Data Sheet—Saturday, February 13, 2016

Feb 13, 2016

Last fall I visited IBM’s security group at the company’s offices in New York. A few members of the team had brought me in to show off some “dark web” destinations, hidden websites accessible only via a special browser (called Tor). On the screen before us: weapons, drugs, malicious software—you name it. All for sale.

Needless to say, it’s strange to sit in a conference room with professional contacts when offers for illegal narcotics are quite literally on the table.

The purpose of the meeting was to exchange information about these underground markets. Investigating what so-called crimeware hackers are auctioning online helps analysts (and reporters) keep abreast of the latest cyber threats. This sharing is very much a part of the IBM unit’s business strategy, I learned.

“One of the biggest problems in cybersecurity is hackers collaborating, sharing data and software,” Marc van Zadelhoff, who took the reins of the security group at the beginning of the year, told me later. Previously the unit’s vice president of worldwide strategy and product management, Zadelhoff assumed the top spot after Brendan Hannigan stepped down as general manager. (Hannigan had joined after IBM bought his security intelligence software-maker, Q1 Labs, in 2011.)

“We’re sharing data through X-Force Exchange,” Zadelhoff said, referencing the company’s threat intelligence platform, which IBM opened up for anyone to use free of charge last year . (Other companies like Facebook have taken a similar approach with ThreatExchange, a kind of social network for defenders of computer networks. “Now we’ve added a security app exchange so our partners, vendors, and customers can build and share apps on top.”

Why give away precious data on attackers at no cost? Simple: IBM: aims to commoditize threat intelligence. By giving that intel away, the company hopes to become the foundation on which the information security industry relies. Then the company can use that leverage to sell other services. The bet is that IBM’s analysis, not its endless reams of raw data, will be the moneymaker.

Zadelhoff calls this his three “c” strategy: cloud, collaboration, cognitive. Cloud is the mechanism of distribution; collaboration involves sharing threat feeds and code; and cognitive refers to the value added analysis layer. (Expect announcements involving Watson integrations , the company’s analytic AI engine, this year, I’m told.)

So far the program appears to be working. IBM's security group posted $2 billion in revenue for 2015, growing 12% over the year prior, according to an earnings report the company issued last month. More than 2,000 organizations are already signed up for the exchange.

Criminals have found a similar strategy—swapping intel and trading off-the-shelf tools—to be quite lucrative of late. Big Blue prudently takes its cue from those baddies. The difference is in the wares: cyber bulwarks versus contraband and botnets.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune's daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.

THREATS

Obama unveils cyber budget. In his budget proposal for the 2017 fiscal year, President Obama has allocated $19 billion to federal cybersecurity. The requested cash injection represents a $5 billion increase over the year prior, and it devotes more than $3 billion to IT upgrades alone. (Fortune)
IRS is having a bad week. The Internal Revenue Service said that identity thieves attempted to breach its computer systems to file fraudulent tax refunds. (Last year hackers stole $50 million and personal information of 330,000 people this way.) A couple of days later, one of the agency's employees pled guilty to stealing taxpayers' identities in order to fraudulently collect $1.5 million in tax refunds for herself. (Fortune, Fortune)

FBI and DHS hacker nabbed? The alleged hacker who released the personal information of 20,000 Federal Bureau of Investigation agents and 9,000 Department of Homeland Security officials has reportedly been apprehended by UK police. The suspect appears to be a 16-year-old boy. (Motherboard)

Facebook ramps up anti-terror program. The social network has enlisted a team to police posts, weeding the site of content that could be interpreted as promoting terrorism. The team is under pressure from government officials to delete accounts associated with extremism, and to promote anti-radical views. (Fortune, Wall Street Journal)

Bill proposes banning "backdoors." Lawmakers introduced a proposal in the House of Representatives that aims to prohibit government from mandating that encryption products be built with "backdoors." One reason for rejecting these inherent weaknesses,which  were intended to give law enforcement officers access to data during investigations: the U.S. cannot stop other countries from making strongly encrypted tools. (Fortune, Fortune)

Google to ban Flash ads and expand "right to be forgotten." The search giant said that it plans to put the kibosh on buggy Adobe Flash-based ads by 2017, favoring HTML5-based ads instead. The company is also taking a harder line in enforcing Europe's "right to be forgotten" law, scrubbing certain search results "from all Google domains for people searching from the country of the requester," rather than just from the European domains. (Fortune, Fortune)

Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Can Check Point co-founder Shlomo Kramer strike again?
The small country of Israel is home to an estimated 300 cybersecurity companies, and now yet another one has added to the rising count. Earlier this week, cloud-based network security provider Cato Networks officially emerged from stealth mode.
While the startup has been kept under wraps for months, its founder and CEO is a known entity in security circles. Shlomo Kramer, co-founder of Check Point Software Technologies and Imperva, is hoping to strike big with his latest company, which he says will eliminate the need for the multiple, costly appliances that companies typically plug in to help secure their systems. Many of Kramer’s bets have paid off in the past—not just with the companies that he’s helped found but also with his own investments in the security space (the long list includes WatchDox, Trusteer, and Palo Alto Networks). On the eve of Cato’s launch, Fortune caught up with Kramer to ask about Cato’s technology and the current landscape for Israeli security startups. .. Read the rest on Fortune.com.

TREATS

Malware Museum. A gallery of retro computer viruses. (Washington Post)
Boosting stadium security. With mobile ID-linked tickets. (TechCrunch)
Cotton swabs. Are more challenging than cybersecurity. (Fortune)
Anti-languages. What "jarkmans" and "bawdy baskets" speak. (BBC Future)
NASCAR fans. Prefer Trump and Clinton. (Fusion)

ONE MORE THING

Whatever happened the Sony hackers? According to a couple of computer security researchers who investigated the group's idiosyncratic hacking techniques, the Sony breachers are alive and well—and still hacking.  (Wired)

EXFIL

"In the future, intelligence services might use the [Internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials."

Director of National Intelligence James Clapper, testifying before the Senate on Tuesday with an assessment of the many threats the nation faces. The U.S. spy chief said that the intelligence community might begin to exploit a burgeoning set of Internet-connected consumer devices and sensors to snoop on people. Internet of things? More like surveillance of things. (Fortune, Fortune)

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions