Mapped: What Global Cyberwar Looks Like in Real Time
On Monday, Google rolled out three new initiatives to ensure the openness of the Internet and access to the service — even in the face of government crackdowns on the web. One of those tools is a proxy plug-in — creatively titled uProxy — that uses a peer-to-peer system to create secure Internet connections. By ...
On Monday, Google rolled out three new initiatives to ensure the openness of the Internet and access to the service — even in the face of government crackdowns on the web.
One of those tools is a proxy plug-in — creatively titled uProxy — that uses a peer-to-peer system to create secure Internet connections. By linking a user in, say, China with her trusted friend in the United States, the browser plug-in allows the user in China to access her American friend’s Internet via an encrypted connection that should, in theory, allow her to bypass the Great Firewall.
Another tool, Project Shield, promises to protect human rights organizations and NGOs from so-called DDoS attacks, which take down a website by directing a flood of traffic toward it and overwhelming it or rendering it unusable. DDoS attacks have become the preferred method for knocking out a pesky, unwanted site, and while big sites like Google are able to protect themselves from such attacks, independent groups, including media organizations and election monitors, frequently find themselves unable to fight back when targeted. "If you think about all of the organizations around the world that use a website as their modern-day office — NGOs, businesses, governments — it’s not OK to have this many digital office raids shutting them down," Jared Cohen, the director of Google Ideas, told Time in an interview.
The last project rolled out this week is something called the Digital Attack Map, which is embedded at the top of this post. It’s a fascinating, interactive map that monitors DDoS attacks around the world — an effort Google hopes will raise awareness about the problem. The map, which draws on data collected by the network security firm Arbor Networks, provides a nifty visualization of an issue that’s been in the headlines constantly over the last year or so.
The result is the first real visualization of what cyberwar looks like in real time. So what can we learn from the effort? Here are some incidents that jump out in playing around with the map.
The map below provides a snapshot of Aug. 27, when a portion of Chinese .cn domains were knocked offline. Chinese authorities described the hack as the largest cyberattack in the country’s history without pointing fingers at any particular party, and below you can see where the attacks originated. Attacks whose origin and destination are both known are depicted as an arc between the two countries, with the data traveling from source to victim. Attacks whose origins are unknown but whose victims are clear are depicted as a downward flow into the victim country. As you can see, the attack that took out the .cn domain came from both the United States and the Netherlands (keep in mind: there are several ways for attackers to obscure their location and make it appear as if attacks are originating in different countries).
On June 25, the 63rd anniversary of the start of the Korean War, South Korea was struck by a cyberattack by the DarkSeoul gang, which has been linked to North Korea and is believed to work on its behalf. The attack shut down major media and government websites and represented a high-profile flare-up in ongoing tensions on the Korean Peninsula. That attack is visualized on the map below, and what’s striking is that a targeted attack in South Korea was able to take down a series of prominent websites while using relatively little bandwidth. Measured by bandwidth, the attack on South Korea was smaller than that day’s attacks on the United States by several magnitudes.
Below, the Digital Attack Map visualizes part of a massive six-day attack on the United States, during which, among other things, hackers targeted U.S. banks. It’s notable for the incredible bandwidth used, which was far larger than that in a typical attack.