From Russia With Bots: Finding The Source Of Cyber Attacks

While media and government source continue to allude to China as the biggest source of cyber attacks hitting innocent servers on the Internet, recent evidence instead suggests it's actually the Russian Federation that's king of the cyber attack mountain.

The evidence comes from German telecommunications giant Deutsche Telekom (DT), which has set up a new portal to monitor real-time cyber attacks against its network. According to the data on the sicherheitstacho.eu (loosely translated as "security tachometer") site, Russia was responsible for 2.4 million attacks against DT last month.

The People's Republic of China, the current bugaboo of security mavens, ranked 12th on the same list, its 168,000 attacks coming in far behind nations like Germany, Ukraine and the United States. Curiously, it was Taiwan that held the number two slot, with 907,000 tracked cyber attacks, seemingly dispelling the notion that it's the Commies out to get Western corporate interests.

Security Whack-a-Mole

The monitored attacks are not actually hurting DT - at least, not directly. The incoming volleys are instead hitting a network of 97 sensored machines deliberately designed to be tempting targets on the Internet, a concept known as honeypots. According to DT, these honeypots are built to "feign weaknesses to provoke attacks and as such act as early warning systems."

"Our honeypot systems show that once attackers have identified weaknesses, they exploit them immediately," said Thomas Kremer, Board Member responsible for Data Privacy, Legal Affairs and Compliance in a statement to the press.

"If, for example, a provider announces an update for its operating system, attackers launch themselves at the old system to find the gap that the update is intended to close." Kremer said. "For this reason, customers should install updates immediately - this successfully prevents 90 percent of attacks. Apart from up-to-date virus protection, that is the most important security precaution for all IT users."

The honeypots are programmed to mimic a wide variety of Internet-facing systems, such as servers, desktops and even vulnerable smartphones.

Hardening Against 24/7 Attacks

The security tachometer site itself is definitely an eye-opener, even in DT's soothing trademark pink tones (DT is the parent company of U.S. carrier T-Mobile). According to the information provided by DT, most of the attacks are in the form of automated bots, which probe a potentially weak system for holes. If a human hacker wants to come back later and investigate further, they may, or the bot may simply call in other bots to further infiltrate the system.

Security experts won't find this map much of a surprise, since it's long been known that Russia remains a big source of cyber trouble - far more, in sheer numbers, than China. Of course, this map could be interpreted as contrarian evidence, too: perhaps the bot handlers in the other countries recognize the DT honeypots for what they are and have moved on to real targets. Or perhaps the targets presented simply aren't interesting.

Whatever the explanation, Deutsche Telekom's security tachometer makes it clear that the Internet is far from safe, and vulnerabilities on any platform - from any source - can be discovered at any moment.

Image courtesy of Deutsche Telekom.