Drive your data further:
Visualizing a VOIP security attack
Through our support of the Honeynet Project, we recently attempted a new approach to visualizing attacks on their VOIP honeypots.
With the increase in popularity of VOIP telephony, attacks are becoming more prevalent. The compromise of a VOIP system can cost the victim over $100,000 in real cash. For example, an Australian based company suffered $120,000 in toll fraud as a result of a VOIP compromise - read the full story here.
The video is intended to be a high level (if not stylized) visualization of the early stages of a cyber criminal compromising a VOIP system.
See the 640 wide standard definition version
See the 900 wide high definition version (please be patient while loading)
Credit to gltail, a ruby based tool to which we fed heavily modified logfiles, and Johann Pachelbel for his Canon.
Mouse movement study
Here are the broad constraints of the data gathering exercise.
This concept can be stretched further to study highly repetitive task-orientated computing environments. Examples include Call centres and data entry environments where slight improvements in application design and usage patterns can produce significant gains in production, not to mention support higher levels of user engagement.
Slides from various conferences - Data visualization and VOIP security
Over the last month, we delivered presentations on the following topics:
- Examples of data visualization of security datasets
- The Honeynet Project
- VOIP security and honeypot deployments and attack results
- VOIP attacker/defender demonstrations
The conferences are summarised below, and since the slide decks are somewhat similar, a summary set of slides has been prepared and can be downloaded here.
Spring update 2010
It's been very exciting and busy 6 months at dataviz Australia, here are some of the projects we've been working on since our last update.
In summary: As predicted, the demand for meaningful and engaging ways of creating business intelligence from masssive complex data sets is getting stronger. At the same time, we are finding the demand for security and cybercrime consulting is also healthy. We have projects that involve pure security consulting, and some that involve data visualisation in other fields (eg Finance Sector). Happily we also have some projects that call for both skillsets.
Trojan pong, and other Shadowserver ideas
This small experimental project was done for the Shadowserver Foundation. They are a volunteer, Not for Profit organization who deal in the capture, analysis and dissemination of data and intelligence relating to nefarious activity on the internet. Shadowserver provided us with one day worth of data (which was several gigabytes) for us to apply some known techniques, and experiment with some new ones.
The idea of this project
was simply to
provide some ideas as to ways to represent their massive datasets
visually. There's lot of work to go, however here are few early ideas.
My favourite is a light-hearted time series visualization in the theme
of an old
favourite arcade game originally released in 1972 "Pong".
Forensic Challenge - VOIP systems
As part of my
contribution to the Honeynet Project, we have released
the forth instalment in the "Forensic challenge" series. This challenge
is focused in the world of VOIP telephony, which is a burgeoning area
and one that is unfortunately often neglected when it comes to security
treatment, and in particular in the study of the threat/incident
environment. I've been studying the threat environment for over 18
months, working closely with the Norwegian chapter - you can read about
some of this work in my honeynet blog.
The "VOIP forensic
challenge" consists of real world attack data, and
poses some technical and reflective questions which challenge
participants to piece together the clues, and discover some hidden
attributes of the attacks. Participants will learn much about VOIP
along the way, and as a result they will be better armed to mitigate
the risk of attacks to VOIP systems.
For the first time, we
have translated the challenge into Chinese -
both Traditional and Simplified versions. This will make the challenge
accessible to an additional billion people. We are very excited about
this, and are hoping for unprecedented participation. In designing the
challenge, we formed a team with members from Norway, Hong Kong, China,
Taiwan, Singapore, France and the US. I'm continually impressed by the
collaborative global environment that exsists at the Honeynet project.
If you are in a position
to advertise the challenge to students or
security teams - please feel free to do so. Remember the goal is to
participate, enjoy and learn!
After our first month
Our first month has been extremely busy and quite productive.
In particular, we've been working on two new and interesting projects. One being a consultancy in the cybercrime field for the Federal Attorney General's "CERT Australia", and the other being an innovative data visualization project involving a recent high profile incident. While this work cannot be shown publicly, if you have a need to know, and come from a Law enforcement or other appropriate security agency, please contact us to discuss.
We continue to receive
interesting from several parties, particularly in the Finance and IT
sectors. In relation to data visualization, in the months ahead we hope
to develop our exposure into the sales and marketing space, where
clearly data visualization can provide a great deal of environmental
intelligence to decision makers.
After our first week
We've spent much of our
first week taking feedback from
supporters, which has been overwhelming. Interest in the initiative has
been very encouraging, and so far this week we've had the following
Open for business today!
We are proud to announce
that we are open for business
Copyright dataviz Australia 2010