The Internet of ... Mainframes?! WTF?

Presented at BSidesLV 2015, Aug. 4, 2015, 2 p.m. (55 minutes).

In early 2013 Soldier of Fortran had an idea. What if there were mainframes on the internet? He knew, of course, there had to be, the internet is just full of all kinds of weird stuff. But what if there's also mainframes on there, what would that mean? What would they look like? Using some google fu he started the hunt, easily finding a handful, then later moving on to SHODAN and finally masscan. Having grown up in the BBS era he was happy to find hundreds of ‘green' screens up and running with their beautiful EBCDIC art for all the world to see. This talk will walk through the story of how he found the mainframes, first by himself and later with the help of others. He'll go through the growth process he went through to find the mainframes and how he helped augment tools like SHODAN to make the hunting easier. He'll detail the tools he wrote specifically to hunt internet mainframes, the troubles he's gotten in to for looking for them (like when someone came up to me after a talk to tell me it was one of theirs) and then provide MANY examples of the the kind of (scary) things he's encountered on the web. He'll also delve into some of the alarming statistics of mainframe security using what he's seen as an example. There may even be some live examples of some of those mainframes.


Presenters:

  • Philip Young / Soldier of FORTRAN - Supreme Commander - Zed Security   as Soldier of FORTRAN
    Soldier of Fortran is a mainframe hacker. Being a hacker from way back in the day (BBS and X.25 networks) he was always enamored by the idea of hacking mainframes. Always too expensive and mysterious he settled on hacking windows and linux machines, until 2010 when he finally got his very own. Not worrying about system uptime he dove in head first and was surprised by what he found. He's spoken both domestically (DEFCON, BlackHat) and internationally on the topic, developed tools for mainframe penetration testing and has even keynoted a large mainframe conferences on this topic.

Links:

Similar Presentations: