Symantec exhibit makes cybercrime tangible

In a highly visual, hands-on display at RSA, the security firm shows tools and methods used for cybercrime and identity fraud.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

March 4, 2010 3:52 p.m. PT

2 min read

Symantec's Black Market exhibit features a storefront showing the tools of the cybercrime trade. James Martin/CNET

SAN FRANCISCO--For many people, the concepts of botnets, software exploits, and underground marketplaces are fairly abstract. To solve that problem, Symantec has created a Black Market exhibit that attempts to make these virtual ideas more tangible.

The security company gave tours of its Black Market at the RSA security conference here this week.

"We really wanted to create a sensory experience so that everyone would realize that cybercrime is happening to us all the time. We tried to portray the view that you are being scammed and defrauded $20 at a time," Rhonda Shantz, vice president of consumer brand marketing at Symantec said on Thursday. "We want the public to see what the threats look like and how professional these cybercriminals really are."

With all the different types of personal information cybercriminals have at their disposal, they can practically create dossiers on individuals, the Symantec exhibit shows. James Martin/CNET

The tour starts off with a fake storefront showing representations of the different types of personal information that criminals are after, featuring racks of passports, Social Security cards, and other forms of identification. One wall has shelves of packages of tools that criminals use, including keyloggers and fake antivirus software. Barrels of documents representing e-mail lists and bank statements are meant to illustrate how criminals buy and sell data in bulk.

The next room is the Threat Factory, where Symantec tour guides show visitors what the criminals do with the tools they use. Work stations are set up with screens that criminals use in attacks. On one screen, the viewer sees an interface that shows that the criminal is controlling thousands of botnets, with the number rising in real-time and statistics on the performance of the network of compromised computers that are "phoning home" for instructions.

Another screen shows a real-time discussion on IRC (Internet Relay Chat) where thieves who have harvested the consumer data are quoting prices to potential buyers.

There is also a credit card cloning area where visitors can see first-hand how to put a stranger's credit card information into a card sporting someone else's name.

Symantec is beefing up its cybercrime awareness efforts. It has hired Adam Palmer, former prosecutor at the Department of Defense, to be lead security specialist in global computer crime. He will work with government and industry on increasing consumer awareness, as well as on legislative and policy matters, said Rowan Trollope, senior vice president of consumer products and marketing at Symantec.

The company also is working on a way to measure cybercrime and its effects in order to show, for instance, whether the average computer user is safer or less safe than he or she was a year ago, according to Trollope.

"I believe the situation is getting worse with cybercrime," he said.

This is a live screen shot of cybercriminals using IRC to buy and sell stolen credit card data. The communications of the sellers are displayed in blue and the buyers in white. James Martin/CNET

In this video, a Symantec researcher uses the Black Market exhibit to explain how phishing works: