Slashdot Mirror

← Back to Stories (view on slashdot.org)

Real-Time Cyber-Attack Map

Posted by timothy on from the get-to-the-next-phone-booth dept.

First time accepted submitter anavictoriasaavedra writes "In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."

8 of 36 comments (clear)

  1. who will get the most use out of this? by hguorbray · · Score: 5, Insightful

    the crackers will probably use this to test their bots and make even better bots and malware...

    seems to be the way of the world

    -I'm just sayin'

    1. Re:who will get the most use out of this? by alphatel · · Score: 2

      Okay that's fine, but why do all the hackers seem to live in Aachen (DE)?

      --
      When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    2. Re:who will get the most use out of this? by Baloroth · · Score: 3, Insightful

      The honeypot only seems to recognize worms that are already recognized by AV software. All the bot makers would have to do is test it against AV software themselves, either directly or through a scanning-upload site (or even just by checksum, as the map does). It just gives researchers more of an idea of where and with what people are infected (looks like mostly variants of Conficker from the spot checks I did). Bot makers already have all the resources this gives to test their malware against. Might serve as an e-peen boost for them to see how common their malware is, but I doubt it will serve much beyond that.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  2. Maybe a few bugs by Dereck1701 · · Score: 3, Interesting

    There might be a few bugs in their mapping app, unless it is so advanced it can track oceangoing vessels. A bunch of hits on the map I am looking at are about 1,000 miles off the coast near Washington DC. I also wonder if they're going to include social attack emails at some point (I believe most reputable Webmail apps include an IP of the sender). I don't know about anyone else but at my workplace I regularly get 5 or more attempts a week to get a virus into my system by pretending to be a FedEx tracking code, or a "contract in danger" message, some of them are even rigged to look like they're from OUR It department. Luckily our spam filter catches most of them but once in a while one slips through.

    1. Re:Maybe a few bugs by sbcc · · Score: 2

      The answer about mapping inaccuracies from their blog post:

      Why are there so many attacks and yet so few different attackers (red dots)?

      This is just an issue of precision in geo location lookups. We identify the red dots by their GPS location and many IP addresses map to the same GPS location, even if the corresponding machines are actually not really close to each other. So one single red dot can represent many different attackers.

      As a sidenote, IP geolocation is not 100% accurate, either. In the past we had US systems being mapped to asian countries and similar problems.

  3. Re:This map is inaccurate by rb12345 · · Score: 2

    Enough previous trolling to get a terrible karma rating (dropping initial scores to -1), plus a 50:50 moderation split between Troll and Insightful, apparently.

  4. Mapping inaccuracies by Andy+Prough · · Score: 2

    The real problem appears to be that they are laying their data out over iOS6-generated maps.

  5. Re:where can i sign with them? by dominious · · Score: 2
    Click on the big question mark on the top left corner:

    If you are already a member of the Honeynet Project, you can just publish your captures to hpfeeds and they will automatically show up on this map. If you are not a member, you can run your own copy of this map on your own server. Code is on GitHub (LGPL license).