Pro tip: Get with the post-nationalist, internet-enabled program and give up on this line of thinking.
As anyone who's tried to manage a cluster of machines knows, it's a pain to get everything working. Even when you have complete control over the hardware, software and network, distributing code to the cluster and making the cluster send stuff back is difficult. So much can go wrong and it is easy to take out servers with what seems like the most trivial of mistakes.
Now try doing this with almost half a million machines, of unknown hardware, already running unknown software, and operating in network conditions that you have no idea about. Do you think they did it perfectly and nothing went wrong?
They undoubtedly broke or disrupted many computers and systems here, and they know it. They can write all the weasel-words they like about how nice and kind they were, but I am sure they broke a lot of people's systems (some of them, by their own admission, running important services).
If you put an insecure device on the internet, the damage that ensues is your fault. Ignorance cannot be an excuse. Default passwords and no passwords are just unacceptable. Yes, by some twisted logic you can blame the hacker, but as time goes on we see more and more state sponsored attacks. It is their job to hack in to equipment of other nations for various reasons. It is your job to keep that from happening.
TL;DR There is no such thing as a trivial mistake on a public network.
It sounded like the author targeted only the most common hardware configurations, so it's likely that these were TV set-top boxes and ISP-issued routers. At any rate, if there was a massive spike in worldwide equipment failures between June and October of 2012, we probably would've heard about it.
Source: I run Shodan (http://www.shodanhq.com)
With the recent IPv4 address burn rate — the allocation rate the last remaining addresses block were issued — reclaiming a half-dozen /8 blocks would be a rearguard action at most, and an effort and a hassle that would detract from IPv6.
For data, select the column with the IANA date sort here:
http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addres...
and then consider how long a few more added /8 blocks would really last. By my count, fourteen /8 blocks since 2009. And the rate that network-connected devices are arriving isn't slowing.
What would happen if (when?) someone with more evil intentions decides they would like a 420,000 device botnet of their own? Or how much damage could one do by shutting off all these devices simultaneously?
You think massive botnets don't exist already?
> How much damage could one do by shutting off all these devices simultaneously?
The only reason this haven't happened so far is because there's no profit in this. There's more money to be made keeping a low profile and spamming / phishing.
If you read into the details, you'll realize someone else already did: the Aidra botnet. The author spotted them pretty quickly, and took some steps to prevent their spread.
How does rebooting someone's computer not count as 'interfering'? Let's hope none of those machines were doing anything important.
I see all of these job listings for "big data" projects with hot startups and here is 1 guy generating a billion records in 1 hour, for fun.
It kind of reminds me of the MIT students' Stealing Profits from Stock Market Spammers presentation, because they waited 3 years before talking about it. Source: http://defcon.org/images/defcon-17/dc-17-presentations/defco... (video is also on the website)
HD Moore's DerbyCon presentation last year (http://www.youtube.com/watch?v=b-uPh99whw4) showed that scanning the entire Internet without resorting to using other peoples' devices to perform the scanning is technically feasible and produces good results. The dataset for scanning for even a fairly large set of applications isn't tremendously large.
Funny to see that the proportion of relatively unsecure devices on the internet has not gone down since that time.
Americans work a lot, I'm sure almost all of that internet use is productive and they just prefer having fun outside after work.
Next time if a Chinese IP hacks you, it a botnet node in China hacked you.
Just waiting for someone to start mining bitcoins on 420,000 slightly underpowered CPUs...
(Ok, seriously now.) The traceroute data could be used to build an interesting map of the internet. I'm sure there's lots of cool things that can be done with what has been released.
http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-y...
