Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Census 2012 Data Examined: Authentic, But Chaotic and Unethical

Posted by timothy on from the could-have-been-worse dept.

An anonymous reader writes "A team of researchers at the TU Berlin and RWTH Aachen presented an analysis of the Internet Census 2012 data set (here's the PDF) in the July edition of the ACM Sigcomm Computer Communication Review journal. After its release on March 17, 2013 by an anonymous author, the Internet Census data created an immediate media buzz, mainly due to its unethical data collection methodology that exploited default passwords to form the Carna botnet. The now published analysis suggests that the released data set is authentic and not faked, but also reveals a rather chaotic picture. The Census suffers from a number of methodological flaws and also lacks meta-data information, which renders the data unusable for many further analyses. As a result, the researchers have not been able to verify several claims that the anonymous author(s) made in the published Internet Census report. The researchers also point to similar but legal efforts measuring the Internet and remark that the illegally measured Internet Census 2012 is not only unethical but might have been overrated by the press."

32 comments

  1. Census of the trusting and lazy by Anonymous Coward · · Score: 0

    Since only the paranoid and diligent weren't compromised.

    1. Re:Census of the trusting and lazy by Anonymous Coward · · Score: 1

      Or maybe you could read the linked summary, and learn that it was not a survey of compromised machines, instead the compromised machines were used to do the actual survey.
      But thanks for your uninformed and lazy comment.

  2. I didn't RTFA by Anonymous Coward · · Score: 0

    What does passwords have to do with an Internet census? Was it a census about passwords or about users?

  3. Why not just get the metadata from the NSA? by WillAffleckUW · · Score: 2

    They illegally and unconstitutionally collect it anyway, especially on Americans, and give a copy of the feed illegally and unconstitutionally to the CIA and GCHQ.

    Among others.

    --
    -- Tigger warning: This post may contain tiggers! --
  4. Anagram near miss by tepples · · Score: 1

    "Authentic" would be an anagram of "unethical" if it weren't for that darned "l".

    1. Re:Anagram near miss by disposable60 · · Score: 1

      Try it in French: l'Authentic

      --
      You're looking for quotes? See my journal.
    2. Re:Anagram near miss by Anonymous Coward · · Score: 0

      Try it in real French: l'authentique.

    3. Re:Anagram near miss by Anonymous Coward · · Score: 0

      mon amour <3

  5. Unethical by maevius · · Score: 2, Interesting

    Unethical? Whatever.
    Having read the original "census", it was a cool hack and no harm was done, nothing more. I'm pretty sure he/they didn't go for vigorous scientific process when this was done.

    1. Re:Unethical by Anonymous Coward · · Score: 0

      Pretty much says exactly that on the original site

      The why is also simple: I did not want to ask myself for the rest of my life how much fun it could have been or if the infrastructure I imagined in my head would have worked as expected. I saw the chance to really work on an Internet scale, command hundred thousands of devices with a click of my mouse, portscan and map the whole Internet in a way nobody had done before, basically have fun with computers and the Internet in a way very few people ever will. I decided it would be worth my time.

  6. "but might have been overrated by the press" by Anonymous Coward · · Score: 1

    Shocking! Just simply shocking!

  7. I wonder by NotInHere · · Score: 2

    Why is using idle machines of other people (he's used only machines whose load was under a certain threshold), more unethic than to torment and kill mice in the name of science? I don't think that, when used responsible, latter is unethic, but I wonder why do they put things above biological life?

    1. Re:I wonder by Anonymous Coward · · Score: 1

      but I wonder why do they put things above biological life?

      Same reason why it is illegal to steal, even if it's only food, and you are really hungry. Understandable, sure. Forgivable, maybe. But still illegal.

    2. Re:I wonder by Anonymous Coward · · Score: 0

      Why is using idle machines of other people (he's used only machines whose load was under a certain threshold), more unethic than to torment and kill mice in the name of science? I don't think that, when used responsible, latter is unethic, but I wonder why do they put things above biological life?

      Are you some sort of communist?

    3. Re:I wonder by NotInHere · · Score: 1

      What he did was illegal, and when he were found I'd have no problem of him being punished according to the law. But it is not unethic. Not when he uses default passwords, and creates no harm.
      No, I'm not.

    4. Re:I wonder by weilawei · · Score: 1

      When you use a machine, it ceases to become idle. It incurs bandwidth and power costs. That's (one of) the unethical bits.

    5. Re:I wonder by penguinoid · · Score: 1

      Why is using idle machines of other people (he's used only machines whose load was under a certain threshold), more unethic than to torment and kill mice in the name of science? I don't think that, when used responsible, latter is unethic, but I wonder why do they put things above biological life?

      Well, because now we can cure even the most obscure diseases that afflict mice.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    6. Re:I wonder by Anonymous Coward · · Score: 0

      Yeah, an extremely tiny amount. But murdering mice is okay.

    7. Re:I wonder by Anonymous Coward · · Score: 0

      TImes are difficult and I do not know the answer to your question but I do know that the name Putin was missing in this thread. Here I FTFY.

    8. Re:I wonder by Anonymous Coward · · Score: 0

      That depends on the country.

      There are countries where if you steal a slice of bread for won consumption they will not charge you. There are states where you do it three times and you get a life without a parole. There are states where they cut off the hand that stole. There were societies where the term theft did not exists.

    9. Re:I wonder by Anonymous Coward · · Score: 0

      Why is using idle machines of other people (he's used only machines whose load was under a certain threshold), more unethic than to torment and kill mice in the name of science? I don't think that, when used responsible, latter is unethic, but I wonder why do they put things above biological life?

      It's still unethical to experiment on somebody else's mouse without permission.

  8. Biased, much ? by aepervius · · Score: 2

    We do not "torment" and kill mice gratuitiously, a choice of word which certainly show quite inherent bias here. Usually you have to go thru an ethical comitee for animal experimentation (although the barrier is lower for lab mouse). Furthermore most of those animal experimentation have a clear goal to help develop cure or model for the human health. If you can't differentiate that from people misusing the computer of others, then I can't help you.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
    1. Re:Biased, much ? by NotInHere · · Score: 1

      I don't think that we shouldn't cover animal experimentation with flower words. I've no doubt animal experiments are OK, as you've said they mostly help the health of humans, but we should at least name what we do to the animals by what it is. How would you call it?

      Of course, an internet census is not such an "ethical" goal as healing people, so my comparison might be a bit shaky from this perspective.

  9. OS Fingerprints! by d33tah · · Score: 3, Interesting

    Apparently the researchers didn't analyze OS fingerprints at all. There is some metadata that the original researcher(s) forgot to remove (as well as a lot more mess). Service fingerprints are interesting as well. I did a lot of research on this data set and I have to say that while messy, this is also a really amazing data set. This article is IMHO biased.

    1. Re:OS Fingerprints! by Anonymous Coward · · Score: 0

      "Apparently the researchers didn't analyze OS fingerprints at all."

      Did you look into their paper? This is apparently not true. They focused on the ICMP data set but also looked into others, in particular the service probes that you mentioned. One of their validation sets is using that data set.

    2. Re:OS Fingerprints! by d33tah · · Score: 1

      "Apparently the researchers didn't analyze OS fingerprints at all."

      Did you look into their paper? This is apparently not true. They focused on the ICMP data set but also looked into others, in particular the service probes that you mentioned. One of their validation sets is using that data set.

      Okay, point taken about the service fingerprints, but I still see no mention for the OS fingerprints. If they looked at the data format that is there, they could get much more out of the set. (they'd also find more mess by the way as there was some weird bug that destroyed quite a few samples there)

  10. Unfortunately, the data is partially fake by Mr.+Spock · · Score: 1

    The methodology to verify the data used in the paper was to perform their own scans of networks that were known to have hosts, and then compare the results to the published 2012 internet census data. They got a high match rate. I evaluated the data slightly differently. I scanned network segments that I know to be empty, unused, or entirely behind firewalls. In these cases (for segments /24 and larger) there are still records in the internet census data. These records are completely made up. Try going to the search engine and typing in a network you know to be completely empty as scanned from the outside. A network that has been allocated but never used would be best. It's a lot of fun, and shows the internet census data is partially falsified and likely to be of no scientific value. Don't avoid the data becuse it's immoral, just avoid it because it's incorrect.

  11. Results of the census by roca · · Score: 1

    I assumed "Authentic, But Chaotic and Unethical" was the description of the Internet resulting from the census.

  12. Unfortunately, the data is partially fake by Anonymous Coward · · Score: 0

    Nice catch! Could you please share a couple of faked IPs? I'd be interested to see how they look like.

  13. I didn't RTFA by Anonymous Coward · · Score: 0

    Please refer to the /. post from last year explaining what happened: http://tech.slashdot.org/story/13/03/20/1520218/botnet-uses-default-passwords-to-conduct-internet-census-2012

  14. Unfortunately, the data is partially fake by Anonymous Coward · · Score: 0

    Are you sure that it is fake? AFAIK, most of the data sets don't list a source IP. So we don't know where the potentially faked records were measured. It could be a reply by an transparent proxy that is reported in the data. It's so messy that this might be impossible to distinguish. That'd would be another reason for me why the data is trash and of no value.

  15. Cetrtainly not torture or torment by aepervius · · Score: 1

    Firstly not all animals in experimentation are killed or suffer. But even for those who do : one of the goal of ethical guideline is to avoid animal pain as much as possible. In fact in some case we go more out of our way to avoid unnecessary pain to animals in labs, than we do for human at end of life in hospital.

    You simply have a warped view on lab experimentation which is not found in medical labs. Now you may have a point with *cosmetic* experimentation , but you won't find me defending those.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org