Censys Inc, vendor of the popular Censys internet-mapping tool, has revealed that state-based actors are trying to abuse its services by hiding behind academic researchers.
Censys started life in 2015 as an academic project that aimed to scan the internet and provide data to the research community. In 2017 the project formed a company that now provides a comprehensive map of the internet that it says can help cyber-defenders to find threats and respond before they create a problem.
Universities are being used to proxy offensive government operations, turning research access decisions political
The company continues to provide data to researchers, but in a paper [PDF] it will present at the SIGCOMM conference next week, admits “Equitably operating a research program is more challenging than we anticipated.”
“While it is easy to verify the identity of well-established researchers with a Google Scholar profile or presentations at conferences like Blackhat or BSides, these constitute only a small fraction of requests,” the paper states.
Most requests come from “independent researchers and students who have no public reputation,” the paper states. Censys has therefore established evaluation criteria that include submission of a clear research plan, researchers’ intention to publicly disseminate results, and receiving confirmation that work is conducted independently or as part of a non-profit or academic institution. An internal team reviews applications from researchers and applies those criteria.
But the work isn’t easy.
“Many students lack coherent research plans and without significant back-and-forth, it is difficult to discern between poorly written requests, requests from first-time researchers exploring, and fabricated plans,” the paper states.