By: Amit Rechavi, David Maimon and Tamar Berenblum
Cybercrime and hacking have been ubiquitous for the past 30 years and more. Although many studies have explored hacking communities, only a few have investigated hacking networks on the country level. Our study focuses on the global topology of a hacker network at country-level resolution. We have collected data on successful brute-force attacks (BFAs) and system-trespassing incidents (Sessions) on honeypots (HPs). Mapping their IP addresses and countries, we depict a suspected data exchange between the BFA and Session hackers. Based on one million interactions in one month, we have built a network of hackers and hacked data depicting the different roles of countries in the hacking scene. We have examined the network’s topology in light of its speculated purpose. We found that only a few countries lead the hacking activities and are sufficient to serve as the network’s core. Our contribution lies in studying and mapping the dynamics of hacking activity on the country level and in providing insights into the network’s dynamic. Due to the severe consequences of hacking activities, our findings carry both criminological-practical and technological-theoretical implications.