By browsing this site, you are agreeing to our cookie policy. More Information

The Essential Risk of Facebook ThreatExchange

Security | Mar 4, 2015

Duran Holycross
Last month Facebook announced a new social network called ThreatExchange, which, according to the International Business Times, "is designed to help cybersecurity experts protect Internet users from malicious software and security vulnerabilities by allowing them to alert each other quickly about evolving threats." Saying that companies who participate can do so selectively to ensure that they don't "accidentally divulge private information," Facebook wants to make it "easier for an organization that may want to share data that needs to be handled with extra sensitivity."

Hmm... As a long-time member of the profession being targeted by this initiative, I immediately see a number of red flags. For starters, I think we can all agree that nobody's going to share real intelligence on a real hack without being guaranteed some privacy or, ideally, full anonymity.

But the big problem is that anonymity is a two-way street. It's well-known that intelligence and military units around the world specialize in the tactical sharing of disinformation. And we already have a high degree of insecurity about people being who they say they are on the internet, and about who's really wearing a black hat and who's wearing a gray one within the information security world.

My Questions about ThreatExchange

So with Facebook ThreatExchange, I may applaud the mission, but I have to ask, who vets the membership? How are their identities validated? What's the definition of success in a venture such as this? Who's to say that a member of the board hasn't run into financial troubles, taken up illicit activities, and that his or her focus hasn't changed from helping the community to profiting from it? Expert communities, including ours, tend to hear the most noise from the least experienced members and, on the whole, internet technical groups can tend to generate more heat than light on important issues.

In fact, I do think that we, as security specialists, ought to share threat intelligence. I am pro-information-sharing. However, the idea of sharing my risks and concerns with an anonymous group of internet techies just doesn't fly. What I have seen work well over the past decade is to trade tips and methodologies within a trusted community of people in face-to-face settings, such as local or regional ISSA (Information Systems Security Association) meetings. In a thoroughly digital world with threat actors like nation-states and organized crime groups, we have to continue to flex the old saw, "Trust no one."

Comments? How are you collaborating with your peers on threat intel? We welcome discussion in the section below, whether on this topic or one you'd like to see covered here in the blog.
Load more comments
Thank you for the comment! Your comment must be approved first

You May Also Like


EnForce Risk Manager: Redefining Data Privacy & Co...

Have you ever asked yourself if your organization has control over its data?
Feb 4

Finding those Easter Eggs?

We don't mean to egg you on... well, in fact, we do.
Nov 3