Censys Reveals Governments Are Exploiting Its Research Program
Censys Inc., the developer of the eponymous internet-mapping tool, has warned of attempts by government entities to exploit its research program under the guise of academic projects. The company is set to present a report at the SIGCOMM conference, outlining the challenges of vetting applications and the evolution of its platform.
Founded in 2015 as a university initiative to analyze online services and provide data to the research community, Censys transitioned into a commercial company in 2017. Today, it builds a comprehensive map of the internet, claiming its datasets enable security professionals to detect vulnerabilities and respond before they escalate into serious threats. Despite this shift toward commercialization, its researcher support program continues to operate—though it now faces formidable obstacles.
The report notes that verifying the identity of established academics, such as those published on Google Scholar or presenting at major conferences like BlackHat and BSides, is relatively straightforward. Yet such applications represent only a fraction of requests. The majority come from students and independent researchers lacking public reputations. In these cases, Censys evaluates submissions based on several criteria: the presence of a detailed research plan, the applicant’s commitment to publishing results, and confirmation that the work is conducted on behalf of non-profit organizations or universities. Final decisions rest with an internal review team that carefully examines each request.
However, the process often proves fraught. Many students submit poorly structured proposals, making it difficult to distinguish between novices and those concealing ulterior motives without lengthy correspondence. Language barriers further complicate international applications, and evidence suggests that in some countries, university affiliations are used as cover for offensive government operations. This renders access decisions inherently political. Moreover, Censys staff have documented attempts to misuse the research program to identify exploitable systems.
To mitigate these risks, Censys has introduced tiered access levels: some users receive delayed datasets or only limited information. Yet even this safeguard has not eliminated difficulties. The report highlights that administrators frequently face aggressive or abusive messages, accusations, and even threats—challenges more akin to the hardships of maintaining large open-source projects than a commercial enterprise.
The report also charts the platform’s growth. In 2015, Censys could detect roughly 275 million IPv4 services; today, its scope has expanded to 794 million. The system’s capabilities for scanning IPv6 and domain-based HTTP(S) resources have also been significantly enhanced. The company emphasizes that its mapping accuracy surpasses competitors such as Shodan, Fofa, ZoomEye, and Netlas. Ultimately, the purpose of publishing this account is to document the history and development of Censys in scientific literature and to draw the networking community’s attention to the pressing challenges that lie ahead.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
