You’ve no doubt heard countless stories about how the internet is rife with hackers and ruled by malware-peddling malcontents. You’ve probably read dozens of paragraphs on how the next great theater of war will be online rather than offline, and how China and the US are already battling each other for cyber supremacy. The truth is, though, unless you’ve actually been hacked, it’s hard to appreciate just how real the prospect of cyberwar actually is; after all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows you global hacking attempts in real-time — and sure enough, you really can see China waging cyberwar against the US.
The real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. In hacking a honeypot is essentially a juicy-looking target that acts as a trap — either to gather important data about the would-be assailants, or to draw them away from the real target. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.
If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (port 445) is still one of the top targets (it’s the port used for Windows file sharing), but DNS (port 53), SSH (22), and HTTP (80) are all very popular too. You’ll probably see CrazzyNet and Black Ice, too — two common Windows backdoor programs often used by script kiddies and criminals, rather than actual cyberwar fighters.
No comments:
Post a Comment