Tuesday, September 9, 2014

Have You Been VNCeen?

This just in from Lara Lackie at Eskenzi PR:

""Hacker summer camp" has come and gone. The annual pilgrimage to Las Vegas (for events like DEF CON, Black Hat and BSides) makes it pretty clear that what happens in Vegas certainly doesn’t stay there, and this year was no exception. Sometimes these stories become water-cooler chatter. Sometimes they’re recounted in buzzing IRC channels, and sometimes they light up Twitter and even major media outlets.

"One of the stories that had the Internet buzzing was that of "thousands of people oblivious to the fact that anyone on the Internet can access their computers." Oftentimes titles like this wind up being hyperbole, however that isn’t the case here.

"On the Saturday of DEF CON, there was a panel on “Mass Scanning the Internet: Tips, Tricks, Results.” I, unfortunately, didn’t make it in to the presentation, however a short time later the tweets were all over my timeline.

"These tweets showed images of peoples’ home automation systems, people watching movies and (what appears to be) an industrial control system for an ice rink. These are just a few examples, but more and more tweets kept popping up with images like these. Among them were all sorts of things that were likely not meant for the eyes of random Internet onlookers.

"These screenshots were not the result of some crazy 0day-laden hacking spree or the computers of RAT victims. Rather, the screenshots were the result of simply scanning the Internet for VNC (remote viewing/access) servers that didn’t require any kind of authentication.

"In what was hardly a hacker summer camp first, the panelists received complaints that what they were doing was illegal. They responded saying that’s not the case. Lancope StealthWatch labs feel that this is missing the point. The point is that all of these machines are out there for anyone who wants to look. And people DO look.

"Lancope’s StealthWatch Labs has monitored attempted remote admin connections to show that the sort of activity talked about at DEF CON is actually happening all the time.

"They have a full blog post discussing their findings and give advice on what to do in order to reduce the number and quality of opportunities presented to those who might be scanning your network.

"To read the blog in full, please click here."