Called Dark Vision, the application is actually a mash-up comprising components of Google Maps and various Symantec products. It presents users with a dual-paned interface: one side contains a list of active IRC chat servers being monitored, and the other shows a global map with markers showing the locations of selected servers.
During a recent demonstration of the technology, Oliver Friedrichs, director of emerging technologies at Cupertino, Calif.-based Symantec's security response group, clicked on a link for a random chat server and brought up a live log of the activity on the server.
IRC servers are the digital equivalent of Hanoi's backstreets and bars during the Vietnam War; anything contraband is available for the right price. Identity thieves can log in to secret servers and issue various commands to check the limits of stolen credit cards, obtain the all-important CCV numbers or find buyers looking for bulk card numbers. Spammers are equally ubiquitous on IRC, buying and selling compromised machines for use in the botnets that now send much of the world's spam.
Security researchers and law enforcement agencies for years have known of the existence of this underground economy, and in rare cases have themselves used IRC to
As Friedrichs scrolled through the chat log on one IRC server, he pointed out one user checking the limits on several hundred credit card numbers. Another user is looking for valid customer logins for a large U.S. bank; he had several replies within a minute or two.
Dark Vision also allows Friedrichs and his team to keep tabs on botnets. He says they see an average of about 800 active botnets on any given day. Asked whether Symantec has shown Dark Vision to law enforcement agencies or banks, Friedrichs hesitated.
"No, we haven't," he said. "Right now this is still a research project. The next step would be to provide notifications to banks and consumers."
When, or whether, that will happen is still uncertain. Friedrichs is not even sure whether the Dark Vision technology will find its way into one of Symantec's products anytime soon. Although he suggested that it might be a nice fit with the company's anti-fraud service.