IPViking map: Cybercrime hunting just got real(-time)
2 min read
30 June 2014
US security company Norse have built IPViking, a real-time intelligence data delivery platform.
More specifically, it’s a map that shows you where cyber attacks are coming from around the globe.
Unsurprisingly, IPViking has been likened with 1983 movie WarGames starring Matthew Broderick and Introversion’s classic game called Defcon. It’s true, the map is simply astonishing to behold – and slightly unnerving – when activity starts happening.
This is the next generation of “hacker hunting”, and it has everything to do with following “bad traffic”.
In a Digital Trends interview, CTO Tommy Stiansen explained that they “try to see as much of the dark side of the Internet as possible.” This includes everything from IRC leaf nodes and proxy services such as TOR, which is the kind of infrastructure that underground hackers use.
“Every second, Norse collects and analyses live threat intelligence from darknets in hundreds of locations in over 40 countries,” explains the company. “The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks.”
He goes on to say that Norse has multiple agents scanning the Net, and among them, thousand of honeypot traps waiting to lure in hackers.
“We have a very large honeypot, where we have, at any given time, over 5m emulations towards the Internet,” states Stiansen. “Meaning we emulate over 5m users, severs, infrastructures on the Internet. We mimic a bank. We put in place honeypots to mimic Microsoft Exchange servers, Linux systems, ATMs. We try to mimic as much as we can of the infrastructure online to make it look attractive to be attacked.”
Here’s an example: