Thanks to hundreds of thousands of unprotected devices and a very curious, benevolent hacker, we now have perhaps the most accurate map of the Internet ever created. With a simple, although very illegal hack, the anonymous researcher was able to ping 420,000 computers to chart where they are and how traffic patterns change over time.
“I saw the chance to really work on an Internet scale, command hundred thousands of devices with a click of my mouse, portscan and map the whole Internet in a way nobody had done before, basically have fun with computers and the Internet in a way very few people ever will,” the researcher wrote on a website explaining the project.
After attempting to use a classic telnet login to access computers (originally as a joke), the researcher's team realized that there were several hundred thousand unprotected devices on the Internet. This made it possible to build a super-fast port scanner and infect the computers with bots.
One of the primary rules of the project was to “be nice.” Once the team had access to a computer, there was a rule against making any permanent changes. After a reboot, the device would be back in its original state. They also made sure the program wouldn’t interfere with anything else on the computer, and they even uploaded a note in the form of a readme file that explained the project and gave a contact email address.
“We did this in the least invasive way possible and with the maximum respect to the privacy of the regular device users.”
The researcher could still probably still be found guilty of violating the Computer Fraud and Abuse Act if he or she revealed their identity. Due to the massive amount of computers hacked, a conviction could come with serious jail time.
The map, while beautiful and very accurate, still has some limitations. The program could only infiltrate IPv4 addresses, which is a bit outdated from the current IPv6 standard, and only devices running Linux. And while 420,000 is a pretty good sample size, it is just a fraction of the computers accessing the Internet.
Other than create an awesome map, the goal of the project was to “help raise some awareness that, while everybody is talking about high-class exploits and cyberwar, four simple, stupid default telnet passwords can give you access to hundreds of thousands of consumers, as well as tens of thousands of industrial devices all over the world,” the researcher wrote.
So in other words: Don’t just keep the default password!