All right, hands up if you clicked on the link and spent five minutes making PEWPEW PEWPEW noises in sync with the animated cyberattacks before coming back here to comment.
posted by Strange Interlude at 5:13 PM on June 30, 2014 [10 favorites]

So, per the article, most of these attacks are from zombie computers. This alone is enough to explain the fact that so many of the attacks come from China: people in China are using older versions, most Chinese computer users are still running XP. I would hazard that most of these attacks are nothing more than auto-propagation behavior from the same old Windows vulnerabilities that have made up a significant percentage of network traffic for a long time now.

Not to say that we can rule out the presence of stuxnet type code coming from China and targeting computers in the US, but we also haven't seen anything like that yet.
posted by idiopath at 5:24 PM on June 30, 2014 [1 favorite]

This alone is enough to explain the fact that so many of the attacks come from China: people in China are using older versions, most Chinese computer users are still running XP.

The US seemed to be the origin of 3 times as many attacks as China when I looked at it.
posted by His thoughts were red thoughts at 5:38 PM on June 30, 2014

Utah is the site of an NSA datacenter. Just saying.
posted by Talez at 5:44 PM on June 30, 2014 [7 favorites]

What is in Kirkland that is so important? That was getting a battering while I was watching.
posted by Brockles at 5:45 PM on June 30, 2014

What is in Kirkland that is so important?

Kirkland WA? There is a Google office there (not sure if it's significant), and Microsoft is a few blocks away too.
posted by anonymisc at 5:57 PM on June 30, 2014

The US seemed to be the origin of 3 times as many attacks as China when I looked at it.

It changes pretty dramatically over shortish timescales. I watched for about five minutes during which the US seemed steadily in the lead for about three and then its total was suddenly doubled by Vietnam and shortly thereafter that total was doubled by France. What remained consistent, though, was that the US was far and away #1 as target nation.

I have no idea how representative any of that was, though. And jeez, it really is a unnervingly like a real time map of all out global missile warfare.
posted by yoink at 6:09 PM on June 30, 2014

What is in Kirkland that is so important?

Costco?
posted by Eekacat at 7:15 PM on June 30, 2014 [7 favorites]

This is more fun than the World Cup. But I'm not sure who is winning.

The security companies.
posted by mrjohnmuller at 7:26 PM on June 30, 2014 [2 favorites]

Chinese cyberattacks are highly damaging to both the U.S. economy and national security. China is currently developing a new plane that is modeled after stolen plans for the U.S.' F-35 fifth-generation plane.

Business Insider's source for the F-35 accusation is the far right Center for American Freedom's "Washington Free Beacon". The reality, as reported by the Defense Science Board and other somewhat more reputable sources, appears to be murkier (or at least classified):

In its confidential report for the Pentagon and industry officials -- first revealed by The Washington Post -- the DSB claims that blueprints and data pertaining to two dozen weapons systems -- including U.S. missile defenses and combat aircraft and ships -- were accessed by Chinese hackers. The report, by the mixed civilian/government board, which advises government and corporate policy makers, does not suggest necessarily the Chinese have stolen complete designs.

And, of course, no mention at all of the much more clearly demonstrable damage the NSA is doing to the economy and the US' standing in the world.
posted by ryanshepard at 7:29 PM on June 30, 2014 [6 favorites]

Saw an attack from Beltsville to the Ukraine.
posted by empath at 7:42 PM on June 30, 2014

This, btw, is perfect for all those extra projection screens in the NOC you have absolutely no use for. It'll make upper management think you're doing something important.
posted by empath at 7:46 PM on June 30, 2014 [7 favorites]

What is in Kirkland that is so important?


Obviously Walmart going after Costco in some hot Gibson-esque zaibatsu on zaibatsu action.
posted by ActingTheGoat at 8:52 PM on June 30, 2014 [4 favorites]

I could type a few words into my console right now and make any of these targets light up real good. "CANADA CYBER HACKS US. CANADIAN TERRORISTS CYBER WAGING SECRET CYBER WARZZZ????" would be the headline for some silly person looking too deeply at this map. But it would have zero impact and wouldn't mean anything except that I was bored.

Basically this is just an ad for a security company.
posted by tracert at 9:00 PM on June 30, 2014

Here's a video of a DDoS claiming to show a recent attack on Facebook. I doubt the claim (does Facebook even have a farm in St. Louis, and would they be operating honey pots there?), but it sure is something, and it looks pretty cool.

Also, I can't let the choice of the Mercator projection go without comment. I mean, are they even tracking Greenland?
posted by WCWedin at 9:17 PM on June 30, 2014 [2 favorites]

Oh man I feel really bad for the USA people all of the sudden. It's like they're totally getting picked on in Barren Realms Elite.
posted by Theta States at 9:47 PM on June 30, 2014

If a tree falls in the forest the Norse server gets hacked, will it show up on the map?
posted by Gyan at 2:31 AM on July 1, 2014

Does anyone have any idea how this actually works?
posted by mbrock at 2:32 AM on July 1, 2014

There's a gang up of computers in Nanjing and Beijing against some location in St. Louis this morning.

And, as if a somewhat non sequitur response, a brief fusillade from Adobe offices in San Jose aimed at Beijing.
posted by ardgedee at 2:56 AM on July 1, 2014

> Does anyone have any idea how this actually works?

The page has an info box (i in the upper right). Looks like Norse is monitoring traffic through particular gateways for data packets with signatures of known attacks. This map reports on the origin and destination of those packets, their service and port number (eg, http is usually 8080, 8081..., BlackICE is an IBM security product, etc.)

This seems to be a very lightweight portrait of hostile conduct on the internet, actually. I would imagine any single Google or Amazon datacenter receives more than this.

And HOLY CRAP does the rest of the world have it in for some location in St. Louis right now.

Incidentally, GoDaddy's IT staff really has be more responsible about their office systems.
posted by ardgedee at 3:11 AM on July 1, 2014

What is in Kirkland that is so important? That was getting a battering while I was watching

Microsoft has offices straddling there, nintendo, microsoft games, and tons of smaller software/game dev shops. Hell there's intel satellite offices, and plenty of other big companies like that. I think even t-mobile has a big office over there.

The line between bellevue and kirkland is really blurry too. I mean it's easy to find on a map, but if you're actually down there on the ground it's sort of "who the fuck knows". And it's not really as simple as "one is on one side of the freeway, one is on the other". Complicated by the fact that some corporate campuses span the freeway, and just how many damn tech companies there are over there. And of course that the whole area is just a mishmash of awful, regrettable 70s/80s architecture and terrible housing developments intermixed with the offices.(one of the nicer, newer microsoft compounds is directly across from falling apart 70s two floor apartments in a massive sprawling development complete with cracked parking lots and murky swimming pools)

There's tons of little nameless offices too, with offices in crappy one floor complexes renting colo space nearby(or probably now, just amazon AWS, but still).

I spent a summer in high school doing nothing but building cubicles in one set of depressing offices for a new company opening, and tearing them down in another next-door where the company had sunk. Sort of gave me some perspective on how much of a churning hive the whole place was.
posted by emptythought at 3:44 AM on July 1, 2014 [1 favorite]

I think Skynet just woke up. Seattle and St. Louis suddenly became very, very, very orange.

Also, Tokyo hit Lichtenstein. Twice. What did Lichtenstein ever do to Tokyo?
posted by Spatch at 3:45 AM on July 1, 2014

I just watched Seattle get PUMMELED.

And wth is up with Dannemora, NY?
posted by louche mustachio at 3:56 AM on July 1, 2014

I wonder how many of these cyber attacks are just scheduled vulnerability scans. If that were the case, then this would be some genius level crypto marketing.
posted by oceanjesse at 4:33 AM on July 1, 2014 [2 favorites]

They could make the whole thing up, really. Have a table of known attack locations, plus some "usual suspects" in China, Russia and Ukraine. Have another table of likely targets, based on known and suspected data farm, government, financial and big-data server locations, and randomly generate attack behavior from one against the other, attackers weighted by usual-suspectitude and targets weighted by likely-victimhood. Salt with ringers and random IPs for variety and verisimilitude. It's probably less work than doing the real thing.

I suspect it's real, at least in a superficial way, just by giving them the benefit of the doubt that they're actually doing what their business is based on, which is monitoring darknets for threat behavior.
posted by ardgedee at 5:16 AM on July 1, 2014

I am riding the gleaming obsidian shark at the centre of my Kuang Grade Mark Eleven program straight into Norse's servers as we speak. I shall tell you what I find on the other side.
posted by longbaugh at 6:45 AM on July 1, 2014

For what it's worth, ardgedee, they've shown attacks like the recent facebook mega-DDoS before any blogs or news sites posted about them or anyone outside of facebook really knew they were going on. It kinda spread through social media with "woah look at what's going down on the map on this site", then people figured out what was actually in that location and why facebook was down.

So it's monitoring something. I feel like it might be monitoring in a pretty abstract superficial way as you saix, but it is actually linked up with reality.
posted by emptythought at 12:28 PM on July 1, 2014

Scottsdale really, really, really hates Santa Ana.
posted by Spatch at 12:33 PM on July 1, 2014

I'm not sure why the attacks on St. Louis specifically, but we're home to a nearby Air Force Base that handles logistics for all of the DOD. We're also home to Monsanto, which surely must have some IP worth stealing. We also have major airline stuff here (Boeing). A Federal Reserve Bank. MEPS (the military's personnel database, in essence). Or maybe the Chinese just want the secret formula for Budweiser (God knows why).
posted by readyfreddy at 1:29 AM on July 2, 2014