Two years ago, a malware—as in “malicious software”—campaign began spreading on Facebook, linking to spam and engaging in other nefarious activities. The nasty Microsoft Windows-based code aimed to hijack social accounts and to propagate along social connections to friends and followers on other social networks. For a service built upon social ties, that’s a big problem.
So Facebook’s security team reached out to peers—Pinterest, Tumblr, Yahoo—to share data. “Together we were able to squash it pretty effectively,” says Mark Hammell, threat infrastructure team manager in Facebook’s security division. But that also got them thinking. “We needed a better way for sharing to happen because the way we were sharing was not going to scale.”
A year earlier in 2012, Facebook had already begun developing a proprietary security system called ThreatData—”a framework for importing information about badness on the Internet in arbitrary formats, storing it efficiently, and making it accessible for both real-time defensive systems and long-term analysis.” In other words, the social giant built a standardized system for internally sharing, storing, accessing and analyzing threats. Why not open it up to others?
Hammell’s team began putting together a set of APIs—application programming interfaces; think of them as an instruction set for an app to access the information in a system—and privacy controls to allow security analysts to use the ThreatData system as the basis for a social platform for sharing tips. With it, researchers could pass bad URLs and domains back and forth and generally keep up to date about the latest digital menaces. On Wednesday, Facebook formally introduced the platform: ThreatExchange.
Initially, Facebook is partnering with other social networks, since they’re being targeted with similar attacks. So far, these include Pinterest, Tumblr, Yahoo, and Twitter; Bitly and Dropbox are on deck as “initial partners.” Though Hammell says he would like to see it grow and evolve, for now ThreatExchange is not accessible to the public.
One of Facebook’s big selling points for startups in acquisition deals is its formidable security. In essence: Focus on the product, we’ll take care of the spam. (Last year, Kevin Systrom, co-founder and CEO of Instagram, Facebook’s first billion-dollar buy, cited that as one of the major benefits of joining the Facebook ecosystem in an interview with the author for Coins2Day‘s 40 Under 40 list. He ranked eighth.) Hammell does not believe opening up ThreatExchange weakens that proposal; in fact, he believes it strengthens it.
“By giving this platform away for folks to share this type of information doesn’t really give away our secret sauce, it gives everyone a good baseline of what the attack ecosystem looks like and how that impacts their business,” Hammell says. “We’re giving everyone a way to collaborate and effectively keep track of, discuss and disrupt attacks as they happen.”
Facebook’s method seems to stand in stark contrast to Google’s approach, which has caught some flack in recent months for finding vulnerabilities, setting a deadline when they’ll go public and announcing them whether or not the flaw has been patched. (Microsoft, for one, has been grumbling about this.)
Tougher anti-spam systems are no doubt a boon to most denizens of the digital world.”People that work on cyber understand that sharing is important,” Hammell says. “As one of us gets stronger, so do the rest of us.”
