{"id":121223,"date":"2025-09-07T17:40:05","date_gmt":"2025-09-07T17:40:05","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/121223\/"},"modified":"2025-09-07T17:40:05","modified_gmt":"2025-09-07T17:40:05","slug":"internet-mapping-service-censys-reveals-state-based-abuse-the-register","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/121223\/","title":{"rendered":"Internet mapping service Censys reveals state-based abuse \u2022 The Register"},"content":{"rendered":"<p>Censys Inc, vendor of the popular Censys internet-mapping tool, has revealed that state-based actors are trying to abuse its services by hiding behind academic researchers.<\/p>\n<p>Censys started life in 2015 as an academic project that aimed to scan the internet and provide data to the research community. In 2017 the project formed a company that now provides a comprehensive map of the internet that it says can help cyber-defenders to find threats and respond before they create a problem.<\/p>\n<p>Universities are being used to proxy offensive government operations, turning research access decisions political<\/p>\n<p>The company continues to provide data to researchers, but in a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3718958.3754344\">paper<\/a> [PDF] it will present at the SIGCOMM conference next week, admits \u201cEquitably operating a research program is more challenging than we anticipated.\u201d<\/p>\n<p>\u201cWhile it is easy to verify the identity of well-established researchers with a Google Scholar profile or presentations at conferences like Blackhat or BSides, these constitute only a small fraction of requests,\u201d the paper states.<\/p>\n<p>Most requests come from \u201cindependent researchers and students who have no public reputation,\u201d the paper states. Censys has therefore established evaluation criteria that include submission of a clear research plan, researchers\u2019 intention to publicly disseminate results, and receiving confirmation that work is conducted independently or as part of a non-profit or academic institution. An internal team reviews applications from researchers and applies those criteria.<\/p>\n<p>But the work isn\u2019t easy.<\/p>\n<p>\u201cMany students lack coherent research plans and without significant back-and-forth, it is difficult to discern between poorly written requests, requests from first-time researchers exploring, and fabricated plans,\u201d the paper states.<\/p>\n<p>\u201cWe struggle to process many international requests because of language barriers and mounting evidence that universities are being used to proxy offensive government operations in some countries, turning research access decisions political,\u201d it continues, before observing that Censys staff have recently seen \u201cmalicious actors use the research program to identify vulnerable systems.\u201d<\/p>\n<p>The company has responded by establishing \u201cmultiple access tiers that provide delayed access or access to a subset of data.\u201d<\/p>\n<p>Sometimes the process turns nasty.<\/p>\n<p>\u201cMuch to our surprise, it is not uncommon for researchers to send vitriolic messages, accusations, and, in rare cases, threats,\u201d the paper reveals, noting that such abuse \u201ccan quickly turn program administration into a thankless job, similar to the experiences expressed by open source maintainers.\u201d<\/p>\n<p>The purpose of the paper is to inform the networking and security communities about the evolution of Censys, because the company feels it hasn\u2019t documented its history in research literature. The paper therefore reveals that Censys can now see 794 million IPv4 services, up from 275 million in 2015, and has improved its ability to scan for IPv6 systems and name-addressed HTTP(S) services.<\/p>\n<p>The document also explains how Censys scans the internet, and asserts its data is more accurate than rivals like Shodan, Fofa, ZoomEye, and Netlas. \u00ae<\/p>\n","protected":false},"excerpt":{"rendered":"Censys Inc, vendor of the popular Censys internet-mapping tool, has revealed that state-based actors are trying to abuse&hellip;\n","protected":false},"author":2,"featured_media":121224,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[1638,86,56,54,55],"class_list":{"0":"post-121223","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-internet","8":"tag-internet","9":"tag-technology","10":"tag-uk","11":"tag-united-kingdom","12":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/121223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=121223"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/121223\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/121224"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=121223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=121223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=121223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}