A hacker created a worldwide map of more than 100,000 vulnerable devices after â€œplaying aroundâ€ with a scripting tool. The â€œCarnaâ€ botnet was named after the Roman goddess that protected inner organs because it was â€œa good choice for a bot that runs mostly on embedded routers.â€ Carna ran from June to October last year and was allegedly never detected.
Many of the open machines were based on Linux and allowed login with empty or default credentials. ThoughÂ the projectÂ itself is illegal, the anonymous researcher claims the information may be useful for further study.
â€œTwo years ago while spending some time with the Nmap Scripting Engine (NSE) someone mentioned that we should try the classic telnet login root:root on random IP addresses,â€ the hacker said. â€œThis was meant as a joke, but was given a try. We started scanning and quickly realized that there should be several thousand unprotected devices on the Internet.â€
Though he first talks about collective research, the hacker later admits he was only referring to himself to give depth to the analysis.
â€œIn reality, we is me. I chose we as a form for this documentation because its [sic] nicer to read, and mentioning myself a thousand times just sounded egotistical,â€ the hacker said. He also claimed he didnâ€™t interfere with the scanned systems, and didnâ€™t change any passwords.
â€œIt’s a bit like he walked down the street, writing down each address then trying the doorknob. If it was open, he went in and convinced whoever lived there to join him in his data-collection quest â€” and soon his army of helpers had mapped the whole world,â€ NBC News explained.