You probably haven’t heard of HD Moore, but up to a few weeks ago every Internet device in the world, perhaps including some in your own home, was contacted roughly three times a day by a stack of computers that sit overheating his spare room. “I have a lot of cooling equipment to make sure my house doesn’t catch on fire,” says Moore, who leads research at computer security company Rapid7.
In February last year he decided to carry out a personal census of every device on the Internet as a hobby. “This is not my day job; it’s what I do for fun,” he says.
Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could let anyone take control of them.
A home science experiment that probed billions of Internet devices reveals that thousands of industrial and business systems offer remote access to anyone.
- Call response: The approximate location of some of the 460 million responses to a survey of Internet devices carried out by an anonymous hacker. By Tom Simonite on April 26, 2013