Critical infrastructure could be under threat as unprotected systems go online and become discoverable by the "scariest search engine in the world."

Shabon Dangers of a Connected World
A fireball seen across Interstate 77 in West Virginia after a natural gas pipeline exploded in flames near Charleston, last December, setting nearby buildings on fire and injuring several people. (Credit: Reuters)

Most people in the developed world show distain for countries like North Korea who have little or no connection to the outside world. Countries like South Korea and Japan on the other hand are held up as models of 21 century connectivity and the way of the future.

Everything from the temperature in your office to the traffic lights across an entire city can now be controlled from a laptop, which can be located pretty much anywhere in the world as long as it has a decent internet connection.

The problem of course is that the more connected we are the more vulnerable our most critical systems become to attacks from everyone from eastern European cyber-criminals to nation-states looking to carry out cyber-espionage or worse.

Spotting this trend of connecting everything over the internet beginning to take off in 2009, computer programmer and white-hat hacker John Matherly set about creating a search engine which would constantly monitor these connected devices.

Four years later and the search engine called Shodan is monitoring somewhere near 500 million connected devices ranging from printers and webcams to water pumps, power management systems, wind farms and wine coolers in Japanese hotels.

"Scariest search engine on the internet"

Shodan also allows users to filter their searches based on a range of criteria such as location, IP address and even searches which identify those devices with little or no security settings.

Shodan, named after the main antagonist of the cyberpunk-horror videogame System Shock, has been called the "scariest search engine on the internet" but Matherly has said his pet project is about highlighting the problem, not allowing people to take advantage of it.

Since it launched properly in 2010, Shodan has uncovered some worrying lapses of security across a range of devices and industries.

The search engine first came to widespread prominence during last year's DefCon cyber-security conference when independent security researcher Dan Tentler showed how Shodan could be used to access all kinds of vital systems including lighting, fire systems, alarm networks and the power meters of everything from retail stores to huge stadiums.

The majority of connected equipment monitored by Shodan was never designed to be connected to the internet (and doesn't need to be) and as a result the security on them is non-existent for the majority of devices. It means anyone who wanted to connect could do so and begin to cause serious damage.

However Matherly says that the limits he put on the system means it is mostly security researchers, penetration testers and academics make up the vast majority of people using the system. Signing up for a free account will return 10 results per search, while professional accounts give you back 50 results.

As the world moves more and more online, we are likely to see more people trying to leverage these connected systems to cause more damage in the real world.

Last March we saw the first signs of this happening with reports of Chinese hackers attempting to breach the security of US gas pipelines

While using computers to disrupt electrical grids, gas pipelines and covertly spy on people using webcams has been the preserve of science fiction so far, the rise of the nation-state cyber-attack and the huge investment being poured into these operations it is only a matter of time before they become a reality.

Japan South Korea