MJS Article: The Compromised Devices of the Carna Botnet by Parth Shukla
Last year we talked about publishing the proceedings of past DeepSec conferences with a collection of articles covering presentation held in Vienna. We like to introduce Parth Shukla, who presented a report of the devices compromised by the Carna Botnet.
This article will showcase the latest analysis and the progress of industry collaboration on the problem of Internet facing devices that have default credential logins through telnet. The Carna Botnet, which was used to perform the first-ever map of the Internet – Internet Census 2012 – highlighted a major information security concern with devices that allow default credential login from the Internet by default. For more information on the Internet Census 2012, please refer to the anonymous researcher’s paper.
A complete list of compromised devices that formed part of the Carna Botnet was obtained exclusively by Parth Shukla. This list is NOT publicly available from any source. This data was acquired directly from the anonymous researcher who performed the Internet Census. As confirmed by the researcher, AusCERT to date remains the only organization and researcher in the world that has the complete dataset. Relevant snippets of this data, however, have been provided to CERTs around the world in order to reduce the threat made explicit by the Carna Botnet.
This article will provide a detailed analysis of all the different identifying information for each of the compromised devices that formed part of the Botnet. This detailed analysis will showcase the prevalence of easily-exploitable devices in different countries, regions and in different manufacturers. The ultimate aim of this article is to continue to draw public awareness to the larger concerns faced by information security professionals worldwide. Hopefully, this awareness will persuade manufacturers and even local ISPs to collaborate and address this problem. The Carna Botnet reminds us all that there are numerous, simpler vulnerabilities at risk of exploitation and in need of immediate attention.
The contents of this paper were first released to AusCERT members on 20 August 2013 and to the public on 25 August 2013.
You can download the full article from the Magdeburg Institute for Security Research.