Fear-mongering over identity theft — from stolen credit cards to pilfered bank accounts — is a great way to sell security software.
And few companies have mined the threat prospects better than Symantec, which frequently gets high-profile television exposure whenever a worm or a new phishing scam is unleashed on the Internet. With the backdrop of a situation room that resembles the CTU intel center from TV’s “24” series, Symantec execs have been interviewed on “60 Minutes,” standing in front of monitors that flash with warnings of new viruses and bots. Wait, there’s another one! Incoming from eastern Russia!
So at San Francisco’s recent RSA Internet security conference, which featured speeches from FBI director Robert Mueller and Homeland Security chief Janet Napolitano, you would expect that Symantec would do something interesting to showcase how insidious and destructive these cyber attacks can be. What better venue to promote paranoia?
Sure enough, next to its main booth in the south exhibition hall, Symantec unveiled its Black Market Store, a cleverly conceived iteration of how cyber crooks might peddle people’s identities. There was no company press release about this display, though anyone who took the guided tour, including a few journalists, invariably came away with a sense of shock and awe.
Was there a missed PR opportunity here?
The Symantec trade show team crafted as close to a Disneyland e-ticket ride as you can get in this environment. Even if you knew nothing about cybercrime, you’d leave this place with a sense of dread. I just gotta have the anti-virus, firewall and security software. Isn’t that the idea?
Entering the store with a group of eight people, we were greeted with bins of “stolen” credit cards and shelves of scam software, some that come with “technical support,” explained the guide. There were also bundles of data with bank account numbers, driver’s licenses, Social Security cards, passports and ATM numbers. The fresher the data, the higher the value in the underground market, he said.
But wait — there’s more. The guide flings open the neon lighted door of a soft drink vending machine and – voila – behold a secret room! This is obviously the shadowy lair of cybercriminals, the very heart of darkness.
Indeed, it is dark inside, except for some flickering monitors. The walls are lined with LCD screens, and you just know that malevolence is brewing here. In one corner the guide demonstrates how quickly a phishing scam, using the logo of a reputable bank, can snatch an account number and post it to the black market. On another screen, lines of apparent gibberish – code for new “merchandise” and bidders for it – scroll up continuously. This, explains the guide, is actual video capture obtained a few months ago.
Yet another screen highlights a bot scam, which involves planting malicious code on unsuspecting PCs. Bots lay dormant until the master (called the botherder) commands these machines, like robots, to carry out missions such as denial-of-service attacks and mass spam emailing. Bot programs have fearful names such as “Piranha.”
And to underscore the ease with which cybercrooks can steal your identity, the guide punches a number into a machine about the size of a breadbox and within 30 seconds out pops a new credit card with a magnetic stripe. The bad dudes don’t need your actual card; just the number will do. This machine is similar to those used by hotels to make card keys for guests and is not all that difficult for underworld minions to obtain, said the guide.
On our exit from the Black Market, attendants handed out a mock tabloid newspaper called the BLKMKT News, which provides a glossary of hacker lingo and a list of the most popular web scams. With the front page headline of “A Shadowy Economy Comes to Light,” this is a handy reference in case you forgot anything you heard on the tour.
The entire display was well-executed and provided a compelling, interactive experience even for reasonably tech-savvy visitors.
So why, I asked, didn’t Symantec promote this more heavily? Well, I was told, the display had appeared at a few consumer events, so it wasn’t brand new. Still, some journalists and TV crews managed, largely by happenstance, to discover the booth and develop their own reports, said one booth attendant.
Most of the Symantec PR that came out of RSA involved new product press releases, with the usual language, and interviews with Symantec brass – certainly among the normal activities for a trade show. Companies typically create cheesy dog-and-pony acts to get attention at their booths, and the PR staff seldom considers them worthy enough to hype.
But what struck me about this particular display was that it connected with people on a personal level, with enough realism to make the point of vulnerability. The apprehension of opening an unknown email attachment or doing an online transaction through an obtuse website is a powerful motivator. Maybe it’s even enough to overcome the computer repairmen and magazine writers who routinely advise consumers to skip the expensive software and just download a free anti-virus program.
Perhaps Symantec has such a well-stocked arsenal of reports to scare us witless that its Black Market scenario was seen as little more than a cabaret show in the worldwide theater of evil.
Still, I came away wondering whether one of the best media opportunities at RSA slipped under the radar.
– Ken Castle
