the hacker might have been able
to sabotage it.
Power grid owners/operators expose
themselves to such risk in a few ways: ( 1)
by allowing ICS devices to connect to the
public Web; ( 2) failing to patch security
vulnerabilities in any system or device
Jeremiah Talamantes managing partner of
Red Team Security, is a cybersecurity advisor to
the energy sector and other critical infrastructure industries. His company provides penetration testing, social
red teaming services to test the
security of power
front-offce computer networks,
systems and physical security protections
against real-world criminal attack scenarios,
ranging from cyberattacks and insider threats
to physical intrusions. Jeremiah has over 20
years of experience in the IT security industry.
He is an adjunct professor at Norwich University
and author of “The Social Engineer’s Playbook:
A Practical Guide to Pretexting.” Learn more at
Visual map of all SCADA systems recognized by Shodan. You can zoom in and click on any of the little dots to find out more
information (ie: IP address, firmware, location, etc).
This screenshot doesn’t show any ICS systems, but illustrates an example of Shodan. This shows
a camera that has been compromised, probably with just default creds, and shows a server room.
Anyone can view the camera.
Two Overlooked Cyber Risks