Real time hacking happening globally

[William Gaatjes]

http://www.engadget.com/2014/06/24/live-hacking-map/

Want to feel anxious about your internet connection? The security firm Norse is more than happy to oblige. It's running a live hacking map that shows the attacks against a worldwide honeypot (that is, purposefully vulnerable) network as they happen. While this isn't representative of the full internet, it does act like a microcosm to some degree -- the bulk of attacks originate from China or the US, while Americans almost always serve as the punching bag. You'll even see large-scale (and surprisingly pretty-looking) assaults if you tune in at the right time.

Website :
http://map.ipviking.com/

 

[darkewaffle]

It does look neat when a bunch of 'beams' originate from one point all at once lol.

 

[Phoenix86]

Very cool.

 

[02ranger]

That's pretty cool. How do the hackers find the targets that they set up?

 

[CPA]

Holy crap! that is scary.

BTW, what's in San Leandro, California that's getting so many attacks?

 

[seepy83]

BTW, what's in San Leandro, California that's getting so many attacks?

One of Norse's Honeypot systems. This map is only showing attacks against their Honeypots.

 

[SunnyD]

Funny how next to no activity is showing up for Russia. I totally believe that. 🙄

 

[William Gaatjes]

There is a honeypot under attack in Holland, but there is also an attack originating from Holland targeted at the US. :|

 

[William Gaatjes]

Funny how next to no activity is showing up for Russia. I totally believe that. 🙄

I guess they are already aware of the Norse honeypots ?


EDIT:
But when hovering the mouse over dots in Russia, attacks are happening.

 

[William Gaatjes]

I was wondering what crazynet was. Seems to be a backdoor trojan... 🙁

 

[Markbnj]

That is awesome. It's like watching global Missile Command. We need to fight back and start launching some shit at the Chinese and those bastards on that little island off Africa.

 

[William Gaatjes]

That is awesome. It's like watching global Missile Command. We need to fight back and start launching some shit at the Chinese and those bastards on that little island off Africa.

I looked it up. I think it is Säo Tomé.

When i looked for a picture my virus scanner blocked the website :
www_point_ saotome.st 😀

I added text to the hyperlink to prevent accidental clicking. I do not know why that website is marked as dangerous.

 

[William Gaatjes]

What i find strange, is that the hotspot lies below Ghana in the Norse global map. But Säo Tomé lies more close to the coast of Gabon. Or the Norse map has an error, or it is perhaps a boat or a drill rig.

 

[SunnyD]

I looked it up. I think it is Säo Tomé.

When i looked for a picture my virus scanner blocked the website :
www_point_ saotome.st 😀

I added text to the hyperlink to prevent accidental clicking. I do not know why that website is marked as dangerous.

What i find strange, is that the hotspot lies below Ghana in the Norse global map. But Säo Tomé lies more close to the coast of Gabon. Or the Norse map has an error, or it is perhaps a boat or a drill rig.

If you check them, those dots are where most of the MIL/GOV attacks are pointed. It's doubtful that NORSE can actually geolocate those particular MIL/GOV servers, so they put them right in the middle of the map.

That was one of the first things I noticed too when I was checking the map out, and it didn't take long for me to figure out.

 

[KlokWyze]

Do pings count as an "attack"?

 

[William Gaatjes]

If you check them, those dots are where most of the MIL/GOV attacks are pointed. It's doubtful that NORSE can actually geolocate those particular MIL/GOV servers, so they put them right in the middle of the map.

That was one of the first things I noticed too when I was checking the map out, and it didn't take long for me to figure out.

I see. What are MIL/GOV servers exactly ? Military servers ?

 

[Homerboy]

Its fun to let it run for a while in a non-focused browser tab (like while I type this).
Then when you flip back to that tab it "launches" everything at once.

BOOM!

 

[SunnyD]

I see. What are MIL/GOV servers exactly ? Military servers ?

Probably. Various military and/or "government agency" targets. Think NSA, CIA, FBI, DHS, etc.

 

[seepy83]

Do pings count as an "attack"?

Not for what's being reported on with that tool. They identify the Service and Port that's being attacked. None of the is ICMP/Ping traffic.

 

[William Gaatjes]

Ok.

That is embarrassing...
I noticed one of the attackers is an IP address from Microsoft corp in Beverly Hills. I think the ip was : 157.22.39.223.

Merck & Co as originating location for an attack, also passes by often.

 

[CPA]

One of Norse's Honeypot systems. This map is only showing attacks against their Honeypots.

Okay. So what's a "honeypot"? 😕

 

[Phoenix86]

Ok.

That is embarrassing...
I noticed one of the attackers is an IP address from Microsoft corp in Beverly Hills. I think the ip was : 157.22.39.223.

Merck & Co as originating location for an attack, also passes by often.

I'd expect to see traffic from MS, but Merck?!

 

[William Gaatjes]

Okay. So what's a "honeypot"? 😕

It is a computer setup to function as a target for attacks. These attacks are logged and the information is used to identify the attacker, what kind of attack and how often.


In wiki :
http://en.wikipedia.org/wiki/Honeypot_(computing)

In computer terminology, a honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. This is similar to the police baiting a criminal and then conducting undercover surveillance.

 

[Phoenix86]

Okay. So what's a "honeypot"? 😕

It's a server, typically setup in an insecure manner, then monitored.

 

[shortylickens]

I just got a security warning popup from that site.....



:hmm: