A Hacker created a worldwide map of more than 100,000 vulnerable devices after “playing around” with a scripting tool. The “Carna” botnet was named after the Roman goddess that protected inner organs because it was “a good choice for a bot that runs mostly on embedded routers.” Carna ran from June to October last year and was allegedly never detected.
Many of the open machines were based on Linux and allowed login with empty or default credentials. Though the project itself is illegal, the anonymous researcher claims the information may be useful for further study.
The Carna database is available for download and has 9 terabytes. Source: http://internetcensus2012.bitbucket.org/paper.html
“Two years ago while spending some time with the Nmap Scripting Engine (NSE) someone mentioned that we should try the classic telnet login root:root on random IP addresses,” the hacker said. “This was meant as a joke, but was given a try. We started scanning and quickly realized that there should be several thousand unprotected devices on the Internet.”
Though he first talks about collective research, the hacker later admits he was only referring to himself to give depth to the analysis.
“In reality, we is me. I chose we as a form for this documentation because its [sic] nicer to read, and mentioning myself a thousand times just sounded egotistical,” the hacker said. He also claimed he didn’t interfere with the scanned systems, and didn’t change any passwords.
“It’s a bit like he walked down the street, writing down each address then trying the doorknob. If it was open, he went in and convinced whoever lived there to join him in his data-collection quest — and soon his army of helpers had mapped the whole world,” NBC News explained.