The next generation of hacker hunting will happen in real time

Norse Corp IP Viking

The phone rings. Through sleep-blurred eyes, you see that the alarm clock reads 2:37 a.m. Grasping, you reach the noisy thing on the dark bedside table. An 800-number glows on the screen. You answer, confused and appropriately peeved.

“Uh, hello?” you say.

“Hello, this is AT&T calling. We are sorry to bother you at this hour, sir, but our system shows that your computer is currently being used in a cyber attack on the Internal Revenue Service. We are informing you that your home will be disconnected from the Internet entirely until the issue has been resolved. Thank you. Goodbye.”

We may all be getting calls similar to this one in the near future thanks to a cybersecurity company called Norse Corporation, which has created a new way to combat cyber attacks: It’s called IP Viking, the world’s first cyber risk intelligence system that is able to monitor cyber attacks as they happen, in real time, anywhere on the planet – and then stop them within minutes.

How IP Viking works

At the heart of IP Viking lies thousands of monitoring “agents” that collect live Internet traffic data – about 19 terabytes of it each day.

“Our agent system is distributed worldwide. We have thousands of Internet points. We actually have infrastructure on every single … Internet exchange point in the country,” said Tommy Stiansen, Norse’s chief technology officer, during a phone interview. “We basically try to see as much of the dark side of the Internet as we possibly can.”

This “dark side of the Internet” includes everything from general Web traffic, to peer-to-peer networks, to IRC networks, to TOR.

IP Viking

It is through its agents that Norse is able to keep a keen eye on what’s happening around the Net. Among these agents are thousands of “honeypots,” traps set by Norse in an attempt to lure in hackers or, more frequently, automated tools that attack computer networks, and build botnets, which harness the power of otherwise innocent computers – like the one you’re on right now – to do various forms of digital dirty work. These honeypots include everything from servers to SEO-targeted links for hacking-related content.

“We have a very large honeypot, where we have, at any given time, over 5 million emulations towards the Internet,” said Stiansen. “Meaning we emulate over 5 million users, severs, infrastructures on the Internet. We mimic a bank. We put in place honeypots to mimic Microsoft Exchange servers, Linux systems, ATMs. We try to mimic as much as we can of the infrastructure online to make it look attractive to be attacked.”

It is through these honeypots, or “mousetraps,” that Norse is able to dupe hackers or malicious computer tools into revealing information about themselves, like IP addresses, which Norse can then use to keep track of their activities. Once IP Viking has pinpointed some “unethical traffic,” as Stiansen calls it, the system is able to see which systems are being attacked or have been hit with malware that recruits these systems into botnets, which are then used to carry out other attacks.

During an hour-long live demo of IP Viking, I witnesses real-time attacks on, or originating from, the systems of some of the biggest entities in the United States, including Microsoft and Cisco, banks, libraries, universities, and even the U.S. Department of Defense.

The video above is a “heat map” representation of the data collected by IP Viking. While watching, keep in mind that these are real cyber attacks, not simulations. The red dots represent cyber attacks. The yellow dots are Norse’s honeypots. The streaming text field below shows city, country, and exact coordinates of where an attack is originating from, as well as which Norse system is being attacked, and the IP address(es) of the attacker. Stiansen says that the name of the hacker organization that is carrying out an attack will also be included soon.

What IP Viking means for you

This information, along with some 1,500 other factors, are then used to assign each IP address collected by IP Viking with what Norse calls an “IPQ,” a zero-to-100 rating system that denotes the threat levels of individual IP addresses. The factors include things like the “context of the interaction we had with the IP address,” says Stiansen, who owns the IP address, geographical location, how often an IP address is used, and many more. Companies who purchase Norse’s products will then be able to gauge the threat level of each and every IP address that attempts to connect to their systems. This, in turn, means that if your IP address scores a high IPQ, you might be denied access to a website or online service armed with IP Viking.

In addition to alerting companies to real-time cyber attacks, Norse’s system will also allow Internet service providers or other Norse clients to alert individuals when their computers have been wrapped into a botnet, or are otherwise part of a cyber attack. (Thus, the phone call from AT&T.) This is especially important, says Norse marketing director Beau Roberts, because a large number of innocent Web users, small businesses, and larger corporations are ignorantly helping hackers carry out massive cyber attacks.

“There’s a significant percent of users of the Internet today that are part of a botnet but don’t know it,” says Roberts. “And we intend on helping bring that number way down.”

While IP Viking only launched a few weeks ago, Roberts says they plan to use the cyber attack data gathered through the system to recruit new clients. Norse also plans to partner with other cybersecurity companies to help further bolster the Internet’s defenses. And even bloggers will soon be able to get in on the live cyber attack fun with a WordPress plugin that’s due to launch in the coming weeks.

Lead image via Konstantin Yolshin/Shutterstock

Correction: The original version of this article incorrectly stated that a low IPQ score could prevent access to websites.


Get some bang for your buck with these Nintendo Switch console deals at Walmart

Black Friday and Cyber Monday are in the past, but you can still get some bang for your buck on game consoles before the holiday season is done. Walmart has various Nintendo Switch bundles on sale right now.

Today’s best Amazon deals: Garmin, Sony, and Bose

Black Friday and Cyber Monday may be over, but for retail giants like Amazon, the savings are only getting started. We've scoured the depths of Amazon to find you the very best deals going on right now.

Cook your holiday meals with this $60 Instant Pot, on sale today only

Instant Pots were a huge hit for Black Friday and Cyber Monday with prices reaching as low as $60, but you haven't missed your chance at a great deal. Amazon is slashing the price on the Instant Pot Ultra with a $60 discount for today…
Smart Home

Google Store sale is on now through December 24!

Black Friday and Cyber Monday 2018 may be history, but fans of Google hardware including the popular Google Home Hub, Pixel 3 and 3XL mobile phones still have lots of deals in store -- the Google Store, that is.

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.

Google Translate updated to reduce gender bias in its translations

Google is changing how Google Translate offers translations. Previously when you entered a word like doctor, Translate would offer a masculine interpretation of the word. Now, Translate will offer both masculine and feminine versions.

Encryption-busting law passed in Australia may have global privacy implications

Controversial laws have been passed in Australia which oblige tech companies to allow the police to access encrypted messages, undermining the privacy of encryption with potentially global effects.

Can Microsoft’s Airband Initiative close broadband gap for 25M Americans?

A new report from the Federal Communications Commission (FCC) says that 25 million Americans do not have access to broadband internet. Of these, more than 19 million are living in rural communities. Can Microsoft help out?

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.
Social Media

‘YouTube Rewind 2018’ is about to become its most disliked video ever

YouTube is about to achieve a record it really doesn't want — that of "most-disliked video." Yes, its annual recap of featuring popular YouTubers has gone down really badly this year.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

5G: Why everything is about to change

Curious about the many ways 5G will change and enrich your life? Here’s our guide to all things 5G.