Report: Bot Network Has Compromised Thirty Thousand Devices

In a June 8th piece published in the Brookings Institute tech blog, TechTank, University of Washington professor of digital media and global affairs, Philip N. Howard reported on the 2012 efforts of an anonymous researcher to understand just how big the Internet has become.

In order to this, the researcher had to create a bot, named Carna Bot, after the Roman goddess of health and vitality, that would utilize all of the unprotected devices that it encountered. Carna would then replicate herself so that her copies could then help count other devices.

The creation of something like Carna was an immense challenge – she had to be able to gain access to devices without interfering with their function, or slowing down the internet.

And what Carna found was very interesting.

To begin, the botnet did what it was designed to do and spanned the globe, finding 1.3 billion addresses being used by devices ranging from webcams and printers to security systems.

But, more importantly, Howard reports that Carna uncovered two very dark secrets about the Internet and how it works.

First, if someone were able to gain access to the default passwords for pieces of critical equipment in the factories where devices are assembled, they would be able to gain control of “…hundreds of thousands of consumer devices and tens of thousands of industrial devices around the world, from gaming platforms to industrial-control systems.”

That means that, while we’re running around trying to outwit the next and most sophisticated hacking and cyber-crime attempts, simply having a few passwords fall into the wrong hands could compromise the security of a device upon its connection to the Internet.

Even more concerning, though, is Carna’s second finding.

She wasn’t alone.

Carna encountered other unauthorized bots checking for open ports around the globe. Carna
was designed to perform the public service of taking the pulse of the Internet. But she also found a number of other botnets, including a massive, sleeping network of bots called Aidra, which had already compromised approximately thirty thousand devices.

More than just computers and smart phones, Aidra had also gained potential access to a variety of automated devices like gas meters and household appliances. Carna found that Aidra’s bots could attack any of the compromised networks with a DoS attack at any time.

As a further community service, Carna Bot disabled any of the Aidra bots that it found, but the fix is only temporary. The next time that the infected machines are booted up, the predatory bot will be able to have access to them again.

It seems that we’re only scratching the surface in our contemplation of the risks that we encounter when we log in.