The Essential Risk of Facebook ThreatExchange
Security | Mar 4, 2015
Hmm... As a long-time member of the profession being targeted by this initiative, I immediately see a number of red flags. For starters, I think we can all agree that nobody's going to share real intelligence on a real hack without being guaranteed some privacy or, ideally, full anonymity.
But the big problem is that anonymity is a two-way street. It's well-known that intelligence and military units around the world specialize in the tactical sharing of disinformation. And we already have a high degree of insecurity about people being who they say they are on the internet, and about who's really wearing a black hat and who's wearing a gray one within the information security world.
My Questions about ThreatExchange
So with Facebook ThreatExchange, I may applaud the mission, but I have to ask, who vets the membership? How are their identities validated? What's the definition of success in a venture such as this? Who's to say that a member of the board hasn't run into financial troubles, taken up illicit activities, and that his or her focus hasn't changed from helping the community to profiting from it? Expert communities, including ours, tend to hear the most noise from the least experienced members and, on the whole, internet technical groups can tend to generate more heat than light on important issues.
In fact, I do think that we, as security specialists, ought to share threat intelligence. I am pro-information-sharing. However, the idea of sharing my risks and concerns with an anonymous group of internet techies just doesn't fly. What I have seen work well over the past decade is to trade tips and methodologies within a trusted community of people in face-to-face settings, such as local or regional ISSA (Information Systems Security Association) meetings. In a thoroughly digital world with threat actors like nation-states and organized crime groups, we have to continue to flex the old saw, "Trust no one."
Comments? How are you collaborating with your peers on threat intel? We welcome discussion in the section below, whether on this topic or one you'd like to see covered here in the blog.