Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    Carna Botnet Exploit Unmasked, Researcher Reveals Details

    By
    Sean Michael Kerner
    -
    November 26, 2013
    Share
    Facebook
    Twitter
    Linkedin
      security

      In March, an anonymous researcher published a report dubbed the Internet Census, which was conducted by exploiting more than a million embedded devices with the Carna Botnet. Full details from that same anonymous researcher on the devices that were exploited had not publicly been revealed—until now.

      Parth Shukla, information security analyst in the Operations Centre at the Australian Computer Emergency Response Team (AusCert), is set to publicly discuss the previously unknown Internet Census findings this week at the Black Hat Regional Summit in Sao Paulo, Brazil. In an interview with eWEEK, Shukla explained how he got hold of the details from the anonymous researcher and what the data actually shows.

      When Shukla first heard about the Internet Census data publication, he wondered if the researcher in fact had more data available, he told eWEEK. So he contacted the researcher by way of the public key that researcher had signed the research with. Shukla said the anonymous researcher told him that no one else had bothered to contact him to see if there was more data available. It turns out there was more data available, and it was all sent to Shukla.

      Legal issues did come up. The Internet Census Carna Botnet data was illegally obtained as the anonymous researcher infected machines around the world without permission. Shukla said, however, that he had multiple discussions with his organization’s legal department about the data. In the final analysis, AusCert’s legal team said that Shukla had not asked the anonymous researcher to conduct the illegal research and, as such, was not a party to the crime.

      “There are, of course, ethical considerations about using data that was clearly violating the rights of so many people’s devices,” Shukla said. “My view is that since I was the only one with the data, it is imperative for me to do something to spread the message, that what the data reveals is a very serious security concern.”

      The Internet Census data was obtained by the anonymous researcher by way of hacking telnet services on devices and then infecting the devices to become part of the Carna Botnet. Security-conscious IT administrators generally avoid Telnet; the remote-access technology has been revealed to be insecure since it does not encrypt data.

      “You expect some devices on the Internet to be exposed to Telnet, but you don’t expect there to be 1.3 million devices,” Shukla said. “That’s what the data shows, and it’s kind of mind-blowing.”

      Shukla’s analysis of the 1.3 million vulnerable devices revealed that it’s not consumers or enterprises that are necessarily at fault, but he puts the blame on the device manufacturers. The data shows 2,100 different manufacturers for the devices scanned by the Internet Census.

      The top-10 device manufacturers in the study, by volume, are building devices that are insecure, by default, when users plug the devices into the Internet, Shukla said. “Certain vendors have made their device firmware more vulnerable by having default log-in information and telnet on by default,” he said.

      Default log-ins on telnet, enable any attacker that is scanning the Internet to potentially identify open telnet ports and then log in to vulnerable devices. Shukla said that he can’t understand why any device manufacturer would put telnet on a device with default credentials. In his view, there is no such business requirement for any devices that are currently shipping.

      Looking deeper into the data, Shukla said that most of the devices in the study are embedded devices with less than 256MB of system memory.

      While an obvious best practice for all IT users is not to run Telnet, Shukla said that it can often be difficult to detect if a device is vulnerable.

      One of the first things that the Carna Botnet does is it closes Port 22 on the device, which is the port that is typically used by Telnet. As such, users can’t just probe a device looking for an open Port 22, and need to do a very robust and thorough scan.

      Overall, while users should be more vigilant, device manufacturers should improve security, Shukla said.

      “As an industry, the bigger challenge is getting manufacturers to build devices that are more secure by default,” Shukla said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×