Justin Paine sits in a bar in Oakland, California, searching the internet for your most delicate data. It doesn’t take him long to locate a promising lead. On his laptop, he opens Shodan, an accessible record of cloud servers and other internet-associated devices. At that point, he types the keyword “Kibana,” which reveals in excess of 15,000 databases stored online. Paine begins digging through the outcomes, a plate of chicken strips and fries growing cold next to him.
“This current one from Russia. This present ones from China,” Paine said. “This one is simply wide open.”
From that point, Paine can sift through every database and check its substances. One database seems to have information about hotel room service. In the event he keeps looking further, he may discover credit card or passport numbers. That isn’t implausible. In the past, he discovers databases containing patient information from drug use treatment centers, as well as library borrowing recordsand online gambling transactions.
Paine is a piece of an informal army of web researchers who enjoys an obscure passion: scouring the internet for unbound databases. The databases — decoded and on display — can contain a wider range of sensitive information, including names, addresses, telephone numbers, bank details, Social Security numbers, and medical diagnoses. In the wrong hands, the data could be misused for fraud, identity theft or blackmail.
The data-hunting network is both diverse and global. A portion of its members are professional security specialists, others are hobbyists. Some are propelled programmers, others can’t compose a line of code. They’re in Ukraine, Israel, Australia, the US and pretty much any nation you name. They share a common purpose: impelling database owners to secure your info.
“It’s one of those glimpses of something larger situations,” Hunt said.
To search our databases, you have to have a high resilience for boredom and a higher one for disillusionment. Paine said it would take hours to see if the hotel room service database was really a cache of exposed sensitive data.