Facebook creates cyber threat data hub

Facebook thinks it can help major Internet companies stop spam by sharing cyber threat data.

The social networking giant has unveiled a new platform, ThreatExchange, that allows companies like Twitter, Yahoo, Tumblr and Pinterest to share cyber threat data with one another.

{mosads}The idea had its origin over a year ago, when several Internet companies were trying to eradicate what’s called a “botnet” cyberattack that was using parts of each company’s servers to send spam messages through popular social networking sites.

“We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture,” said Mark Hammell, manager of Facebook’s threat infrastructure team, in a Wednesday blog post. “During our discussions, it became clear that what we needed was a better model for threat sharing.”

And so ThreatExchange was born.

“Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries and make their own systems safer,” Hammell said.

ThreatExchange’s launch follows encouragement from the government for private companies to share more cyber threat data. The Department of Justice last year said it did not believe sharing such data would violate antitrust laws, a major concern for companies.

Congress is also contemplating several bills that would give limited legal liability protection to companies willing to share cyber threat data with the government.

Industry groups have long agreed they must exchange more cybersecurity information with each other and with the government. But legal concerns and worries about exposing private data have been a hinderance to progress.

Facebook thinks its platform can circumvent some of these concerns.

“For situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields,” Hammell said.

The end result should help bolster the nation’s cyber defenses, Hammell added.

“That’s the beauty of working together on security,” he said. “When one company gets stronger, so do the rest of us.”