From eWeek: In March, an anonymous researcher published a report dubbed the Internet Census, which was conducted by exploiting more than a million embedded devices with the Carna Botnet. Full details from that same anonymous researcher on the devices that were exploited had not publicly been revealed—until now.
Parth Shukla, information security analyst in the Operations Centre at the Australian Computer Emergency Response Team (AusCert), is set to publicly discuss the previously unknown Internet Census findings this week at the Black Hat Regional Summit in Sao Paulo, Brazil. In an interview with eWEEK, Shukla explained how he got hold of the details from the anonymous researcher and what the data actually shows.
When Shukla first heard about the Internet Census data publication, he wondered if the researcher in fact had more data available, he told eWEEK. So he contacted the researcher by way of the public key that researcher had signed the research with. Shukla said the anonymous researcher told him that no one else had bothered to contact him to see if there was more data available. It turns out there was more data available, and it was all sent to Shukla.
Legal issues did come up. The Internet Census Carna Botnet data was illegally obtained as the anonymous researcher infected machines around the world without permission. Shukla said, however, that he had multiple discussions with his organization's legal department about the data. In the final analysis, AusCert's legal team said that Shukla had not asked the anonymous researcher to conduct the illegal research and, as such, was not a party to the crime.
View: Article @ Source Site
