Researcher Maps Internet Using Illegal Botnet Study

Researcher Maps Internet Using Illegal Botnet Study

image

According to an anonymous report, some of the internet's most frequent security risks include unsecured modems, routers, and printers.

When browsing the internet, it's always wise to take precautions to protect yourself from malware. Being careful which links you click and having complex passwords are great first steps, but no matter what you do, it seems like viruses keep finding ways to slip through the cracks. According to a anonymous report published online, a hacker has analyzed those cracks with a botnet that probed the entire internet for nine straight months. If the report is authentic, then it would be one of the most comprehensive surveys of internet security ever devised, while ironically being among its biggest breaches.

To his credit, the anonymous researcher seems to have used the botnet, named Carna, solely to contact IP addresses for propagation. "Our binaries were running with the lowest possible priority and included a watchdog that would stop the executable in case anything went wrong," the author writes. "We used the devices as a tool to work at the Internet scale. We did this in the least invasive way possible and with the maximum respect to the privacy of the regular device users."

According to the report, Carna attempted regular contact with 4 billion IP addresses from March to December 2012. Each time Carna encountered a device without account credentials (or used passwords like "root" or "admin"), it copied itself until the botnet was scanning from nearly 420,000 devices. The attached image shows Carna's client distribution during the study period, where it was primarily installed on devices in the US, Europe, and Asia. All told, Carna reportedly discovered a total of 1.3 billion IP address. From those, Carna received responses from 420 million, not counting another 36 million with open ports. Of the unsecured devices, most appeared to house operating systems never intended for internet communication, such as modems, routers, and printers.

"A lot of devices and services we have seen during our research should never be connected to the public Internet at all," Carna's creator writes. "As a rule of thumb, if you believe that 'nobody would connect [that] to the Internet, really nobody,' there are at least 1,000 people who did. Whenever you think 'that shouldn't be on the Internet but will probably be found a few times' it's there a few hundred thousand times. Like half a million printers, or a million Webcams, or devices that have root as a root password."

Thanks to the anonymous nature of the report, it's very difficult to verify Carna's findings without sifting through large portions of the data. That said, the results seem largely consistent with a smaller authorized study by HD Moore, especially in regards to botnet installations on embedded devices. Thankfully, the researcher seems to have good intentions, even repurposing Carna to delete hostile malware it encountered. Still, given how effectively Carna spread, it's probably a good idea to get that printer of yours behind a firewall when you have a chance.

Source: Internet Census 2012, via Ars Technica

Permalink

Quite interesting, not sure what to make of all the info but I do know I'm going to start using more complex passwords from now on.

Also seriously who the hell would use a password like admin or password?

kajinking:
Quite interesting, not sure what to make of all the info but I do know I'm going to start using more complex passwords from now on.

Also seriously who the hell would use a password like admin or password?

A depressing amount of people. People at my work like passwords such as "qwerty" or "12345" or "[name]+[number between 1-3].

What can you do with an unsecured printer?

Houseman:
What can you do with an unsecured printer?

Furthermore, how does one 'firewall' a printer? Unplug it?

Porygon-2000:
Furthermore, how does one 'firewall' a printer? Unplug it?

Attach it to a router with a firewall instead of directly to the internet.

kajinking:
Also seriously who the hell would use a password like admin or password?

That's usually the default username and password on routers and modems (and probably other stuff)...It isn't impossible that you're using that right now. I know I am.

kajinking:
Quite interesting, not sure what to make of all the info but I do know I'm going to start using more complex passwords from now on.

Also seriously who the hell would use a password like admin or password?

a lot of times its the "Default password" that peopel dont bother to change. i didnt change my router pass either, but thats because my router had another second layer password and would only eve accept any configuration when in reset mode (itms impossible to conenct for anything but internet connection in normal work condition), so unles the virus came and pressed a buton on my router, it wont get in.
i always keep ports open, its stupidly annoying having to set up ports for each program and useless in pretty much any case as areal hacker dont care and a poor one wont get past the passwords.

in fact set my router to be a bridge, that is, allow all traffic, ignore any problems. i do my security pc-side.

from that image as small as it is it seems that my country is pretty damn secure. yay people trying to not let neighbor steam thier net?

also only 36 devices actaully let the virus go in? this is shockingly low number of sucesful intrusions considering it ran supposedly "Whole internet".

If this is genuine, then thats some pretty cool data. I also love how England is just one big glow.

On a related note, this article reminds me of this: http://xkcd.com/936/

Strazdas:

a lot of times its the "Default password" that peopel dont bother to change. i didnt change my router pass either, but thats because my router had another second layer password and would only eve accept any configuration when in reset mode (itms impossible to conenct for anything but internet connection in normal work condition), so unles the virus came and pressed a buton on my router, it wont get in.
i always keep ports open, its stupidly annoying having to set up ports for each program and useless in pretty much any case as areal hacker dont care and a poor one wont get past the passwords.

in fact set my router to be a bridge, that is, allow all traffic, ignore any problems. i do my security pc-side.

from that image as small as it is it seems that my country is pretty damn secure. yay people trying to not let neighbor steam thier net?

also only 36 devices actaully let the virus go in? this is shockingly low number of sucesful intrusions considering it ran supposedly "Whole internet".

Congratulations, you have shown how networked printers and webcams end up connected to the internet. Seriously, you should enable the firewall on your router. Unless you are running a mail server or a VPN you are highly unlikely to need to open any ports and there is no harm in there being 2 firewalls. Domestic hardware firewalls allow use of ports initiated from inside the network, so steam, multiplayer and DRM don't need to open ports. If your's doesn't, buy a new one, you will be much more secure.

albino boo:

Congratulations, you have shown how networked printers and webcams end up connected to the internet. Seriously, you should enable the firewall on your router. Unless you are running a mail server or a VPN you are highly unlikely to need to open any ports and there is no harm in there being 2 firewalls. Domestic hardware firewalls allow use of ports initiated from inside the network, so steam, multiplayer and DRM don't need to open ports. If your's doesn't, buy a new one, you will be much more secure.

My router has no firewal, it has ability to block the shit out of everything i want and not want.
My webcam is integrated into a computer and therefore has to pass computer. the printer connects directly adn ONLY to PC.
i have to open new ports for pretty much any program i run online and frankly i got pissed on having to keep opening new ones whneever some server decides that they want to run on unique ports or those programs that randomize port each startup.

i will not be more secure from having a second firewall that does even less than the first one.

Houseman:
What can you do with an unsecured printer?

In laymen's terms, you can monitor and collect all the data sent to the printer, such as secure documents not meant for the public's eye, and then hold the information to blackmail the company or individual. It's not common, but it can happen and I'm sure it would happen more often if more people did the reconnaissance and learned how to attack specific manufacturer's printers.

Porygon-2000:
Furthermore, how does one 'firewall' a printer? Unplug it?

Put it behind a secured router instead of an unsecured one. Or, more effectively, keep it on a separate network to the one connected to the internet, and make sure your VPN is protected by a firewall too.

Porygon-2000:

Houseman:
What can you do with an unsecured printer?

Furthermore, how does one 'firewall' a printer? Unplug it?

...Printers can go online? Why would anyone...well...is this how faxing works now since I don't remember the last time I remember anybody mention fax machines or bring up that they exist?

Strazdas:
i always keep ports open, its stupidly annoying having to set up ports for each program and useless in pretty much any case as areal hacker dont care and a poor one wont get past the passwords.

in fact set my router to be a bridge, that is, allow all traffic, ignore any problems. i do my security pc-side.

from that image as small as it is it seems that my country is pretty damn secure. yay people trying to not let neighbor steam thier net?

A virus doesn't ned to configure your router to get past it! You're full of misconceptions and naivety. Trojan horses, brute force attacks, back doors, worms, FLAME, packet sniffing, you name it, it could get into your computer or fuck your shit up if you leave all the ports open, or entirely rely on security behind your router as opposed to on it.

Strazdas:
My router has no firewal, it has ability to block the shit out of everything i want and not want.
My webcam is integrated into a computer and therefore has to pass computer. the printer connects directly adn ONLY to PC.
i have to open new ports for pretty much any program i run online and frankly i got pissed on having to keep opening new ones whneever some server decides that they want to run on unique ports or those programs that randomize port each startup.

i will not be more secure from having a second firewall that does even less than the first one.

Pretty much all domestic routers have some sort of firewall or another built into it at the firmware level. Almost none actually let you change or configure it, or even make you aware of its presence. If your router give you a log of connections, you'll be surprised how many times it gets pinged by a would-be hacker.

The best thing you've got going for you at this point, is the fact that you're not as juicy a target as, say, Google is to a malicious computer attack. You are, however, still very prone to "wild" malicious programs and code on the internet with no specific direction. Depending on your PC for all of your security is silly.

Once again, in simple terms ports are specific channels for internet traffic to travel through to your computer (TCP/IP). For instance, all the HTTP you see is sent to your computer via TCP port 80. Disable port 80, and you won't get HTTP any more. Firewalls basically shut down ports that aren't required at that moment in time, and open them when they're needed. If you have all your ports open all the time, you're at the mercy of external intrusion. Not even your virus scan would save you then. If your firewall isn't configuring these ports automatically when you use them, then it's either incredibly strict and you're opening yourself up to harm through sheer laziness, or it's incredibly shit and you need to buy a new, working, more secure domestic router.

Huh, from the title I was expecting something something more like this

Fanghawk:
"A lot of devices and services we have seen during our research should never be connected to the public Internet at all," Carna's creator writes. "As a rule of thumb, if you believe that 'nobody would connect [that] to the Internet, really nobody,' there are at least 1,000 people who did. Whenever you think 'that shouldn't be on the Internet but will probably be found a few times' it's there a few hundred thousand times. Like half a million printers, or a million Webcams, or devices that have root as a root password."

You keep the root password, you gunna have truffles.

Bvenged:

Strazdas:
text

A virus doesn't ned to configure your router to get past it! You're full of misconceptions and naivety. Trojan horses, brute force attacks, back doors, worms, FLAME, packet sniffing, you name it, it could get into your computer or fuck your shit up if you leave all the ports open, or entirely rely on security behind your router as opposed to on it.

Strazdas:
text

Pretty much all domestic routers have some sort of firewall or another built into it at the firmware level. Almost none actually let you change or configure it, or even make you aware of its presence. If your router give you a log of connections, you'll be surprised how many times it gets pinged by a would-be hacker.

The best thing you've got going for you at this point, is the fact that you're not as juicy a target as, say, Google is to a malicious computer attack. You are, however, still very prone to "wild" malicious programs and code on the internet with no specific direction. Depending on your PC for all of your security is silly.

Once again, in simple terms ports are specific channels for internet traffic to travel through to your computer (TCP/IP). For instance, all the HTTP you see is sent to your computer via TCP port 80. Disable port 80, and you won't get HTTP any more. Firewalls basically shut down ports that aren't required at that moment in time, and open them when they're needed. If you have all your ports open all the time, you're at the mercy of external intrusion. Not even your virus scan would save you then. If your firewall isn't configuring these ports automatically when you use them, then it's either incredibly strict and you're opening yourself up to harm through sheer laziness, or it's incredibly shit and you need to buy a new, working, more secure domestic router.

Of course it doesnt need to configure it. i never claimed that. i just got tired of having to constantly configure it myself and skipped that part.
No firewall will help you against trojan wall, since it gets in another way. a passive router firewal wont stop it from connecting if itso n your computer either. all of this may just one one of hundreds of ports that are open for computer to pfunction properly (well ok many not hundreds for folks that only play games on PC).
MY router has no log of connections. If it has a firewall that is hidden so well that i cant detect it, then it may as well have none for obviuosly it serves no function. My firewall does have logs and i do know the amount of pingers and have a few more persistent ones blacklisted. funny thing, one of them traces back to my own ISP HQ.
PC is ALL the security there is. no outside firewall will help if your PC is already infected and no otuside firewall will beat the PC firewall if computer is not infected. (lets be clear, were not talking about commercial usage, which is a differente case, but i dont own a server, i own a PC).

My PC firewall does the port handing itself. and it even differenciates the programs, something the router cant. The blocks on router is all manually set up and can only be setup in resert mode (meaning all previuso data is deleted and you set ALL 50 ports all over again every time you want to change anything). router working as a bridge is almost the same as plugging your cable directly into PC, which is what most people do anyway, which leaves security for PC and thats what PC firewall is made for. i want to be able to control my firewall, not have it work against me every day.
Oh and i remember i once tried a firewall that decided that i should not be ablloed to acess internet becasue it found a program acessing internet that i know is safe but gave me no option. unknown program? were shutting down your pc. some go way overboard :D

Strazdas:
snip

Of course it doesnt need to configure it. i never claimed that. i just got tired of having to constantly configure it myself and skipped that part.
No firewall will help you against trojan wall, since it gets in another way. a passive router firewal wont stop it from connecting if itso n your computer either. all of this may just one one of hundreds of ports that are open for computer to pfunction properly (well ok many not hundreds for folks that only play games on PC).
MY router has no log of connections. If it has a firewall that is hidden so well that i cant detect it, then it may as well have none for obviuosly it serves no function. My firewall does have logs and i do know the amount of pingers and have a few more persistent ones blacklisted. funny thing, one of them traces back to my own ISP HQ.
PC is ALL the security there is. no outside firewall will help if your PC is already infected and no otuside firewall will beat the PC firewall if computer is not infected. (lets be clear, were not talking about commercial usage, which is a differente case, but i dont own a server, i own a PC).

My PC firewall does the port handing itself. and it even differenciates the programs, something the router cant. The blocks on router is all manually set up and can only be setup in resert mode (meaning all previuso data is deleted and you set ALL 50 ports all over again every time you want to change anything). router working as a bridge is almost the same as plugging your cable directly into PC, which is what most people do anyway, which leaves security for PC and thats what PC firewall is made for. i want to be able to control my firewall, not have it work against me every day.
Oh and i remember i once tried a firewall that decided that i should not be ablloed to acess internet becasue it found a program acessing internet that i know is safe but gave me no option. unknown program? were shutting down your pc. some go way overboard :D[/quote]

PC firewall is second-line defence, where the router firewall is first. I think your under-estimating the risk you're putting yourself at here by running your router as a bridge (is your PC the only internet device you got?), and I still don't think you understand how ports or firewalls work which is why your putting yourself at a fair bit of risk.

If you do online banking, you're running a huge risk. If you do work from home, you're putting your company at risk, if you value your own privacy, you're putting yourself at risk again. Dude, you shouldn't rely solely on your home PC for the firewall, that's just silly. Plus, ports are tailored to FTP, HTML, HTTP, WWW, etc. A firewall turns them on and off automatically as YOU need them, and a router firewall disregards all broadcast, aimless packets or defunct ports coming in on your PC; something your home PC firewall isn't designed to do. that's the important part. brute force can still get through a firewall, but 2 firewalls on 2 devices designed to work together is a safe way to minimise any future problems.

Fanghawk:
When browsing the internet, it's always wise to take precautions to protect yourself from malware. Being careful which links you click ...

I sense a trap...

Bvenged:

Strazdas:
snip

PC firewall is second-line defence, where the router firewall is first. I think your under-estimating the risk you're putting yourself at here by running your router as a bridge (is your PC the only internet device you got?), and I still don't think you understand how ports or firewalls work which is why your putting yourself at a fair bit of risk.

If you do online banking, you're running a huge risk. If you do work from home, you're putting your company at risk, if you value your own privacy, you're putting yourself at risk again. Dude, you shouldn't rely solely on your home PC for the firewall, that's just silly. Plus, ports are tailored to FTP, HTML, HTTP, WWW, etc. A firewall turns them on and off automatically as YOU need them, and a router firewall disregards all broadcast, aimless packets or defunct ports coming in on your PC; something your home PC firewall isn't designed to do. that's the important part. brute force can still get through a firewall, but 2 firewalls on 2 devices designed to work together is a safe way to minimise any future problems.

The risk being? That somoen attacking me will need an extra effort to go though a device who has no active self defence to reach the device which i actually can control to defend?
The PC is currently the only device connected to the internet. The whole reason i got a router was because dad needed to connect his two and you cant just split cable in two (hehe). the onyl reason router aws needed to begin with was splitting connection.
What huge risk do i run by online banking behind a secure firewall? Sure, it cant be 100% secure, as nothing ever can.
The designated ports are tailored to transfer protocols, yes, msot of my traffic goes via ports of 3000 and above. they are specifically in that range so there is no designation, thats the whole point. A firewall turns them on and off as i need them IF i set it up to do so first. a router does that anyway or does not do that at all. Router gives you no choice beside manual configuration.
And how does brute force goes though a firewall? my firewall simply shuts down all traffic in such attempt (hasnt happened in years, nobody cares).
over 95% of break ins happens due to people downloading a worm/trojan beforehand to begin with, in which case the firewall is worthless, because if you already let it in your nto getting rid of it that easy (assuming it isnt some college project trojan)

P.S. i like your replies, at least you dont come into headbashing as most people do with "You dont know shit your will get haxorz".

Idlemessiah:
If this is genuine, then thats some pretty cool data. I also love how England is just one big glow.

On a related note, this article reminds me of this: http://xkcd.com/936/

It reminded me of a different one http://xkcd.com/1138/ which neatly explains why England is one big glow.

So basically, a mandatory step to creating a better Internet 2.0:

Assume the users are idiots who will fail to adequately secure their devices against unintended third party use, and outlaw creation of devices that do not secure themselves.

Film at 11.

well, i guess that kinda explains why nobody really tries to stop you from entering their devices in megaman battle network

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Registered for a free account here