How to watch hacking, and cyberwarfare between the USA and China, in real time02/07/2014 05:33
You’ve no doubt heard countless stories about how the internet is rife with hackers and ruled by malware-peddling malcontents. You’ve probably read dozens of paragraphs on how the next great theater of war will be online rather than offline, and how China and the US are already battling each other for cyber supremacy. The truth is, though, unless you’ve actually been hacked, it’s hard to appreciate just how real the prospect of cyberwar actually is; after all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows you global hacking attempts in real-time — and sure enough, you really can see China waging cyberwar against the US.
The real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. In hacking a honeypot is essentially a juicy-looking target that acts as a trap — either to gather important data about the would-be assailants, or to draw them away from the real target. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.
If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (port 445) is still one of the top targets (it’s the port used for Windows file sharing), but DNS (port 53), SSH (22), and HTTP (80) are all very popular too. You’ll probably see CrazzyNet and Black Ice, too — two common Windows backdoor programs often used by script kiddies and criminals, rather than actual cyberwar fighters.
Occasionally, you will even see a big burst of coordinated attacks from China towards the US. It’s obviously hard to directly link these attacks to the Chinese government, but it does appear that there is someone calling the shots. A lot of hacks originate in the US, too, but their targets are much more varied; they’re not coordinated towards a single target like China.
Because this data comes from Norse’s network of honeypots, rather than real targets, it’s hard to say whether real attacks — on the Pentagon, on US universities, on big Silicon Valley companies — follow the same patterns. If Norse knows what it’s doing, it should be possible to make a honeypot server appear to be a US Department of Defense or Google server, though. But without more details from Norse, it’s hard to say.
Just so you have some idea of the global scale of hacking and cyberwarfare, here are some stats. Back in 2012, the US DOD reported that it was the target of 10 million cyber attacks per day; likewise, the National Nuclear Security Administration (which is in charge of the US’s nuclear stockpile), says it saw 10 million attacks per day in 2012. In 2013, BP’s CEO said it sees 50,000 cyber attacks per day. The UK reported around 120,000 attacks per day back in 2011, while the humble state of Utah said it was up to 20 million attacks per day in 2013.
I suspect there’s quite a big variation on what exactly constitutes an “attack,” but still, it’s clear that hacking and cyberwarfare are topics that governments, corporations, and institutions need to pay attention to. The Obama administration, at least, has announced that it won’t sit on its hands while China steps up its attacks — but it’s a fine line between shoring up defenses, and triggering a full-on cyberwar that could cripple both countries