(Dagbladet): How secure are your photos and documents? Not to mention databases containing sensitive company data or high-tech devices that are connected to the Internet?
In the last few months the newspaper Dagbladet has revealed poor computer security in Norway.
Dagbladet has revealed:
• 290 vulnerable control systems, in banks, schools, nursing homes - and a military camp
• 2048 surveillance cameras in private homes, night clubs, shops and restaurants
• 2500 control systems connected to the Internet with minimal or no security
• 500 of these control industrial or critical infrastructure
• Thousands of data bases and servers that give away content without passwords
Findings are in Norway alone. Your country is likely no better.
Test yourself As a service to its readers, Dagbladet has made it easy to test whether you have information or critical systems accessible to the Internet.
Null CTRL (Zero CTRL):• In a news series, Dagbladet's reporters reveal how failing computer security hits us at home, at work and in the public space.
• Follow our series here: http://www.dagbladet.no/nullctrl/ (Norwegian only)
• See this interactive guide in English - and read also auto-translated versions of our news stories.
• Send your ideas to: email@example.com
• Tweet your opinion: #null_CTRL
The test is set up to automatically check your IP address. In this way you can test your own system, but not your neighbour's.
Dagbladet uses the Shodan search engine to find security holes. Shodan searches devices that are connected to the Internet. Such devices might include servers, control systems, mobile phones or CCTVs.
- Our search function is connected to the Shodan server. We did this subject to an agreement with the founder of Shodan, John Matherly, says editorial developer Ola Strømman.
Guiding The test engine is to be considered a guide and is not a guarantee of complete and full data security. The test engine checks a database where IP addresses have already been checked. This means that the result you get will not change even if you make system changes.
- Even if you are registered with open ports, this is not necessarily an error or a security hole. This may also include equipment that should be accessible, Strømman says.
How it works: There are 65,535 «ports» on the Internet. These are used to identify different computers or programs connected to an IP address and means that one computer could have several programs that are communicating over the Internet at the same time.
Shodan - and Dagbladet - looked at the 33 most common ports.
The test engine indicates open ports and what this could mean.
We suggest that you direct any questions about your IP-address to your network provider.
Selected quotes:Journalist: - You say it does not work. So then, can we be allowed to push this button?
Owner: - No, absolutely not, absolutely not!
- It is not a question of whether we will be exposed to an attack on our infrastructure; it is a question of when. (Chief Commander of the Cyber Military Defense)
- This is such a foolish thing to do, especially after the 22th of July terror. (Politician)
- If anyone would like to blow this factory to pieces - just turn this valve here. (Factory owner)
- Such recordings can easily be used for blackmailing. (Data protection authorities)
- I think this will be the end for my data company. Such a leak is that serious. But, by God I am glad that I was made aware. (Owner)
- Cyber Crime has become a major industry, more lucrative than the drug trade, according to Interpol. Dagbladet therefore makes an important contribution to increasing the security of us all by putting the spotlight on threats that new technology exposes us to. (National Security Agency)