The Carna botnet, more formally known as the Internet Census 2012, an unnamed investigator had discovered more than 420,000 devices that were accessible online with default credentials, uploaded a small binary to those devices and utilized them to carry out a scan of the IPv4 addresses.
Questions about the ethics and legality of the project quickly surfaced, as did the realization that there was a massive amount of data waiting to be analyzed, and potentially millions of vulnerable enterprise network devices, industrial control systems and home networking gear that needed patching.
said Michael Mimoso of ThreadExpert.
Parth Shukla, a Info Security researcher presented his research last week at an AusCERT event in Australia. He was also the first to analyze this data, consisted of a 910 MB uncompressed file. The data was approximately 1.2 million lines of information.
“I heard about the project about a week after it was published and my first thought was that this was a historic moment because we had captured the state of the Internet at the end of IPv4,” Shukla said. “That was my first reaction, that it was awesome. The information is out there; the bad guys know it and are using it, let’s do something with it.”
“Of the 1.2 million devices, more than half are in China (57 percent),” Shukla said, adding that he understands his analysis could make China a target. But with tools such as the Shodan search engine that accomplish the same thing coupled with the realization that most of the devices in the Carna report are likely owned that it was imperative to share the analysis. “That’s an important figure to pitch at people. Fifty seconds and we have a device with a default credential over Telnet; admin/admin and you’re in.”