It all started as a typical workday for Chris Vickery. The director of cyber risk research for UpGuard was performing a typical port scan, which is a computer process similar to knocking on doors to see who is home. It's a routine he does nearly every day in an attempt to see which computers are susceptible to break-ins from hackers.
UpGuard's mission as a cybersecurity startup is to raise awareness of data leaks. Part of that effort included hiring Vickery, who has made news in the last few years for finding a lot of sensitive information available via the Internet. He has found account details for 13 million users of Apple's MacKeeper online, information on nearly every U.S. voter left accessible online by a Republican consultancy and evidence that a New York airport had left highly sensitive files unsecured online for nearly a year.
On the morning of July 1, Vickery was scanning random Internet Protocol addresses through Port 873 when he noticed a pair of hard drives that were accepting connections from the public Internet.
Port numbers are kind of like addresses for those house doors Vickery was knocking on. Most Internet traffic goes through Port 80 or Port 443, which are used for traffic to and from http and https addresses. Port 873 is set aside for an open-source remote file synchronization tool known as Rsync, which is typically used to back up files. Port 873 can be restricted to trusted computers and users by putting up a simple door.
But what Vickery found that day was a pair of backup hard drives that were completely exposed to public Internet traffic. The door was wide open.