IEEE Technology and Society Magazine - June 2015 - 44

in other countries apply more directly to the installation
and use of the Carna program itself. An analysis of
these terms, and how they have been interpreted in various legal cases, was undertaken by Kerr in 2003 [20].
Under the German Civil Code §208, "[d]issemination of spyware, malware or computer viruses is punishable by a pecuniary punishment or up to 3 years'
imprisonment" [21]. The section of the German Civil
Code addressing the issue of intent, in connection with
remote mitigation of botnets, is addressed in [21] this
way: "Even though the intent of the actor reflects the
wish to benefit the owner of the infected machine and is
good-willed, all of the [mentioned provisions of the German Penal Code] do not expressis verbis prescribe a
motive, aim or any other subjective element necessary,
making any intent towards the following action - hereby
taking over at least parts of the botnet and implementing remote disinfection- suitable as a prerequisite for

Initial tests of the Carna botnet were
wildly successful, discovering over
100 000 vulnerable systems.

sanction." In this case, the action was not to clean up
infections, nor to provide any direct benefit to the owners of the systems; the purpose was to use the computing and network resources of the systems to satisfy
the personal curiosity and desires of the Carna botnet
author. This ego-centric motivation is expressed by the
Carna botnet author in these two statements:
"We would also like to mention that building and
running a gigantic botnet and then watching it as it
scans nothing less than the whole Internet at rates
of billions of IPs per hour over and over again is
really as much fun as it sounds" [14].
"The [reason] why [I did this] is also simple: I did
not want to ask myself for the rest of my life how
much fun it could have been or if the infrastructure
I imagined in my head would have worked as
expected. I saw the chance to really work on an
Internet scale, command hundred thousands of
devices with a click of my mouse, portscan and
map the whole Internet in a way nobody had done
before, basically have fun with computers and the
Internet in a way very few people ever will. I decided it would be worth my time" [14].

44

As for other stated benefits, a claim is made about
the release of collected data: "We hope other researchers will find the data we have collected useful and that
this publication will help raise some awareness that,
while everybody is talking about high-class exploits and
cyberwar, four simple stupid default telnet passwords
can give you access to hundreds of thousands of consumer as well as tens of thousands of industrial devices all over the world" [14]. Researchers often make
claims of raising "awareness" of vulnerabilities even
though it is nearly impossible to quantify this purported
benefit. In this case, the general problem has been
known for decades and the specifics of weak passwords in the devices used by the Carna botnet author
have been known for years. The author of [14] (and
many other researchers making this claim) provide no
evidence to support the assertion that the outcome of
this disclosure will be any different than any previous
similar disclosures.
The novel concept in the Carna case is specifically
that of using hundreds of thousands of other peoples'
networked devices for scanning, instead of for other
malicious activity. The Carna author admits identifying
malicious activities: "We noticed at this time that one
of the machines already had an unknown binary in the
/tmp directory that looked suspicious. A simple strings
command used on that binary revealed contents like
synflood, ackflood, etc., the usual abuse stuff one
would find in malicious botnet binaries. We quickly
discovered that this was a bot called Aidra, published
only a few days before" [14]. Gaining knowledge of
which devices were compromised, and doing nothing to
inform the owners, raises further ethical issues including regarding the distribution of burdens and risks (i.e.,
to the owners of the devices used for this experiment),
as compared with the benefits of this activity to those
same stakeholders, or to society.
Benevolent intent, unfortunately, may have no bearing
on the legality of acts under some laws. According to [21]:
"[The] benevolence of the actor is not relevant,
because whoever gathers information or produces
or acquires (hacking) tools with the intention to gain
unjustified access to somebody else's data is punishable by §§ 202c and 202a of the German Penal
Code. It is not necessary to demonstrate a further
intention to use the gathered data for criminal
actions. Given the uncertainty in judicial practice on
how to handle such situations, there is a certain risk
of making oneself susceptible to prosecution.
§ 202a. Data espionage (1) Whosoever unlawfully obtains data for himself or another that
were not intended for him and were especially
protected against unauthorised access, if he has

IEEE Technology and Society Magazine

∕

june 2015



Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - June 2015

IEEE Technology and Society Magazine - June 2015 - Cover1
IEEE Technology and Society Magazine - June 2015 - Cover2
IEEE Technology and Society Magazine - June 2015 - 1
IEEE Technology and Society Magazine - June 2015 - 2
IEEE Technology and Society Magazine - June 2015 - 3
IEEE Technology and Society Magazine - June 2015 - 4
IEEE Technology and Society Magazine - June 2015 - 5
IEEE Technology and Society Magazine - June 2015 - 6
IEEE Technology and Society Magazine - June 2015 - 7
IEEE Technology and Society Magazine - June 2015 - 8
IEEE Technology and Society Magazine - June 2015 - 9
IEEE Technology and Society Magazine - June 2015 - 10
IEEE Technology and Society Magazine - June 2015 - 11
IEEE Technology and Society Magazine - June 2015 - 12
IEEE Technology and Society Magazine - June 2015 - 13
IEEE Technology and Society Magazine - June 2015 - 14
IEEE Technology and Society Magazine - June 2015 - 15
IEEE Technology and Society Magazine - June 2015 - 16
IEEE Technology and Society Magazine - June 2015 - 17
IEEE Technology and Society Magazine - June 2015 - 18
IEEE Technology and Society Magazine - June 2015 - 19
IEEE Technology and Society Magazine - June 2015 - 20
IEEE Technology and Society Magazine - June 2015 - 21
IEEE Technology and Society Magazine - June 2015 - 22
IEEE Technology and Society Magazine - June 2015 - 23
IEEE Technology and Society Magazine - June 2015 - 24
IEEE Technology and Society Magazine - June 2015 - 25
IEEE Technology and Society Magazine - June 2015 - 26
IEEE Technology and Society Magazine - June 2015 - 27
IEEE Technology and Society Magazine - June 2015 - 28
IEEE Technology and Society Magazine - June 2015 - 29
IEEE Technology and Society Magazine - June 2015 - 30
IEEE Technology and Society Magazine - June 2015 - 31
IEEE Technology and Society Magazine - June 2015 - 32
IEEE Technology and Society Magazine - June 2015 - 33
IEEE Technology and Society Magazine - June 2015 - 34
IEEE Technology and Society Magazine - June 2015 - 35
IEEE Technology and Society Magazine - June 2015 - 36
IEEE Technology and Society Magazine - June 2015 - 37
IEEE Technology and Society Magazine - June 2015 - 38
IEEE Technology and Society Magazine - June 2015 - 39
IEEE Technology and Society Magazine - June 2015 - 40
IEEE Technology and Society Magazine - June 2015 - 41
IEEE Technology and Society Magazine - June 2015 - 42
IEEE Technology and Society Magazine - June 2015 - 43
IEEE Technology and Society Magazine - June 2015 - 44
IEEE Technology and Society Magazine - June 2015 - 45
IEEE Technology and Society Magazine - June 2015 - 46
IEEE Technology and Society Magazine - June 2015 - 47
IEEE Technology and Society Magazine - June 2015 - 48
IEEE Technology and Society Magazine - June 2015 - 49
IEEE Technology and Society Magazine - June 2015 - 50
IEEE Technology and Society Magazine - June 2015 - 51
IEEE Technology and Society Magazine - June 2015 - 52
IEEE Technology and Society Magazine - June 2015 - 53
IEEE Technology and Society Magazine - June 2015 - 54
IEEE Technology and Society Magazine - June 2015 - 55
IEEE Technology and Society Magazine - June 2015 - 56
IEEE Technology and Society Magazine - June 2015 - 57
IEEE Technology and Society Magazine - June 2015 - 58
IEEE Technology and Society Magazine - June 2015 - 59
IEEE Technology and Society Magazine - June 2015 - 60
IEEE Technology and Society Magazine - June 2015 - 61
IEEE Technology and Society Magazine - June 2015 - 62
IEEE Technology and Society Magazine - June 2015 - 63
IEEE Technology and Society Magazine - June 2015 - 64
IEEE Technology and Society Magazine - June 2015 - 65
IEEE Technology and Society Magazine - June 2015 - 66
IEEE Technology and Society Magazine - June 2015 - 67
IEEE Technology and Society Magazine - June 2015 - 68
IEEE Technology and Society Magazine - June 2015 - 69
IEEE Technology and Society Magazine - June 2015 - 70
IEEE Technology and Society Magazine - June 2015 - 71
IEEE Technology and Society Magazine - June 2015 - 72
IEEE Technology and Society Magazine - June 2015 - 73
IEEE Technology and Society Magazine - June 2015 - 74
IEEE Technology and Society Magazine - June 2015 - 75
IEEE Technology and Society Magazine - June 2015 - 76
IEEE Technology and Society Magazine - June 2015 - 77
IEEE Technology and Society Magazine - June 2015 - 78
IEEE Technology and Society Magazine - June 2015 - 79
IEEE Technology and Society Magazine - June 2015 - 80
IEEE Technology and Society Magazine - June 2015 - Cover3
IEEE Technology and Society Magazine - June 2015 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2023
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2022
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2021
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2020
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2019
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_december2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_september2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_june2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_march2018
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2017
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2016
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2015
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2014
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_winter2013
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_fall2013
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_summer2013
https://www.nxtbook.com/nxtbooks/ieee/technologysociety_spring2013
https://www.nxtbookmedia.com