Watching hackers work in real time

Authour: Jeremy Aronson

Cyber attacks are now an everyday occurrence in the corporate world. To provide a closer look at how cyber criminals stage their attacks, the BBC asked a cyber security firm to set up an experiment using the latest computer security technology to track the activities of cyber criminals in real time and judge the calibre and scale of these attacks.


A group of servers were set up that were available online for approximately 170 hours. The servers were given real public IP addresses and other information that identified them and made their presence known online. Servers were configured to resemble legitimate servers, with each one capable of accepting webpage requests and securing networking and file transfers. The configuration was very elementary, giving the servers the ability to provide a response to queries about basic protocols and network services.


The team then watched and waited, ready to map any cyber attacks that might occur.


71 minutes later...

It only took around 71 minutes before the first visits occurred by automated attack tools, which scanned the servers for weaknesses they could use to penetrate the servers. Once the bots found the servers, they subjected them to a “constant” attack.


Even though the servers were only capable of providing limited responses, the bots that cyber-criminals often use to locate potential targets launched a full-scale attack just as if the servers had been machines responsible for large-scale business operations.


Many of the code vulnerabilities and other weaknesses that the bots searched for had been known to computer security firms for months or even years. However, many companies had not been able to keep their servers up to date with the security patches needed to prevent the attackers from gaining access to their servers.


During BBC’s experiment, they recorded the following statistics:

  • 37% of the attack bots tried to find weaknesses in web apps or used common admin passwords in attempts to access the servers

  • 29% tried to compromise user accounts by using brute force methods that tried common passwords

  • 17% of the attack tools used were scrapers that attempted to gather any web content they located

  • 10% looked for bugs in web apps that the servers might have been using

  • 7% looked for loopholes in the servers’ operating system software

The pattern found was typical for the bots the cyber criminals were using and that his firm had seen similar techniques used before. 


It took 21 hours before the first malware-laced phishing email hit the inbox of one of the fake employees. After that, a steady trickle of emails tried to entice people to click on malicious attachments.


Approximately 15% of phishing attacks contained a link to a malicious website that would launch a cyber attack to infect the visitor’s PC. The remaining 85% of the emails contained malicious attachments, including booby-trapped Adobe PDFs, Microsoft Office documents and executable files.

Article from




Sold Out