April 2, 2014 | 4 Comments

Digital Attack Map (Google Ideas)

From the curators: DDoS (Distributed Denial of Service) attacks are not a new phenomenon, with the first being recorded in the late 1990s. DDoS attacks are online invasions that infect a network of machines, resulting in a surge of activity from them to a target website, server, machine, or network resource, subsequently causing their mark to buckle under the pressure. DDoS attacks are perpetrated against multinational corporations, political administrations, and individuals, often causing heavy personal and financial losses. Google Ideas, Google’s Big Picture Team, and security experts Arbor Networks, Inc., teamed up to create the Digital Attack Map, one way to visualize—in real time—these elusive attacks being carried out across the globe. This interactive map documents the daily acts of DDoS cyberwarfare using data from Arbor Networks, Inc., customers who have agreed to share anonymous network traffic and attack statistics. This process of data visualization allows us to understand trends and patterns over time. The controversial nature of these online threats is perhaps more difficult to parse. Are we witnessing anti-capitalist hacktivism? State-sponsored terrorism? Corporate espionage? In our post–Edward Snowden reality, there are no ready answers for where the real “violence” in our online communications and actions lies.

The early era of the Internet was all glowing green text-only VT100 console displays in computer labs on XTerms, connected over dial-up modems, UUCP, and Usenet; a smaller set of people, mostly engineers and academics using, as well as designing, its protocols; playing MUDs or arguing over newsgroup hierarchies; unbounded and breathless enthusiasm for the possibilities of the future, for humanity; delight and wonder imagined and experienced in this once-safe space, before trolls, “clueless” users, spam, viruses, and hacks invaded.

Clearly, so much has changed.

Today, large swaths of the population are plugged into the Net, and it encompasses every sphere of human activity in all of its component parts: trite and tiring work; entertainment, business, and money making; informal and formal education; love, romance, and pornography; wily protest and civic endeavors; crime, intrigue, and conflict. Despite these transformations, and barring small moments of breakdown or annoyance, most of its users, at least those with decent access, still experience the Internet as smooth and frictionless. They are blissfully unaware of its knotted and turbulent underworlds, or the worlds from which it grew.

But technologists, like the system administrators who tend to the software and hardware that make this world come alive, work around the clock to contain the fires, mishaps, breakdowns, and conflicts that constantly bedevil the Internet. A computer, upon connection, is immediately at risk. The wilds of the Internet are constantly bombarding a system, either erroneously, maliciously, or experimentally. The deluge of problems, an exhaustive list that cannot possibly be enumerated, includes everything from spam, software compromises, and malware to denial of service attacks. The last of these now lands regularly in the news, thanks in part to its prolific use as a protest tactic. No longer simply residing in the realm of technical expertise, it has become a topic of careful contemplation and heated debate. Early Internet denizens are awed when they hear news reports of DDoS. For them, it is worlds colliding: not long ago they lived in a futuristic bubble, where the mere prospect of explaining e-mail, even, was dismissed as an impossible endeavor.

If the DDoS has percolated into public consciousness, it has done so in fits and bursts, carried by purposive attacks meant to send a political message, or those of incidentally massive scale. Many are unaware of the event’s omnipresence—multiple attacks are happening at this very instant. Yet, like so many conflicts online, while it may be a constant, its existence has remained submerged, impossible for the public to see, gauge, or even sense. There is no photograph of a DDoS to tweet, no place for a witness to stand to view the phenomenon first hand, no object to hold up to the light and examine.

The Digital Attack Map swoops in to fill this void, rendering the invisible and arcane into the visible and legible. Its most important achievement is the simple fact of revealing presence. It shows not only that DDoS attacks are ongoing but also where they are happening and to what intensity. You can see the entire globe in one frame and watch the geyser of activity, represented through so many streams of candy colored bubbles.

The difficult task of showcasing a world’s worth of complicated information in a visually beautiful, streamlined, and uncluttered presentation is stunningly accomplished but necessarily limited. The data animating the map is massive, yet partial. The map can only offer glimpses into what is happening and can never reveal the motivating question of why different attacks happen. The source is almost always hidden, through misdirection and cloaking. Still, in the face of necessary incompleteness, this object’s design shrewdly intervenes to offer more than a simple representation of the technical data on which the map is built, nudging it into the messy realm of social life. The map connects us to news reports that offer scraps of clues as to motivation and source.

The patterns and flows might reveal broad geopolitical realities. At this point in time, Africa is rarely the target destination for DDoS attacks. A net positive, one might think—until considering that this happy state of affairs is predicated on digital desolation, an entrenched artifact of colonial underdevelopment. Russia, North America, much of Western Europe, and China, on the other hand, are constantly assailed. We can observe that geopolitical power is a magnet for conflict.

We can see also, nearly every day, an attack or two that demands individual scrutiny. In mid-March Peru was one of the lone South American nations on the receiving end of DDoS. Might it be in retaliation for the government’s crackdown against nude streakers in Machu Pichu? Or is it something far more invisible? A war between drug lords over failed shipments, a political effort to stifle speech, or simply some misconfigured technology going haywire, attempting to access a server ad infinitum, until some human takes note and makes it stop.

The map provides no answers to these questions. But the fact that it prompts us to even ask them at all makes this design compelling. Even if it cannot fully capture the architectonics and emotional valences the DDoS carries into our world, it allows us to see the Internet on slightly different terms, to grasp its dynamism, see its supports and imagine it as contested. To get at its infrastructure, and the labor required to maintain it, carries us a step away from the false idols of immateriality that have plagued Internet studies for so long. The attack map places the Internet squarely into a plane of its lived messy and conflicting actualities.


Are DDoS attacks the most violent online threat, or is there something even more threatening out there?

  1. April 27, 2014, 12:42 am

    Tom Holt

    Associate Professor

    The attack map is an excellent demonstration of how to visualize complex, big data to understand cybercrime on a global scale. DDoS attacks may not, however, be the greatest act of violence occurring on-line today. Some of the first groups to engage in this sort of attack, like the Electronic Disturbance Theater (EDT) in the 90s, argued that this constituted a form of non-violent protest. In essence, they compared denial of service attacks to blocking the staircases or doors of a building and refusing individuals access without destroying or damaging services. Certainly the economic harm that results from long term DDoS attacks against financial institutions and government resources are real and substantial, but the loss of actual information or damage to systems is hard to quantify relative to attacks like Cryptolocker or Stuxnet (though an extreme example). The authors are absolutely correct that we need to understand the motivation of attackers as well. Since DDoS attacks have become easy to scale through botnets and other stand alone attack platforms like the Low Orbit Ion Cannon, low skill hackers (or script kiddies) and interested citizens may see this as a way to express their opinion about a person, a business, or a government. In addition, the capabilities of hackers and attackers varies by the access to technology and infrastructure within their nation. Thus, nations like Peru which have a very small hacker community may see DDoS attacks as a mechanism to gain notoriety in the short term, while developing greater sophistication over the long term. Regardless, the attack map is an excellent way to help document the scope of attacks around the world.

  2. May 26, 2015, 8:37 pm

    […] Stuxnet, a lens on the virus that initially targeted Iran’s nuclear program, and Google’s Digital Attack Map, a design that seeks to bring insight into a digital weapon that works both for and against free […]

  3. December 29, 2015, 6:06 am

    gratis sex

    your weblog is very useful to me! i will thank you u very much for sharing the interesting info!

    your blog was very useful for me. i will thnx you very much for posting the awesome information.

  4. October 14, 2016, 12:09 pm

    […] a protest weapon. The works we included in our online survey responded to this shape shifting: Google’s Digital Attack Map, for instance, charts distributed denial-of-service (DDoS) attacks across the world; James […]