When we think about where hackers come from, China is probably the first country that comes to mind — for good reason too. Russia’s maybe next in line. But a controlled experiment by cyber security researchers shows that the vast majority of attacks actually come from a very familiar place: the United States.
Bloomberg News reporter Jordan Robertson teamed up with Greg Martin, the founder of a Google Ventures-backed security startup, to gain a deeper understanding about the source of attacks on critical infrastructure. These assaults on power grids, water systems, and other public utilities are the types of attacks the nation’s leaders are most afraid of, so it makes total sense that we’d want to gain a deeper understanding of where they’re coming from. That is to say: The call is coming from inside the house.
The experiment was simple. Robertson and Martin set up a decoy machine — also known as a honey pot — that looked like an attractive industrial control machine. They made it look like the fake control systems were located around the world in the US, the UK, the Netherlands, Brazil, Japan and Singapore. Robertson is careful to point out that a portion of the attacks would likely came from bots, some of which could have been set up in different countries where the attackers were based. And then they left it alone for three months.
In the course of those three months, the honey pot was attacked over 6000 times by computers located in the US. Indeed, the number two source of attacks was China with over 3500 attacks, and Russia was number three with over 2500. The fact remains that US-based attacks equalled or exceeded its two greatest cyber adversaries combined. Just look at Bloomberg’s chart:
Why all of these hackers were hacking is a bit of a mystery, but Martin the security expert thinks a lot of it is military-related. “It’s not unlikely that some probes are from security companies and academia, but the dataset is large and diverse enough that it probably includes a large amount of military organisations, if not all of them (proxied or not),” Martin explained. Martin also argues that the majority of the attacks were likely reconnaissance efforts launched within the country’s border. (Sounds like something the NSA would do, huh?)
So do you feel safer now that you know the United States is home to the world’s most aggressive hackers? You really shouldn’t. The simple fact that many attacks originate from the US probably means that other countries are trying to retaliate with attacks of their own. And we were already a huge target. [Bloomberg]
Pictures: Shutterstock, Bloomberg