Enormous global embedded device botnet built

An anonymous researcher has created a gigantic global botnet out of embedded devices to scan the whole IPv4 Internet, apparently for the fun of it.

The idea for the Carna botnet project came about accidentally, the researcher writes.

"While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet.

"Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials."

In the end, the reseacher discovered that several hundreds of thousands of devices were vulnerable and wrote a small binary executable program to run on them, creating an enormous distributed global port scanner with which he conducted a survey of the IPv4 Internet.

Conducted last year, the Internet survey gathered some nine terabytes of data gleaned from around 420,000 compromised devices in the botnet.

According to the researcher, there was "no interest to interfere with default device operation" and passwords and other settings were not changed.

"We did this in the least invasive way possible and with the maximum respect to the privacy of the regular device users," the researcher writes.

The binary ceases to work after a while, according to the researcher who will not release the source code for it due to the risk of abuse.

Carna botnet clients around the world

In releasing the binary, the researcher discovered another active one on some of the embedded devices called Aidra. He estimates it runs on fewer than 30,000 devices.

Through the survey, the researcher estimates the size of the IPv4 Internet to be around 1.3 billion IP addresses currently. 

The data with billions of records can be downloaded as a torrent.