Mapping the Internet: A Hacker's Secret Internet Census

Ocky · Mar 23, 2013

Mapping the Internet: A Hacker's Secret Internet Census

Somewhere on this planet there is a hacker whose emotions are likely shifting between pride and fear. Pride, because he managed to do what no one else has managed. And fear, because it was illegal in almost every country in the world.

This person measured the Internet -- the entire public network as it appeared in 2012. To achieve this Herculean task, the hacker illegally used a tool that utilized others' computers across the globe.

The anonymous person simply wanted to find out how many devices that were online could be opened with the standard password "root," he writes in a kind of research report on the project, entitled "Internet Census 2012." The result was the discovery that there are hundreds of thousands of devices secured only with the most common standard password, or without any password at all.
Click to expand...

Surely he would need more than just user=root or admin. What about the password ? i.e. you might have root or admin as user, but have changed the default password.

chrisretusn · Mar 23, 2013

That was an interesting read, especially the paper. Link is in the article.

Ocky · Mar 23, 2013

My Netgear router only allows changing the password, not the user name, which is admin. I suppose Netgear think that is good enough.

Gullible Jones · Mar 23, 2013

Wait, it says in the article that (s)he hacked into devices that were not secured with a password, no? i.e. default username and bad password. Or am I missing something?

BrandiCandi · Mar 23, 2013

Ocky said:

Mapping the Internet: A Hacker's Secret Internet Census

Surely he would need more than just user=root or admin. What about the password ? i.e. you might have root or admin as user, but have changed the default password.
Click to expand...

If you changed the password to anything but the default then this project did not try to break in. It was only targeting default usernames and password combinations, of which there are an astonishing number.

Hungry Man · Mar 23, 2013

The hacker wanted to ensure that his illegal research project did as little damage as possible. "We had no interest in interfering with default device operation so we did not change passwords and did not make any permanent changes," he writes. "After a reboot the device was back in its original state including weak or no password with none of our binaries or data stored on the device anymore." The botnet also uploaded a file to each device with information on the project and a contact email address "to provide feedback for security researchers, ISPs and law enforcement who may notice the project."

The planted software was created to be undetectable and use as few resources as possible. "We did this in the least invasive way possible and with the maximum respect to the privacy of the regular device users," the hacker writes.

The hacker also says that he removed a criminal botnet called Aidra from many of the devices that Carna took over. Carna blocked Aidra from all of the devices that it was present on -- but only until the next restart.
Click to expand...

Very cool.

BrandiCandi · Mar 23, 2013

Hungry Man said:

Very cool.
Click to expand...

Even cooler is the researcher made all the data collected available to everyone.

Log in or Sign up

Mapping the Internet: A Hacker's Secret Internet Census

Ocky Registered Member

chrisretusn Registered Member

Ocky Registered Member

Gullible Jones Guest

BrandiCandi Guest

Hungry Man Registered Member

BrandiCandi Guest

Log in or Sign up

Mapping the Internet: A Hacker's Secret Internet Census

Ocky Registered Member

chrisretusn Registered Member

Ocky Registered Member

Gullible Jones Guest

BrandiCandi Guest

Hungry Man Registered Member

BrandiCandi Guest

Useful Searches