Think "who has the highest number of insecure systems directly attached to the Internet?" That would be the US. Even with our sub-standard broadband offerings, there is still room to capture and control direct-attached systems and pwn their bandwidth. I would wager 95%+ of those systems do not actually need to be directly attached, rather the owner or ISP is too cheap/stupid to provide a proper router with all the ports fire-walled off until the user requests them opened. It's like TalkTalk, but on a nationwide (and ISP agnostic) scale. Lots of muggle Internet users all happily directly connected and serving their botnet masters, so long as they can get to the "gun show" and "faux news" websites, there is nothing amiss. Ignorance is blessed [sic]. And the ISPs don't do anything to help.