Cyber crime and hacking have become ubiquitous over the past decades. Although many studies have explored hacking communities, only a few have investigated hacking networks on the country and cross-country levels. We collected data on successful brute-force attacks (BFAs) and system-trespassing incidents (Sessions) on honeypots (HPs). Based on one million interactions in one month, we built a network of hackers and hacked data depicting the different roles of countries in the hacking scene. We depicted a suspected data exchange between the BFA and Session hackers and examined the network's topology considering this data transfer. Mapping IP addresses and countries, we found that only a few countries lead the hacking activities and are the network's core. Our contribution lies in studying and mapping the dynamics of hacking activity on the country level and in providing insights into the dynamic of the concealed trading in usernames and passwords. Due to the severe consequences of hacking activities, our findings carry practical implications.
- Network topology