Symantec is working on Dark Vision, an application for visualizing and tracking the underground economy that trades in personal data, such as credit card and social security numbers. "We are looking into their clubhouse," said Mark Bregman, CTO of Symantec. "It's the 'safe spot' where they exchange illegally gotten information."
The company first talked about Dark Vision in September 2006, but it is still in pre-alpha stage, according to Oliver Friedrichs, director of emerging technologies in Symantec Security Response.
The mashup currently drills down into five to ten servers daily where criminals are exchanging information via IRC on stolen data. About half of the activity tracked, and shown in a Google Map mashup, is in the U.S. Unfortunately, the identity thieves constantly move to different servers in this cat and mouse game,making it difficult to get a comprehensive view into the underground economy.
A message captured by Dark Vision showed included name, birthday, credit card, social security number, home address (Dark Vision truncates credit card and SSI number in the display). Another message read, "Selling hacked cpanels, payment only e-gold, I verify first."
The messages are teasers and then they try to sell entire database, such as from a breached database or lost or stolen laptop" Friedrichs said. A complete identity can be acquired for $14 to $18 on average.Symantec hasn't decided what to do with Dark Vision, and given the slow development cycle it doesn't appear to be a high priority.
Friedrichs emphasized the Dark Vision is a research project. Getting enough data to make the service reputable isn't a sure thing, he said. Legal issues are also a problem in productizing Dark Vision, "It's like spyware five years ago. The technology is ahead of policy and regulation. It's an area where we need to innovate but the law has yet to catch up in these areas," Friedrichs said.
Law enforcement agencies might also be developing similar tracking applications. Symantec makes its massive database of Internet activity available to law enforcement . "We found that law enforcement is mostly reactive. We make it available to agencies when they ask to mine our data sets," Bregman said.
It could become a part of Symantec's Global Intelligence Network, said Greg Hughes, group president of Symantec Global Services. "It allows analysts to see patterns, to get a better understanding of what is going on.
It would be great as a free service to affected parties, but more likely the information service would be sold to financial institutions and consumers; for example, banks could be notified if one of their credit cards has been compromised, and the bank in turn could alert credit card holders.