Hackers have proven they can crack just about any computer network, from Sony’s to Citigroup’s. Afterward, they face another challenge: unloading the virtual booty. They often take stolen credit-card numbers, online banking credentials, e-mail logins, and Social Security numbers to a sprawling network of underground chat rooms and invitation-only forums, where such data are bought and sold. Law enforcement investigators hoping to catch the crooks lurk there as well, but with hacking incidents on the rise, the problem is far too big to police by traditional means.
Enter the robot informant. A security firm in Austin, Tex., CSIdentity has created artificial-intelligence software capable of posing as a hacker and engaging ne’er-do-wells in the underground forums. Its goal is to solicit stolen data—a hacker hoping to fence 1,000 credit-card numbers will offer dozens for free to prove they’re real—and send them back to flesh-and-blood investigators. CSIdentity sells the data it collects to banks, cybersecurity companies, and others who have a stake in quickly discovering which businesses, accounts, and credit cards have been compromised. “Very often we are able to notify our customers that something is wrong before their bank” does, says Scott Mitic, chief executive officer of TrustedID, an identity-theft protection company which purchases CSIdentity’s data.