Industry News

Hacker Creates Worldwide Map of Vulnerable Devices

A hacker created a worldwide map of more than 100,000 vulnerable devices after “playing around” with a scripting tool. The “Carna” botnet was named after the Roman goddess that protected inner organs because it was “a good choice for a bot that runs mostly on embedded routers.” Carna ran from June to October last year and was allegedly never detected.

Many of the open machines were based on Linux and allowed login with empty or default credentials. Though the project itself is illegal, the anonymous researcher claims the information may be useful for further study.

Hacker Creates Worldwide Map of Vulnerable Devices
The Carna database is available for download and has 9 terabytes. Source:

“Two years ago while spending some time with the Nmap Scripting Engine (NSE) someone mentioned that we should try the classic telnet login root:root on random IP addresses,” the hacker said. “This was meant as a joke, but was given a try. We started scanning and quickly realized that there should be several thousand unprotected devices on the Internet.”

Though he first talks about collective research, the hacker later admits he was only referring to himself to give depth to the analysis.

“In reality, we is me. I chose we as a form for this documentation because its [sic] nicer to read, and mentioning myself a thousand times just sounded egotistical,” the hacker said. He also claimed he didn’t interfere with the scanned systems, and didn’t change any passwords.

“It’s a bit like he walked down the street, writing down each address then trying the doorknob. If it was open, he went in and convinced whoever lived there to join him in his data-collection quest — and soon his army of helpers had mapped the whole world,” NBC News explained.

About the author


Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.


Click here to post a comment