Bots troll hacker forums to discover data breaches

When talking about bots, the first thing that comes to mind is often a bad one – i.e. how cyber crooks misuse the technology to bilk Internet users out of information or money. But, there is a firm out there that uses bots to fight the “good fight”.

Texas-based CSIdentity has managed to develop software that can mimic the speech patterns of cyber crooks, allowing the company to simultaneously engage a great number of hackers looking to sell stolen information on online forums, chat rooms, blogs, websites and torrent sources.

As is customary for this type of transaction, the crook usually offers a sample of the wares he’s selling to prove that it’s good, and that is the information that the firm is after.

The software collects this proffered information and sends it to the company’s team of human investigators to analyze and figure out from where the information was stolen and to whom it belongs.

The bots are quite adept at posing as cyber criminals or people involved in the trade of stolen information. The company has analyzed thoroughly how these people interact online, and the specific lingo is recreated by the bots.

Of course, the technology is not foolproof – hackers are aware that such bots exist and try to trick them into revealing their nature or simply sidetrack them with tactics such as asking everyone in a chatroom to leave/log out and meet again in another room.

One of the reasons why the bots are able to pass off as humans in many cases is the fact that hackers come from all over the world and for most of them are not native English speakers, reports SFGate. So, “broken” English and weirdly constructed sentences are not that uncommon.

Also, if everything else fails and the bot does not understand what is asked of it by the hacker, it makes a last-ditch effort and simply drops swear words, which are de rigueur in this type of environment.

CSIdentity earns money from the companies and organizations that have signed up for its services, and the main goal for retaining those services is the ability to quickly discover that their systems have been compromised and its information extracted.

Among CSIdentity’s customers are also identity theft protection companies such as TrustedID. “Very often we are able to notify our customers that something is wrong before their bank does”, shares its CEO.

Unfortunately, the bots are unable to help law enforcement investigators involved in more complex sting operations aimed at well-organized cyber criminals usually coming from Eastern Europe and Russia. The bots should be able to be taught the language, but the appropriateness of their reactions is simply not to be trusted when it comes to such delicate operations.

And so CSIdentity is left with offering their services to mostly private organizations and businesses. But, with the proliferation data breach incidents, I believe they are assured of making a buck for a long while yet.




Share this