http://map.norsecorp.com/v1/

Cool. Looks like Missouri was taking an awful lot of the attacks. Mainly St Louis and Kirksville.

There is one spot in central US that seems to be a major target. I wonder what that is???

What is in St Louis?

What is in St Louis?

An arch

There is one spot in central US that seems to be a major target. I wonder what that is???

Looking at that map and comparing it to another, it looks like it's hitting around St Louis, Springfield (IL), and Indianapolis.

What is this about?
Ole Jack

What is this about?
Ole Jack

http://www.norse-corp.com/ offers proactive security solutions, based on our global "dark intelligence" platform, to defend against today's advanced threats. Your looking at a real time map of cyber attacks computer's trying to "hack" into other computers and steal data or leave a "spy" program behind.

http://www.digitaltrends.com/web/next-generation-hacker-hunting-ip-viking-norse-corp/


The next generation of hacker hunting will happen in real time

The phone rings. Through sleep-blurred eyes, you see that the alarm clock reads 2:37 a.m. Grasping, you reach the noisy thing on the dark bedside table. An 800-number glows on the screen. You answer, confused and appropriately peeved.

“Uh, hello?” you say.

“Hello, this is AT&T calling. We are sorry to bother you at this hour, sir, but our system shows that your computer is currently being used in a cyber attack on the Internal Revenue Service. We are informing you that your home (http://www.digitaltrends.com/home/) will be disconnected from the Internet entirely until the issue has been resolved. Thank you. Goodbye.”

We may all be getting calls similar to this one in the near future thanks to a cybersecurity company called Norse Corporation (http://www.norse-corp.com/), which has created a new way to combat cyber attacks: It’s called IP Viking (http://ipviking.com/), the world’s first cyber risk intelligence system that is able to monitor cyber attacks as they happen, in real time, anywhere on the planet – and then stop them within minutes.

How IP Viking works

At the heart of IP Viking lies thousands of monitoring “agents” that collect live Internet traffic data – about 19 terabytes of it each day.

“Our agent system is distributed worldwide. We have thousands of Internet points. We actually have infrastructure on every single … Internet exchange point in the country,” said Tommy Stiansen, Norse’s chief technology officer, during a phone interview. “We basically try to see as much of the dark side of the Internet as we possibly can.”

This “dark side of the Internet” includes everything from general Web traffic, to peer-to-peer networks, to IRC networks, to TOR.

It is through its agents that Norse is able to keep a keen eye on what’s happening around the Net. Among these agents are thousands of “honeypots,” traps set by Norse in an attempt to lure in hackers or, more frequently, automated tools that attack computer networks, and build botnets, which harness the power of otherwise innocent computers – like the one you’re on right now – to do various forms of digital dirty work. These honeypots include everything from servers to SEO-targeted links for hacking-related content.

“We have a very large honeypot, where we have, at any given time, over 5 million emulations towards the Internet,” said Stiansen. “Meaning we emulate over 5 million users, severs, infrastructures on the Internet. We mimic a bank. We put in place honeypots to mimic Microsoft Exchange servers, Linux systems, ATMs. We try to mimic as much as we can of the infrastructure online to make it look attractive to be attacked.”

It is through these honeypots, or “mousetraps,” that Norse is able to dupe hackers or malicious computer tools into revealing information about themselves, like IP addresses, which Norse can then use to keep track of their activities. Once IP Viking has pinpointed some “unethical traffic,” as Stiansen calls it, the system is able to see which systems are being attacked or have been hit with malware that recruits these systems into botnets, which are then used to carry out other attacks.

During an hour-long live demo of IP Viking, I witnesses real-time attacks on, or originating from, the systems of some of the biggest entities in the United States, including Microsoft and Cisco, banks, libraries, universities, and even the U.S. Department of Defense.

The video above is a “heat map” representation of the data collected by IP Viking.

While watching, keep in mind that these are real cyber attacks, not simulations. The red dots represent cyber attacks. The yellow dots are Norse’s honeypots. The streaming text field below shows city, country, and exact coordinates of where an attack is originating from, as well as which Norse system is being attacked, and the IP address(es) of the attacker. Stiansen says that the name of the hacker organization that is carrying out an attack will also be included soon.

What IP Viking means for you

This information, along with some 1,500 other factors, are then used to assign each IP address collected by IP Viking with what Norse calls an “IPQ,” a zero-to-100 rating system that denotes the threat levels of individual IP addresses. The factors include things like the “context of the interaction we had with the IP address,” says Stiansen, who owns the IP address, geographical location, how often an IP address is used, and many more. Companies who purchase Norse’s products will then be able to gauge the threat level of each and every IP address that attempts to connect to their systems.

This, in turn, means that if your IP address scores a high IPQ, you might be denied access to a website or online service armed with IP Viking.