Just where are the world's hackers located?

China, Russia, and now from within the U.S. are the most common locations for hackers, depending on who you listen to.

103014 hackers lead image
Achim Hering, via Wikimedia Commons

Here’s a question I was asked recently by an IT buddy: where do hackers live? Where are they from?

Well, new studies and reports have been bubbling up over the last month or so, and although I don’t have a definitive answer, I can take a stab at answering his question.


Rumors have persisted for years that countries with good education systems but poor job prospects have been the ones that generated hackers. The kids are taught well about computers and the like, but when it comes time to enter the job market, there isn't any work, so they use their skills messing with computers and end up hacking.

Nick Farrell, writing for IDG Connect earlier this year, says Bulgarians at the turn of the century used hacking to vent frustration at corrupt governments that had "ruined their lives" after the fall of communism. The kids tested their skills against foreign governments and others.

Farrell ties this in to Internet bandwidth costs falling, piracy, and, when piracy began to be clamped down upon, organized crime groups that moved in.

Notable Bulgarian hacks, for example, have been related to identity theft rings. Shadowcrew was one such ring that used the Internet to hijack email and swap stolen credit card numbers. It was busted in 2004.

The Russians did it

Fast forward to today, and two reports in the last month have attempted to determine where hackers are coming from right now.

Sam Jones in the Financial Times newspaper cites a security outfit called FireEye, who says Russian state-backed spies are coordinating attacks against political and military targets, including NATO, the European Commission, and other governments.

The group, called ATP28, has been attacking for two years, employing social engineering, phishing, and false domain attacks, according to Jones.

FireEye has in the past reported China’s ATP1 group as a prolific hacker. In May 2014, the U.S. government filed criminal charges against five Chinese military officers who were allegedly hacking U.S. companies.

The Americans did it

The second recent report worth a mention here is maybe the more surprising of the two. It cites an experiment by researchers that reckons most attacks come from within the U.S.

Bloomberg reporter Jordan Robertson and a security startup called ThreatStream set up industrial control computers as decoy honeypot traps to lure hackers.

Robertson says industrial controls are the current in-vogue target for hackers. Industrial controls operate power grids and water utility gear over the Internet, among other things.

The majority of attacks, the sting found, came from within the U.S., with China coming in second and Russia third.

The bogus controls were probed or attacked more than 6,000 times from within the U.S. over a three-month period.

One caveat is that hackers often route themselves through infected bots, thus disguising their real location. Robertson, though, lists a slew of reasons explaining why his numbers are in the ball park.

The Netherlands and France

The Netherlands and France also showed up. ThreatStream chief Greg Martin said in the article that this isn’t surprising, "because they are home to well-known hacking efforts, both commercial and state-sponsored."

Taiwan, Germany, and Indonesia rounded out the list.


Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022