Slashdot Mirror

← Back to Stories (view on slashdot.org)

Real-Time Cyber-Attack Map

Posted by timothy on from the get-to-the-next-phone-booth dept.

First time accepted submitter anavictoriasaavedra writes "In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."

36 comments

  1. READ THIS: by Anonymous Coward · · Score: -1
    It has come to my attention that the entire Linux community is a hotbed of so called 'alternative sexuality,' which includes anything from hedonistic orgies to homosexuality to pedophilia.

    What better way of demonstrating this than by looking at the hidden messages contained within the names of some of Linux's most outspoken advocates:

    • Linus Torvalds [microsoft.com] [microsoft.com] is an anagram of slit anus or VD 'L,' clearly referring to himself by the first initial.
    • Richard M. Stallman [geocities.com] [geocities.com], spokespervert for the Gaysex's Not Unusual 'movement' is an anagram of mans cram thrill ad.
    • Alan Cox [microsoft.com] [microsoft.com] is barely an anagram of anal cox which is just so filthy and unchristian it unnerves me.

    I'm sure that Eric S. Raymond, composer of the satanic homosexual [goatse.cx] [goatse.cx] propaganda diatribe The Cathedral and the Bizarre, is probably an anagram of something queer, but we don't need to look that far as we know he's always shoving a gun up some poor little boy's rectum. Update: Eric S. Raymond is actually an anagram for secondary rim and cord in my arse. It just goes to show you that he is indeed queer.

    Update the Second: It is also documented that Evil Sicko Gaymond is responsible for a nauseating piece of code called Fetchmail [microsoft.com] [microsoft.com], which is obviously sinister sodomite slang for 'Felch Male' -- a disgusting practise. For those not in the know, 'felching' is the act performed by two perverts wherein one sucks their own post-coital ejaculate out of the other's rectum. In fact, it appears that the dirty Linux faggots set out to undermine the good Republican institution of e-mail, turning it into 'e-male.'

    As far as Richard 'Master' Stallman goes, that filthy fudge-packer was actually quoted [salon.com] [salon.com] on leftist commie propaganda site Salon.com as saying the following: 'I've been resistant to the pressure to conform in any circumstance,' he says. 'It's about being able to question conventional wisdom,' he asserts. 'I believe in love, but not monogamy,' he says plainly.

    And this isn't a made up troll bullshit either! He actually stated this tripe, which makes it obvious that he is trying to politely say that he's a flaming homo [comp-u-geek.net] [comp-u-geek.net] slut [rotten.com] [rotten.com]!

    Speaking about 'flaming,' who better to point out as a filthy chutney ferret than Slashdot's very own self-confessed pederast Jon Katz. Although an obvious deviant anagram cannot be found from his name, he has already confessed, nay boasted of the homosexual [goatse.cx] [goatse.cx] perversion of corrupting the innocence of young children [slashdot.org] [slashdot.org]. To quote from the article linked:

    'I've got a rare kidney disease,' I told her. 'I have to go to the bathroom a lot. You can come with me if you want, but it takes a while. Is that okay with you? Do you want a note from my doctor?'

    Is this why you were touching your penis [rotten.com] [rotten.com] in the cinema, Jon? And letting the other boys touch it too?

    We should also point out that Jon Katz refers to himself as 'Slashdot's resident Gasbag.' Is there any more doubt? For those fortunate few who aren't aware of the list of homosexual [goatse.cx] [goatse.cx] terminology found inside the Linux 'Sauce Code,' a 'Gasbag' is a pervert who gain

  2. who will get the most use out of this? by hguorbray · · Score: 5, Insightful

    the crackers will probably use this to test their bots and make even better bots and malware...

    seems to be the way of the world

    -I'm just sayin'

    1. Re:who will get the most use out of this? by alphatel · · Score: 2

      Okay that's fine, but why do all the hackers seem to live in Aachen (DE)?

      --
      When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    2. Re:who will get the most use out of this? by besalope · · Score: 1

      Okay that's fine, but why do all the hackers seem to live in Aachen (DE)?

      If you read it again, it's from X location TO Aachen, Germany. Likely they have a honeypot there.

    3. Re:who will get the most use out of this? by Baloroth · · Score: 3, Insightful

      The honeypot only seems to recognize worms that are already recognized by AV software. All the bot makers would have to do is test it against AV software themselves, either directly or through a scanning-upload site (or even just by checksum, as the map does). It just gives researchers more of an idea of where and with what people are infected (looks like mostly variants of Conficker from the spot checks I did). Bot makers already have all the resources this gives to test their malware against. Might serve as an e-peen boost for them to see how common their malware is, but I doubt it will serve much beyond that.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    4. Re:who will get the most use out of this? by Anonymous Coward · · Score: 0

      No its not. It says Attack "From." How on earth would it be helpful to see where your own honeypot is located?

    5. Re:who will get the most use out of this? by Guru80 · · Score: 1

      It would seem to me that the "honeypots" wouldn't employ their state of the art security they develop in response to how the attacks take place thus not allowing crackers to test out their own advancements against a target known to deploy the advancements they are seeking to get around.

    6. Re:who will get the most use out of this? by Jesse_vd · · Score: 1

      From the FAQ (Click the ? in top left):
      "What is going on in Aachen?!

      Most of the time, you will see attacks targeted against Aachen. This is because our honeypot at RWTH Aachen University is very active and captures attacks against hundreds of target IP addresses. This does not mean that Aachen is attacked more often than the rest of the world!"

    7. Re:who will get the most use out of this? by Anonymous Coward · · Score: 0

      Thats the targets though (yellow dots). Not the red dots...that's where the attacks originated. Hence, not where the hackers live.

    8. Re:who will get the most use out of this? by jhoegl · · Score: 1

      Who you callin cracka?

    9. Re:who will get the most use out of this? by Anonymous Coward · · Score: 0

      Please try a bit harder.

    10. Re:who will get the most use out of this? by Xemu · · Score: 1

      The honeypot only seems to recognize worms that are already recognized by AV software.

      no, the honeypot display only the worms that are already known.

      All the bot makers would have to do is test it against AV software themselves,

      Yes, this is what bot makers do. The stupid ones use Virustotal for this testing. The smart ones have their own private test cloud.
      If this map exist or not does not change the bot maker's testing process.

      --
      Tell your friends about xenu.net
  3. This map is inaccurate by For+a+Free+Internet · · Score: -1, Insightful

    U.S. imperialist hackers are attacking all over the world, they are the smelliest hackers and they are related to a squirrel.

    --
    UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
    1. Re:This map is inaccurate by Azure+Flash · · Score: 1, Funny

      -1 Insightful? How does that work?

    2. Re:This map is inaccurate by For+a+Free+Internet · · Score: -1, Troll

      It means TRUTH which is too big for some small minds on Slashdort to HANDLE

      --
      UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
    3. Re:This map is inaccurate by rb12345 · · Score: 2

      Enough previous trolling to get a terrible karma rating (dropping initial scores to -1), plus a 50:50 moderation split between Troll and Insightful, apparently.

    4. Re:This map is inaccurate by Anonymous Coward · · Score: 0

      I am tempted to create an account just to get a -1 Insightful. It seems like quite an achievement.

    5. Re:This map is inaccurate by Caesar+Tjalbo · · Score: 1

      -1 Insightful? How does that work?

      Read "insight fool".

      --
      "I'm not much interested in interoperability. I want substitutability. I want to be able to throw your software out."
  4. HUR DUR by Anonymous Coward · · Score: 1

    outlaw maps!

  5. Should call it by DonJuanTron · · Score: 0

    HerpeMap

  6. It needs a soundtrack by Anonymous Coward · · Score: 0

    N/C

  7. America has far fewer attackers by Todamont · · Score: 0

    We need more attacks orinating from the USA! We're losing! What the hell is Brazil smoking? Get us some of that!

    --
    Kharma is like a boomerang. Mine is broken.
  8. Maybe a few bugs by Dereck1701 · · Score: 3, Interesting

    There might be a few bugs in their mapping app, unless it is so advanced it can track oceangoing vessels. A bunch of hits on the map I am looking at are about 1,000 miles off the coast near Washington DC. I also wonder if they're going to include social attack emails at some point (I believe most reputable Webmail apps include an IP of the sender). I don't know about anyone else but at my workplace I regularly get 5 or more attempts a week to get a virus into my system by pretending to be a FedEx tracking code, or a "contract in danger" message, some of them are even rigged to look like they're from OUR It department. Luckily our spam filter catches most of them but once in a while one slips through.

    1. Re:Maybe a few bugs by Anonymous Coward · · Score: 0

      I have a little trouble parsing "1,000 miles off the coast near Washington, DC". About the same latitude as Washington, DC, perhaps. The SS Bermuda was in that general area recently?

    2. Re:Maybe a few bugs by sbcc · · Score: 2

      The answer about mapping inaccuracies from their blog post:

      Why are there so many attacks and yet so few different attackers (red dots)?

      This is just an issue of precision in geo location lookups. We identify the red dots by their GPS location and many IP addresses map to the same GPS location, even if the corresponding machines are actually not really close to each other. So one single red dot can represent many different attackers.

      As a sidenote, IP geolocation is not 100% accurate, either. In the past we had US systems being mapped to asian countries and similar problems.

    3. Re:Maybe a few bugs by Zedrick · · Score: 1

      Perhaps it's not perfect, but it's quite accurate. At my workplace I see about 10(*) successfull attacks/day (against customers with well-known holes in WP-plugins or Joomla-components), and ther access.log says the same thing as the map.

      I wish my boss could authorise hireing a hitman + planetckets so he could take them out. Or at last have him shoot the machines running the bots.

      * and many many thousand malware-mails that are eaten by amavis on the mailserver before they reach their destination

    4. Re:Maybe a few bugs by Seeteufel · · Score: 1

      It is really a sad state of affairs, so few attacks originating from Africa and the United States. Guess it must be IP-racism.

  9. facepalm by Anonymous Coward · · Score: 0

    cyber attack...

  10. I don't understand, cyber? by Anonymous Coward · · Score: -1

    What does all this have to do with cybersex?

  11. Mapping inaccuracies by Andy+Prough · · Score: 2

    The real problem appears to be that they are laying their data out over iOS6-generated maps.

    1. Re:Mapping inaccuracies by Maxo-Texas · · Score: 1

      hehehe. that's hysterical. wish I had mod points.

      --
      She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
  12. Finally a live background image worth running. ;) by Anonymous Coward · · Score: 0

    I've searched for something that shows some kind of important global activity live, but never found anything good.
    Goldman Sachs trades (including especially the secret ones) and meetings would be a great map, but is obviously never going to happen. (Unless there's some genius cracker out there.)
    But this here is acceptable for now.

  13. where can i sign with them? by ruir · · Score: 1

    Would love to run a honeypot; already visited their own website and didnt find any link for downloading one though.

    1. Re:where can i sign with them? by dominious · · Score: 2
      Click on the big question mark on the top left corner:

      If you are already a member of the Honeynet Project, you can just publish your captures to hpfeeds and they will automatically show up on this map. If you are not a member, you can run your own copy of this map on your own server. Code is on GitHub (LGPL license).

    2. Re:where can i sign with them? by ruir · · Score: 1

      thanks!

  14. Posting IPs of Security Researcher Virtual Machine by lalena · · Score: 1

    The site displays the source and destination IP of each attack. Doesn't this give the attackers the list of IPs of the Security VMs they should avoid? Maybe they change the IPs regularly?