A company called CSIdentity is hoping to outsmart hackers in their own territory with its artificial intelligence software that poses as a hacker – or “chatbot.” When a hacker attempts to offload stolen data like credit card numbers, e-mail logins or social security numbers, he’ll often offer dozens for free to prove they’re real. When he gives this information to the robot informant, the informant notifies CSIdentity.
The company then sells the data to banks, cybersecurity companies and anyone else with a stake in quickly discovering which businesses, accounts and/or credit cards have been compromised.
“Very often we are able to notify our customers that something is wrong before their bank” does, said Scott Mitic, chief executive officer of TrustedID, an identity-theft protection company that buys CSIdentity’s data.
CSIdenity says the chatbots were designed by a 10-person analyst team that found patterns in the dialog in hacker chat rooms. A newly abducted credit card number is called “fresh.” A “fullz” is a credit card record that includes personal data, as well as the card number and three-digit security code.
Although the bots don’t work well during sensitive undercover stings in members-only hacker forums run by organized crime rings, CSIdentity says they’re generally working well. During a week in August, they uncovered 419,000 new records up for sale, the company claims. The data consisted primarily of e-mail account logins and passwords, as well as 15,000 credit card numbers and 168 Social Security numbers.
“This happens every single day,” Joe Ross, the company’s president, told Bloomberg. “The scary thing is this is just the tip of the iceberg.”