VNC Roulette allows you to randomly view insecure desktops accessible over the internet
Recently, a new website has come up on the Internet, which allows visitors to view random screenshots taken off computers that were not properly secured and are available via the Internet.
The website, called VNC Roulette, has given a whole new meaning to the “open” internet, which contains thousands of screenshots of various types of systems, ranging from FreeBSD to the latest Windows 10 devices.
All these desktops have something in common: they are running VNC, an open-source software that allows users to remotely access and control a desktop from anywhere else in the world without requiring a password. But if VNC is set up without a password, anyone can browse the web and access an unsecured computer.
The person behind VNC Roulette wanted to create a collection of insecure computers that can be accessed freely via the Internet. Revolver, the moniker he goes by (and not his real name), is a Morocco-based grey-hat hacker who got more than he asked for. His discovery includes desktops where he found users reading email or browsing Facebook, CCTV systems, terminals for medical devices, or industrial-grade machinery.
“This is deep f**k,” he said in a message. “We had access to sysadmins boxes, big machines with sensitive data. There is no security at all.”
Revolver designed a script that steered through IP addresses and chose ports on his own server, which tries to connect to unsecured servers through a web-based VNC viewer. The script will connect and seize a screenshot, if the script finds an available connection without any validation; otherwise, the script will kill the session and move to a different IP address.
Currently, he has about 23 gigabytes of screenshots saved after thousands of successful connections. From the time the website started, it has around 500-600 screenshots; however, it went down to around 200, as it looks like that some where taken down so he won’t “get in trouble,” he said.
Revolver quickly realized he had thousands of desktops — Windows, Macs, and even Linux machines — and hundreds of screenshots of possibly highly-sensitive supervisory control and data acquisition (SCADA) systems, which are particularly used in industrial facilities.
He described that his unrestricted access to thousands of desktops is “not a configuration issue” or an error or susceptibility in how VNC is designed. It’s the outcome of users’ total neglect for using a basic security setting.
“Once you install a VNC server, it will pop a f**king big interface or message saying you should make a password for security. And [most people] don’t make that password,” he said.
Maybe surprisingly, accumulating screenshots of thousands of remotely-accessible desktops isn’t a new idea, and it isn’t difficult for the low-grade hacker to do, either.
Shodan.io, a search engine for internet-connected things, brings internet webcams and open-port servers and other computers onto a single page. It’s condemned by some, but others have said it’s the “absolute example” of what can happen when devices with poor security come in our daily lives.
Hundreds if not thousands of different screenshots can be thrown back with one cursory search of a common VNC port (5900 or 5901), which you can map through geo-location.
Revolver would “start a f**king internet revolution” behind the people who leave their VNC-enabled machines unprotected. He said that the danger to those systems and the consequences of causing damage are intense.
He added that all it requires is to “focus on the SCADA systems, and [you can] start a new war against a country.”