Symantec's Dark Vision mines underground Web sites

Researchers at Symantec have developed a system that mines underground Web sites and chat rooms for sensitive information that is being sold.

Called Dark Vision, the system was first developed in mid-2006 and allows Symantec to "track the underground economy," said Oliver Friedrichs, director of emerging technologies with Symantec Security Response.

Symantec hasn't decided yet when or if it will roll Dark Vision into its product line. "At this point it's really an early prototype," Friedrichs said. "But we see a number of different opportunities, including the potential to warn consumers where we see their information being disclosed."

Identity thieves meet with information-buying criminals on a variety of "carder" Web sites, and then meet up in chat rooms or on Internet Relay Chat (IRC) channels to buy and sell the data.

A credit card number can be bought for as little as $6, Friedrichs said, but other information such as Social Security numbers, addresses, and telephone numbers is also there for the taking. "You can actually buy a complete identity of someone for ... $14 to $18 on average," he said. "They're really dumping a variety of records."

Dark Vision gives security researchers a graphical presentation of the data it has mined from these Web sites and IRC chats, showing exactly where the carder servers are located and what is being discussed.

Because carders exchange the majority of their credit card information in secret -- and for a price -- Dark Vision captures merely a small fraction of the data that has been stolen, generally recording only sample data that is posted in the forums to prove the seller is legitimate.

In its first three months of testing, Dark Vision dug up about 800 stolen credit card numbers, Friedrichs said.

Still, Friedrichs thinks the tool may be useful to credit card issuers or companies that are looking for early hints on the source of data breaches, and could be delivered as part of Symantec's global services organization.

Symantec is not the first company to look into mining this type of information for profit. A small Malibu, Calif., company called CardCops has already gone into a similar line of business, trolling the Internet for compromised data and reporting it to merchants, authorities, and consumers.

Last year the U.S. Department of Justice estimated that identity theft was affecting millions of households each year and costing about $6.4 billion in losses annually