2026-06-16 · OSINT
Every day, automated systems scan the entire public internet looking for exposed devices. They don't discriminate between office servers in London and VSAT terminals on a vessel in the South China Sea. If it has an IP address, it gets scanned.
Discovery. Scanners probe every possible IP address on specific ports — 80/443 (web interfaces), 22 (SSH), 161 (SNMP), and manufacturer-specific management ports.
Identification. The scanner interacts with the responding service to identify make, model, and firmware version. Shodan and Censys index these responses.
Targeting. Once identified, the device enters a database accessible to anyone — researchers, competitors, and attackers alike. Default credentials and known vulnerabilities are cross-referenced against the device type.
Your vessels don't need to be specifically targeted. Automated scanning means any exposed system will eventually be found and catalogued. The question is not whether your vessels are in these databases, but what those databases show.
PSC findings: An inspector who knows Shodan can look up your vessel on the spot. This happens.
Insurance implications: Underwriters are starting to check publicly available data.
Business intelligence: Your exposure profile is available to competitors and charterers.
You have two options. Search Shodan manually using your vessel's IP ranges (requires technical knowledge). Or use Shipcrawler — send three vessel names, we search Shodan, AIS databases, and web sources, and deliver a plain-language report.