Europe In The Carna Botnet: Telnet's Threat To The Largest Economy

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration).

This presentation will showcase the latest analysis and the progress of industry collaboration on the problem of internet facing devices that have default credential logins through telnet. The Carna Botnet, which was used to perform the first-ever map of the Internet - Internet Census 2012 - highlighted a major information security concern with devices that allow default credential login from the Internet by default. For more information on the Internet Census 2012, please refer to the anonymous researcher's paper. A complete list of compromised devices that formed part of the Carna Botnet was obtained exclusively by Parth Shukla. This list is NOT publicly available from any source. This data was acquired directly from the anonymous researcher who performed the Internet Census. As confirmed by the researcher, AusCERT to date remains the only organization and researcher in the world that has the complete dataset. Relevant snippets of this data, however, have been provided to CERTs around the world in order to reduce the threat made explicit by the Carna Botnet. This presentation at DeepSec will provide up-to-date analyses of all the different identifying information for each of the compromised devices that formed part of the Botnet. This detailed analysis will indicate the prevalence of easily-exploited vulnerabilities in different countries, regions and in the devices of different manufacturers. Therefore, what these security problems mean for DeepSec attendees, IT professionals and manufacturers around the world will be thoroughly examined. The ultimate aim of this presentation is to continue to draw public awareness to the larger concerns for information security professionals worldwide and for the world's largest economy of Europe. Hopefully, this awareness will persuade manufacturers and even local ISPs to collaborate and address this problem. The Carna Botnet reminds us all that there are numerous, simpler vulnerabilities at risk of exploitation and in need of immediate attention.

Presenters:

  • Parth Shukla (AusCERT - Australian Computer Emergency Response Team
    Parth Shukla is an Information Security Analyst in the Operations Centre at the Australian Computer Emergency Response Team (AusCERT). He specialises in providing analysis, monitoring threats and responding to member requests for incident handling. Parth has extensive experience working in the IT field over the past 8 years. He has worked for the University of Queensland (UQ) for a number of years taking on various positions. In addition to working as the Information Technology Support Officer at the UQ Library, he has also held a range of Research Assistant roles in various IT projects, and he has tutored both practical programming and other theoretical computer courses at both advanced and capstone levels for the School of Information Technology and Electrical Engineering (ITEE). Parth's previous roles outside the University include working as a system administrator and a freelance website programmer. In terms of academics, he has excelled in his studies, being awarded the prestigious "UQ Excellence Scholarship", which he maintained for the full 4 years. While at AusCERT, Parth has been analysing the data of the Carna Botnet that he obtained exclusively from the anonymous researcher. He has provided relevant snippets of the datasets to CERTs around the world as well as relevant organisations within Australia. He has taken on the mission of spreading public awareness on the security implications of his research by conducting detailed region-specific analyses of the Carna Botnet at various conferences around the world. So far, Parth has presented at the following conferences: The Hackers Conference in Delhi, India; APNIC 36 in Xi'an, China; AusNOG 2013 in Sydney, Australia; Security on the Move Conference in Sydney, Australia; and AusCERT 2013 Conference at the Gold Coast, Australia. Parth has also been invited to present on the South American data for the Carna Botnet at BlackHat in Sao Paulo. His presentation at DeepSec will cover exclusive and detailed never-before-presented content. Parth has been strongly interested in information security from the earliest days of his career. His passion for computer security covers a wide range of topics from botnet and malware analysis to network and infrastructure security. Outside work, Parth also runs his own small VM farm of servers at home as a hobby and for private research. His personal interests are far and wide, including physics, politics, religion, philosophy and cricket!

Links:

Similar Presentations: