Those who haven‘t heard of the name Carna, it is the Roman goddess responsible for protecting inner organs. The same name was given for a botnet that ran mostly on embedded routers and hadn’t been detected until October last year. It contained a worldwide map of more than 100,000 vulnerable devices created by one hacker whose name remains secret.
Many of the insecure machines had Linux and allowed login either with empty or with default credentials. The project itself was illegal but the data may be useful for further study. Those interested in Carna database might find it here: http://internetcensus2012.bitbucket.org/paper.html (it has 9 terabytes of data).
The anonymous hacker comments that the project started as a joke while working with the Nmap Scripting Engine (NSE). Someone mentioned that the classic telnet login root:root should be tried on random IP addresses and after a try a hacker realized that there are at least several thousand unprotected devices on the Internet. He also assures that during the project did not interfere with the scanned systems and did not replace any passwords.