Cyber security is the will likely remain one of the most in demand services, with more and more valuable information and goods being stored on computing devices. Now, the Honeynet project from the IT Security Research Group is attempting to visual the real and rather scary obstacles facing those who want to keep their data secure.
In a constantly updating site, the Honeynet Project attempts to report worldwide attacks on computers and servers as they happen. Through a set of sensors across the world, the project recognizes and reports attacks. Often, according to the site, these are merely untargeted attacks—that is, they are operated by a computer infected with a malicious program or a “hijacked server system.” The fascinating, ever-active world-wide map displays red dots wherever an attack occurs that their sensors pick up. And, as you can see, the attacks are constant.
Honeynet has an FAQ with more information for those curious exactly what these threats mean, what they entail, and how they are monitored.
Is the data representative?
Kind of. Historically, this kind of visualization would be skewed by the sensor location but with newer attack code (e.g., Conficker) this is not true anymore as the attack target selection is randomized. This means that a country’s chance of getting attacked by those randomized spread techniques only depends on the number of potential target IP addresses in that country. Consequently, red dots roughly depict reality when it comes to attacker location (regarding the type of attack which we capture). Also, our hpfeeds back-end is still young and not all sensors are connected to it. We have more sensors around the world than currently visible on the map.
Countries with many red dots are evil, right?
No. Many red dots means there are many machines which are attacking our honeypots. This does not imply that those countries are “very active in the cyberwar” (which we actually read in some news articles about our map). For all we know, this just means that those countries run many old unpatched Windows XP boxes which are infected with worms. No harm intended (probably).
Why are there so many attacks and yet so few different attackers (red dots)?
This is just an issue of precision in geo location lookups. We identify the red dots by their GPS location and many IP addresses map to the same GPS location, even if the corresponding machines are actually not really close to each other. So one single red dot can represent many different attackers.
As a sidenote, IP geolocation is not 100% accurate, either. In the past we had US systems being mapped to asian countries and similar problems.
Even with its problems, the site provides a fascinating look at the ever-expanding cyber-attacks. On the goals or purpose of the map, the creators said simply: “There was no real ‘goal’ or ‘project,’ we just wanted to create something which looks nice and which uses ‘new’ technologies.” Nevertheless, it is an important reminder to back up your data in a secure space and FINALLY upgrade from Windows XP.