Ethics discussion aside, it is really cool to hear about a massive project that a single person performed in secret.<p>I see all of these job listings for "big data" projects with hot startups and here is 1 guy generating a billion records in 1 hour, for fun.<p>It kind of reminds me of the MIT students' <i>Stealing Profits from Stock Market Spammers</i> presentation, because they waited 3 years before talking about it. Source: <a href="http://defcon.org/images/defcon-17/dc-17-presentations/defcon-17-grant_jordan-stock_market_spam.pdf" rel="nofollow">http://defcon.org/images/defcon-17/dc-17-presentations/defco...</a> (video is also on the website)
This is technically interesting and clearly a cool hack, but it leaves a really bad taste in my mouth. It would be one thing to report on the large number of insecure embedded devices attached to the Internet, but it's another thing to actually use other peoples' devices without their permission-- especially at this kind of scale.<p>HD Moore's DerbyCon presentation last year (<a href="http://www.youtube.com/watch?v=b-uPh99whw4" rel="nofollow">http://www.youtube.com/watch?v=b-uPh99whw4</a>) showed that scanning the entire Internet without resorting to using other peoples' devices to perform the scanning is technically feasible and produces good results. The dataset for scanning for even a fairly large set of applications isn't tremendously large.
I wonder how many of the 420,000 machines they ran their code on got screwed up by them?<p>As anyone who's tried to manage a cluster of machines knows, it's a pain to get everything working. Even when you have complete control over the hardware, software and network, distributing code to the cluster and making the cluster send stuff back is difficult. So much can go wrong and it is easy to take out servers with what seems like the most trivial of mistakes.<p>Now try doing this with almost half a million machines, of unknown hardware, already running unknown software, and operating in network conditions that you have no idea about. Do you think they did it perfectly and nothing went wrong?<p>They undoubtedly broke or disrupted many computers and systems here, and they know it. They can write all the weasel-words they like about how <i>nice</i> and <i>kind</i> they were, but I am sure they broke a lot of people's systems (some of them, by their own admission, running important services).
This is awesome and terrifying.<p>What would happen if (when?) someone with more evil intentions decides they would like a 420,000 device botnet of their own? Or how much damage could one do by shutting off all these devices simultaneously?
Isn't this exactly what rtm did in 1988? The only difference is that this worm took pains to behave more nicely.<p>Funny to see that the proportion of relatively unsecure devices on the internet has not gone down since that time.
USA has strangely different usage patterns. Usage decreases in the evening so peek seems to be during work hours.<p>Americans work a lot, I'm sure almost all of that internet use is productive and they just prefer having fun outside after work.
<a href="http://internetcensus2012.bitbucket.org/images/clientmap_16to9_small.jpg" rel="nofollow">http://internetcensus2012.bitbucket.org/images/clientmap_16t...</a><p>Next time if a Chinese IP hacks you, it a botnet node in China hacked you.
This is a way cool idea. Probably not the best thing to happen to the internet on a daily basis, but an amazing project nevertheless.<p>Just waiting for someone to start mining bitcoins on 420,000 slightly underpowered CPUs...<p>(Ok, seriously now.) The traceroute data could be used to build an interesting map of the internet. I'm sure there's lots of cool things that can be done with what has been released.
Interesting, but let's see. Where have I heard about how the Feds (over)react to gaining unauthorized access to someone else's computer? Hmm...<p><a href="http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-years/" rel="nofollow">http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-y...</a>
This is some interesting research. I am wondering though: Does anyone know whether there are any potential legal issues with scanning devices / networks that do not belong to you ? Is it possible for you to get into trouble in engaging in this activity?
"We had no interest to interfere with default device operation"
... "After a reboot" ...<p>How does rebooting someone's computer not count as 'interfering'? Let's hope none of those machines were doing anything important.
Uploading and running executable code on other people's devices without their permission is absolutely illegal, regardless if it's exposed or not. I would be <i>pissed</i> if someone did this on any of my devices.
Interesting, maybe we should revoke IPv4 assignations to Apple, Ford, HP, Prudential etc. who aren't using anything close to the 16 million IP addresses they have.