The movie shown below shows a real cyber attack on a honeypot VOIP server extension. Now, it is one thing is to look at some amazing meaningful moving imagery, it is another is to fully comprehend it.
So here we go... The imagery shown is based on real data from a real attack. The 'balls' on the right represent some hacker attempting to crack a VOIP server. The balls on the left represent the server's response to the attack. The balls crash into each other and fight it out in the middle of the battlefield. The good balls do better, in this case. Although the attack is relentless and fast-paced, the volume of data from this one attack on a single IP/port (here UDP 5060 for SIP sessions) is really a drop in the ocean in terms of the wider internet. The visualization is created via a Ruby-based tool called "gltail", which is specifically designed to visualize Apache web server logs in real-time.
With highly automated and blindingly fast scripting tools, crooks scan the internet looking for these VOIP servers. When found, the tool cracks the passwords on the extensions. Calls can then be made using these passwords. Victims only notice something is wrong when the next phone bill arrives, so there is a 1-2 month window in which the cracked address can be sold and used for illegitimate international calls.