Carna botnet explained

The Carna botnet was a botnet of 420,000 devices created by an anonymous hacker to measure the extent of the Internet in what the creator called the “Internet Census of 2012”.

Data collection

The data was collected by infiltrating Internet devices, especially routers, that used a default password or no password at all.[1] [2] It was named after Carna, "the Roman goddess for the protection of inner organs and health".[3]

Collected data was compiled into a GIF portrait to display Internet use around the world over the course of 24 hours. The data gathered included only the IPv4 address space and not the IPv6 address space.[4] [5]

The Carna Botnet creator believes that with a growing number of IPv6 hosts on the Internet, 2012 may have been the last time a census like this was possible.[3]

Results

Of the 4.3 billion possible IPv4 addresses, Carna Botnet found a total of 1.3 billion addresses in use, including 141 million that were behind a firewall and 729 million that returned reverse domain name system records. The remaining 2.3 billion IPv4 addresses are probably not used.[6]

An earlier first Internet census by the USDHS LANDER-study had counted 187 million visible Internet hosts in 2006.[7] [8]

Further implications

The data provided by the Carna botnet was used by security researcher Morgan Marquis-Boire to determine in how many countries FinFisher spyware was being used. The use of such legally-gray data to conduct open source analysis raised questions for some, but Marquis-Boire expressed a belief that data is data. "I consider this more like rogue academia rather than criminal activity," he told Wired Magazine.[9]

Number of hosts by top level domain

Amongst other, Carna Botnet counted the number of hosts with reverse DNS names observed from May to October 2012. The top 20 Top Level Domains were:

Number of hosts[10] Top Level Domain
align=right 374,670,873 align=center .net
align=right 199,029,228 align=center .com
align=right 75,612,578 align=center .jp
align=right 28,059,515 align=center .it
align=right 28,026,059 align=center .br
align=right 21,415,524 align=center .de
align=right 20,552,228 align=center .cn
align=right 17,450,093 align=center .fr
align=right 17,363,363 align=center .au
align=right 17,296,801 align=center .ru
align=right 16,910,153 align=center .mx
align=right 14,416,783 align=center .pl
align=right 14,409,280 align=center .nl
align=right 13,702,339 align=center .edu
align=right 11,915,681 align=center .ar
align=right 9,157,824 align=center .ca
align=right 8,937,159 align=center .uk
align=right 7,452,888 align=center .se
align=right 7,243,480 align=center .tr
align=right 6,878,625 align=center .in

See also

External links

Notes and References

  1. News: Stöcker . Christian . Horchert . Judith . Mapping the Internet: A Hacker's Secret Internet Census . Spiegel Online . 2013-03-22 .
  2. News: Kleinman . Alexis . The Most Detailed, GIF-Based Map Of The Internet Was Made By Hacking 420,000 Computers . Huffington Post . 2013-03-22 .
  3. http://internetcensus2012.bitbucket.org/paper.html Internet Census 2012: Port scanning /0 using insecure embedded devices
  4. News: Read . Max . This Illegally Made, Incredibly Mesmerizing Animated GIF Is What the Internet Looks Like . Gawker . 2013-03-21 . dead . https://web.archive.org/web/20130324015330/http://gawker.com/5991667/this-illegally-made-incredibly-mesmerizing-animated-gif-is-what-the-internet-looks-like?utm_campaign=socialflow_gawker_facebook&utm_source=gawker_facebook&utm_medium=socialflow . 2013-03-24 .
  5. News: Thomson . Iain . Researcher sets up illegal 420,000 node botnet for IPv4 internet map . The Register . 2013-03-19 .
  6. https://arstechnica.com/security/2013/03/guerilla-researcher-created-epic-botnet-to-scan-billions-of-ip-addresses/ Guerilla researcher created epic botnet to scan billions of IP addresses
  7. http://www.isi.edu/~johnh/PAPERS/Heidemann07c.pdf Exploring Visible Internet Hosts through Census and Survey
  8. http://www.spiegel.de/netzwelt/web/carna-botnet-internet-zensus-mit-hacker-methoden-a-890225.html Forschung mit illegalem Botnetz: Die Vermessung des Internets
  9. Is It Wrong to Use Data From the World's First 'Nice' Botnet?. https://web.archive.org/web/20161222105713/https://www.wired.com/2013/05/internet_census/. 2016-12-22. Robert . McMillan . . 2013-05-15.
  10. Web site: Top Level Domains. Internet Census 2012 . 2013-05-16 . https://web.archive.org/web/20130515041758/http://internetcensus2012.bitbucket.org/tld_overview.html . 2013-05-15 . dead .