How to watch hacking, and cyberwarfare between the USA and China, in real time

Source: Extremetech

You’ve no doubt heard countless stories about how the internet is rife with hackers and ruled by malware-peddling malcontents. You’ve probably read dozens of paragraphs on how the next great theater of war will be online rather than offline, and how China and the US are already battling each other for cyber supremacy. The truth is, though, unless you’ve actually been hacked, it’s hard to appreciate just how real the prospect of cyberwar actually is; after all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows you global hacking attempts in real-time — and sure enough, you really can see China waging cyberwar against the US.

The real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. In hacking a honeypot is essentially a juicy-looking target that acts as a trap — either to gather important data about the would-be assailants, or to draw them away from the real target. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (port 445) is still one of the top targets (it’s the port used for Windows file sharing), but DNS (port 53), SSH (22), and HTTP (80) are all very popular too. You’ll probably see CrazzyNet and Black Ice, too — two common Windows backdoor programs often used by script kiddies and criminals, rather than actual cyberwar fighters.

Norse real-time hacking map, showing a coordinated attack from China towards the US

Occasionally, you will even see a big burst of coordinated attacks from China towards the US. It’s obviously hard to directly link these attacks to the Chinese government, but it does appear that there is someone calling the shots. A lot of hacks originate in the US, too, but their targets are much more varied; they’re not coordinated towards a single target like China.

Because this data comes from Norse’s network of honeypots, rather than real targets, it’s hard to say whether real attacks — on the Pentagon, on US universities, on big Silicon Valley companies — follow the same patterns. If Norse knows what it’s doing, it should be possible to make a honeypot server appear to be a US Department of Defense or Google server, though. But without more details from Norse, it’s hard to say.

Comments are closed.

Reach Us

Richmond Weather