Cyber attacks

There’s a lot of lingo associated with computer hacking culture. Firstly, you have computer hackers, who can be either white hats or black hats. A white hat is an ethical hacker who specializes in ensuring the security of an organization’s information systems. This is in contrast with a black hat, which is a malicious hacker. People have been sent to prison for this kind of activity. The names originate from Western films, where heroic cowboys would traditionally wear white hats and antagonistic cowboys wore black hats.

The expertise of hackers ranges from the amateurish to the skilled. For example, the Legion of Doom was a once-prolific-but-now-defunct hacker group. On the other end of the spectrum, you have script kiddies. This is a pejorative term for an unskilled individual who uses programs developed by others to attack computer systems and deface websites.

An Internet bot is a software application that runs automated tasks over the Internet. Bots perform simple, repetitive tasks at a much higher rate than a human can. They crawl the world wide web, fetching, analysing, and filing information from web servers. More than half of all web traffic is made up of bots. Some bots are good (such as search engine spiders, which are used to index website for the likes of Google), while others are used maliciously (such as interfering in political elections).

A botnet refers to a number of devices, each of which is running one or more bots. Botnets can be used to do things like steal data and grant an attacker access to a system. There are a few infamous botnets. One such example is the Marina Botnet, which consisted of over six million bots pumping out spam emails endlessly. At its peak, Marina Botnet was delivering 92 billion (!) spam emails per day.

The computers under control of a botnet are sometimes called zombies because they have been compromised by a hacker and are being used maliciously, but the owners of the computers are unaware that their system is being used in this way.

We, the High Energy Astrophysics Group at University College Dublin, recently got a new computer which we are using to analyse data from the LOFAR radio telescope. This computer is set up so that we can remotely login to it from anywhere over the internet. Failed login attempts are recorded on the machine. I decided to check out how many times people (or — more accurately — bots) tried to access our computer in the most recent 100 hours.

It turns out that almost 70,000 attempts were made to log on to our computer in that time, which works out to one attempt every five seconds or so, on average. This might seem like a lot but it’s a jungle out there.

I pulled all the IP addresses from these failed attempts and took the data into Microsoft Excel to play around with it. I matched the IP addresses to locations. These 70,000 attempts originated from 190 different places. Login attempts were made from every corner of the globe (such as Botswana and the Seychelles), and literally from A to Z (i.e. from Antigua to Zimbabwe).

The next step was to put these locations on a map to get an idea of the spread. China was the biggest offender, with 58,000 of the 70,000 attempts originating from there, and 44,000 of those were from just two specific locations.


There are a few easy steps that can be taken to block all of these attempts (apart from the usual strong password advice) such as blocking people who fail three times in a row. We’ve put these measures in place and it’s behind a firewall now.

I said that hacking terms like “white hat” and “black hat”, deriving from cowboy movies, are quite apt because online it really is like the wild west and the Internet is impossible to police. Hackers have been known to gain access to anything that has an Internet connection, including the likes of baby monitors and fridges. Things will also only get worse before they get better as we move to the Internet of Things, in which an increasing number of home appliances are integrated with the world wide web.