Two years ago, a malware—as in “malicious software”—campaign began spreading on Facebook, linking to spam and engaging in other nefarious activities. The nasty Microsoft Windows-based code aimed to hijack social accounts and to propagate along social connections to friends and followers on other social networks. For a service built upon social ties, that’s a big problem.
So Facebook’s security team reached out to peers—Pinterest, Tumblr, Yahoo—to share data. “Together we were able to squash it pretty effectively,” says Mark Hammell, threat infrastructure team manager in Facebook’s security division. But that also got them thinking. “We needed a better way for sharing to happen because the way we were sharing was not going to scale.”
A year earlier in 2012, Facebook had already begun developing a proprietary security system called ThreatData—”a framework for importing information about badness on the Internet in arbitrary formats, storing it efficiently, and making it accessible…
View original post 403 more words