Data – Security – Always On Devices – Stuxnet – Identity theft. Words that spring to mind these days when someone mentions the Internet. For all the talk we hear about identity theft and data loss and Trojans and Hijacks, it looks like there are a whole lot of insecure devices out there in the big bad WWW.
Lets look at that in reverse. There is the Internet and we are running out of addresses and so IPv6 is being rolled out. But exactly how many of the existing addresses are ‘actively’ used?
So, how big is the Internet?
That depends on how you count. 420 Million pingable IPs + 36 Million more that had one or more ports open, making 450 Million that were definitely in use and reachable from the rest of the Internet. 141 Million IPs were firewalled, so they could count as “in use”. Together this would be 591 Million used IPs. 729 Million more IPs just had reverse DNS records. If you added those, it would make for a total of 1.3 Billion used IP addresses. The other 2.3 Billion addresses showed no sign of usage.
Read that last line again. 2.3 Billion addresses showed no sign of usage.
Moving on, how insecure are the devices connected to the net. Remember that cable guy who set up your router and you were so eager to start downloading movies that you never really bothered to change the administrator password? Well the good news is – you are not alone.
We used a strict set of rules to identify the target devices’ CPU and RAM to ensure our binary was only deployed to systems where it was known to work. We also excluded all smaller groups of devices since we did not want to interfere with industrial controls or mission critical hardware in any way. Our binary ran on approximately 420 thousand devices. These are only about 25 percent of all unprotected devices found. There are hundreds of thousands of devices that do not have a real shell so we could not upload or run a binary, a hundred thousand mips4kce machines that are mostly too small and not capable enough for our purposes as well as many unidentifiable configuration interfaces for random hardware. We were able to use ifconfig to get the MAC address on most devices. We collected these MAC addresses for some time and identified about 1.2 million unique unprotected devices. This number does not include devices that do not have ifconfig.
Note: Emphasis is mine, but you get the idea.
The picture at the beginning of the post is the snapshot of the 420k instances of the Carna bot (yes, the bot used was called Carna, very apt no?) running on devices across the globe. I couldn’t find data points to determine exactly how many instances were running in each geography, but the colour codes look alarming for a country like India with such low broadband penetration.
The complete report of the (brilliant) research can be read here – titled “Internet Census 2012”
Find time to change that password yet?