— From a Department of Homeland Security report about how vulnerable America’s power, water and nuclear systems are to attack. Our question: Paper clip!?
Using only their wits, an extensive list of control systems related search terms, a paper clip, and the Internet-facing device search engine SHODAN, two researchers spear-headed an ambitious effort to compile a list of almost 500,000 devices with predicted control systems impact.
About 7,500 registered attendees of this year’s Black Hat cybersecurity conference got an email similar to the one above.
Obvious phishing scheme right? Actually, no.
Though Black Hat is known for pranks and hacks (they tell you not to use the Wi-Fi under any circumstances at the event, because you will be hacked), the e-mail was actually sent out by a Black Hat volunteer who got a bit ahead of himself on Sunday.
If you watched this video on phishing attacks today, you may have noticed that our security expert, Eric Fiterman, mentioned the username and password of a Gmail account he set up.
Well, that video was taped a month ago, and poor Eric forgot to change his password. (Eric has since changed the password, so if you haven’t tried yet, you’re out of luck.)
Lo and behold, three people tested it out and snooped around in the Gmail account: One from Canada (18.104.22.168), one from Michigan (22.214.171.124) and one from the United Kingdom (126.96.36.199).
Eric wouldn’t be a good security expert if he didn’t get more information about those IP addresses. And what did he find out about the third one?
% Information related to ‘188.8.131.52 - 184.108.40.206’
inetnum: 220.127.116.11 - 18.104.22.168
descr: Houses of Parliament
source: RIPE # Filtered
status: ASSIGNED PI
Looks like News Corp. isn’t the only hacker in Britain. -David