The VNC Roulette service is exposing on the Internet thousands of computer systems using insecure and easy to hack VNC connections.
CCTV surveillance cameras, medical equipment, electricity generators, desktops, home alarm equipment and many other systems are not properly protected and open on the Internet.
Now a website named VNC Roulette is offering a ransom access to these computer systems through the VNC software.
VNC is a very popular application that allows remote access and control of desktops over the networks. A lot of people simply use it to remotely access their computer placed elsewhere. Crucially, though, these connections should be secured with passwords and encryption.
The problem is that many VNC connections are not secured with passwords and encryption, allowing the access of criminals and hackers.
The newborn VNC Roulette website is taking screenshots insecure VNC connections, it has already gathered imaged from about 550 systems open on the Internet. It is disconcerting to see people’s privacy violated is no simple way, VNC Roulette reveals users browsing Facebook, accessing personal email accounts, or accessing a SCADA system.
The snaps were taken since 2015, some of them were taken this month and are still up and running.
After the media have covered VNC Roulette, it went off line, but yesterday the service reappeared online.
VNC Roulette demonstrates the importance to properly secure any connection to a system exposed over the Internet. It is very easy for hackers to gain access to systems like the ones captured by the VNC Roulette services.
Don’t waste time, implement a proper authentication to your systems, use strong passwords, only accept connections from certain IP addresses and of course tunnel VNC connections with SSH.
Don’t forget also that crooks have many other ways to locate vulnerable machine over the internet, like the search engines Shodan and Censys.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.