An Interface for Tracking Botnets That's Fit for a Sci-Fi Starship

The project was commissioned by Microsoft's Digital Crimes Unit, whose investigators are tasked with fighting the internet's bad guys.
quotSpecimen Boxquot is an experimental interface for tracking botnets.
"Specimen Box" is an experimental interface for tracking botnets. Screenshot: WIRED/Source

What do you get when you ask a bunch of digital artists to dream up a state-of-the-art tool for fighting cybercrime? A touchscreen interface, fit for a sci-fi starship, that lets researchers examine botnets in the same way biologists might study their own natural specimens.

The project was commissioned by Microsoft's Digital Crimes Unit, whose investigators are tasked with fighting the internet's bad guys. Earlier this year, it tapped The Office for Creative Research, a multidisciplinary digital design group based in New York, to come up with new ways of looking at one particular threat: botnets, the global networks of infected computers that cyber criminals enlist to do their bidding.

OCR came up with a prototype tool called Specimen Box. It has three different views, with bright, geometric graphics inspired in part by the interfaces of the movie War Games. The main view shows the activity of 15 botnets at a glance. Each is displayed as a sphere, like an organism in a petri dish; dots streaming in represent messages sent from infected computers. With the tool, researchers don't just see the activity but hear it, too: Each botnet has its own unique audio signature, so the soundscape at any given moment reflects the balance of activity across the 15 specimens.

Another view lets researchers examine individual botnets up-close with an interactive, radial interface. Here, too, the tool makes use of sonification. As a playhead sweeps around the circle, the network's historical activity is transformed into a ghostly whooshing sound. As OCR explains: "The density of the data within these plots means that it can be hard for our eyes to detect pattern or interesting anomalies. However, our ears have a much higher temporal resolution, meaning that we’re able to hear things that we may not otherwise notice."

The idea was to approach the botnet data from a "naive" place, says Ian Ardouin-Fumat, an OCR information designer who worked on the project. Microsoft's Digital Crimes Unit is good at what they do, and they have powerful tools for doing it. Specimen Box was developed by people who haven't spent their careers working with those tools, and that, in a sort of counterintuitive way, is part of what makes it valuable. It's not like Specimen Box will all of a sudden have Microsoft's investigators tracking botnets like Tom Cruise in Minority Report. But playing with it might provoke them to ask some new questions.

"I don't know that it's true that our interface would help them find something that they couldn't find using the tools they already had," says Ben Rubin, one of OCR's founders. "It's more that it might help them to look for something that they wouldn't have thought to look for."

And the researchers, for their part, are at least open to that possibility. When it was first commissioned, the piece was intended to be something that gave the public a sense of what the Digital Crimes Unit was working on. As it developed, however, Microsoft's researchers became interested in its potential, and it became more of an expert tool than simply a public-facing visualization. Even in prototype form, it's turned up some interesting findings. After digging into a visual hiccup in the radial view, the designers discovered that for five minutes one day, Microsoft had failed to record any data on a particular botnet whatsoever. The company's researchers had been oblivious to the lapse.

Currently, OCR and the Digital Crimes Unit are talking about the possibility of developing the tool further. But whether or not it becomes part of the cybercops' toolkit, it represents a valuable insight: Our tools shape what we do, and sometimes, we're so close to those tools that it's hard for us to imagine how they might be different, or how they might be made better. Maybe outsiders can help bring that perspective.