How big is the Internet? Two years ago, the anonymous researcher behind the Carna botnet joked around that they should try the classic telnet login with default root username and password on random IP addresses. They gave it a whirl, and in a short period of time, found thousands of unprotected device on the Net.
But to scan the entire Internet would require a botnet, so they built one.
Curt Hopkins of The Daily Dot wrote:
Carna turned out to be an effective way of measuring a big chunk of the Internet, but there’s one major catch: It’s illegal and invasive, which no doubt explains why the researcher has remained anonymous. Carna was, as per the name, a botnet, a type of malware secretly loaded into any device it could penetrate. At its peak, the botnet controlled an estimated 420,000 devices.
“We used the devices as a tool to work at the Internet scale,” wrote the Carna author. “We did this in the least invasive way possible and with the maximum respect to the privacy of the regular device users.”
Although Carna was allegedly designed to minimize intrusion and avoid damaging an infected device or process, it remains a virus that a hacker used to infect millions of devices with no notice and no permission.