Kamerka allows you to see what a hacker is looking at. It draws up maps with SCADA devices, webcams and printers which have been displayed in any particular country on the Internet.
A Polish security researcher has created an open-source intelligence (OSINT) tool to index and locate information on sensitive Internet-connected devices on the map.
The researcher said he developed the tool as a way to encourage organizations to test their networks and identify vulnerable hardware, but it also has its dark side as hackers can make less effort to target organizations than ever before.
Named Kamerka, the software was published last year. The tool works on search queries provided by the client. Kamerka uses the search engines Shodan and BinaryEdge to search for a particular device’s common marks and to graph results on a Google Map.
Although Kamerka searched only for security cameras in its initial version-hence the name of Kamerka-the device has been updated several times last year. Current versions can search and recognize:
- Security cameras connected to the Internet.
- Printers connected to the Internet.
- Internet-connected manufacturing equipment ICS / SCADA.
- Systems and detectors running at the top of the MQTT protocol.
- Devices that relay live video streams based on RTSP.
- Tweets, Instagram posts, and geolocation accurate Flicker pictures.
This information is collected by Kamerka, it is stored in an Elasticsearch server, and put on a Google Map. Users can click and display a tooltip with exposed ports and various other metadata on each system plotted on the map.
Until this week, you can only search Kamerka via a shoddy, hard-to-use Python command-line script.
But the creator of the tool, a researcher named Wojciech, told ZDNet that the tool will be provided with a functional dashboard on the Internet. The new web dashboard, scheduled for release later this week, will make it much easier to download and search Kamerka phones.
Concentrate on Industrial Equipment
The new version would concentrate on the development of the identification of industrial control systems, a sector in which Wojciech made major investments during the last year.
The previous versions of Modbus, Siemas S7, Tridium, General Electron, Bacnet, HART IP, Omron, Mitsubishi Electric, DNP3, EtherNet / IP, PCWorx, Red Lion, Codesys, IEC 60870-5-104 and ProConOS that detect ICS / SCADA systems.
PlantVisor, Iologik, Moxa tools, SpiderControl, IQ3, VTScada, Z-World, Nordex and various fuel tanks can also be included in the new version.
“It’ll be a new intelligence tool to gather information about exposed devices on the basis of your coordinates or a country-wide search for a specific area,” Wojciech told ZDNet.
If that sounds frightful, it’s because it’s frightening. Kamerka allows a user to see what a hacker sees when a target is searched or tested.
It can be used by businesses as a tool for self-diagnosis of their own networks, but it is also a tool that hackers enjoy and are likely to abuse for potential hacking.
In the past few months Wojciech has shown the scarce skill of Kamerka over two blog posts, using resources in Poland, Switzerland and the USA to locate internet connected industrial machinery.
On the basis of a simple search query (as with Niagara Fox devices in the U.S.), Wojciech showed how an attacker could track the equipment from Kamerka in an area he wanted to hack.
Many locations in Kamerka may not be the same as their real locations, but the Kamerka’s metadata may help attackers identify the actual location of a target in a few Gougle searches.
This is because most system administrators often have to handle large numbers of equipment. Instead of using numeric values to classify hardware, building names and full addresses are often used to provide as accurate descriptions as possible.
A device attacker can, for example, click on device icons, obtain metadata for a device, then search for various terms such as factory names or street names to locate a real-world target location, along with Google Maps and even street view images.
This information was also available previously on Shodan or BinaryEdge, but you would only find this when searching for a specific IP address. All this information is available on a map with Kamerka.
In recent years, plants, power plants and other critical infrastructure organizations have exposed an increasing online attack surface.
Attackers have compromised nuclear plants, electricity grids, dams, hospitals, government agencies and military targets, just to name a few.
It often took days or weeks to plan attacks. Planning an attack would only take a few minutes with a device like Kamerka. A few searches could allow an attacker to identify an target in a certain area, unpatched devices (Shodan lists unpatched ports and vulnerabilities) and start attacks that take the vulnerable device.
Those methods are no longer hypothetical. In August, Microsoft warned that Russian State-sponsored hackers were used as entry points for organizations using intelligent devices such as printers and video surveillance recorders.
However, the only thing that organizations fear should not be nation-state hacking groups. Wojciech warning that ransomware gangs can also be used as entry points in vital goals to hack smart devices on the Internet in a similar way.
Kamerka has certainly made their work much easier.
“I know that taking over the entire power plant is not an easy job, but it can start with minor misconfiguration, such as exposure of devices on the Internet, using default credentials, or using other vulnerable software,” Wojciech says.