How A Design Team Co-Opted Hacker Tactics To Fight Cybercrime

Cybercrime rings collaborate. Security analysts don’t. So IBM built a social platform to track and share information about global threats.

What happens when you throw visually driven designer types into a room full of cybersecurity wonks?


Over the last few years, IBM’s security division has been experimenting with bringing together these two sets of experts—who have radically different expertise and backgrounds—to solve some of the most pressing and complex security threats on the Internet. Today, 30 IBM designers work exclusively on security, which is a field that design school didn’t particularly train them for.

The outcome? The interdisciplinary teams have built a social network that incorporates the shareability of a Pinterest board, the crowdsourced knowledge of Wikipedia, the easy note-taking ability of Evernote, and the regular updates and real-time communication of a Facebook news feed. The platform is called IBM X-Force Exchange, and is an open system that allows security analysts to share the latest information about the threats on their radars and how they have tackled these problems.

Since its launch in April, the platform has offered security analysts at diverse global companies the ability to gather and share information about attacks in order to reduce the amount of time it takes to snuff them out. Users include six of the world’s top 10 retailers, five of the top banks, as well as the top 10 companies in the automotive, education, and tech industries. So far, there are more than 7,500 individual registered users.

Liz HolzPhoto: Courtesy of IBM

At IBM’s New York City offices, I met with two designers integral to building X-Force Exchange. The idea for the platform emerged from listening to the concerns of security analysts and learning how hackers and cybercrime rings collaborate. “As designers, we needed to learn about security quickly, so we spent time in the wild, observing security analysts in their natural habitat,” says Liz Holz, an IBM design executive. “One thing that became clear is that the bad guys—the hackers and cybercriminals—all share information. Meanwhile, security professionals tend to investigate threats, shut the threats down, record everything they have done on an Excel document, then put that document in a drawer never to be seen again. They collect all this data, then it just disappears.”

Blake Helman, a visual designer at IBM who works with Holz, also points out that cyberattacks often follow very similar patterns. “While cybercriminals can be very creative when they need to be, they generally use the same tactic over and over until it stops working,” he says. “An attack that happened to Wells Fargo could very well also happen to Bank of America.”

When Holz, Helman, and the other designers on the team considered possible solutions, their main goal was to create a way for security experts to exchange knowledge, much like the hackers do on the sites and discussion boards on the underbelly of the Internet known as the Dark Web. “We could create Justice League of our own that could help us fight against the bad guys,” Holz says, with a smile. “Whoever solved a problem first could share their information, allowing others to solve them faster.”

Blake HelmanPhoto: Courtesy of IBM

X-Force Exchange has a clean design meant to simplify the vast amount of data about security breaches taking place around the world. It applies many of the principles of the most popular and effective consumer platforms—Pinterest, Evernote, Wikipedia, Facebook—to make it extremely user-friendly. “When security experts go home, they’re visiting Gmail and all these other places on the Internet that offer regular web experiences,” Helman says. “We wanted to make tools for them that were equally as easy for them to use.”

When you first enter the platform, there is a map with a ticker of current threats around the world, located by their IP address; parts of the map light up to signal that a threat has been discovered in that particular region.

IBM combines its own data—700 terabytes of it—with publicly available data about current threats, into one simple interface. “X-Force wasn’t built entirely from the ground up,” Helman says. “There were many other databases we were pulling from, but what we were doing was incorporating all these data sources into one cohesive experience.”

A security analyst who notices a threat to their system can put the IP address into the X-Force search engine to see what other information comes up. Here’s where the crowdsourcing comes into play. When users pull up the IP address, they see a report with all existing information about that address and the nefarious activity connected with it. They then have the option to leave comments on the sidebar, to add new details that they have discovered, or to ask questions, so that others who have dealt with this threat can provide answers. “It allows people to edit and validate the reports, to build stronger, better reports,” Holz says, pointing out that this is very similar to the Wikipedia crowdsourcing model. Users can choose to make these comments public, so that anyone on the site can provide feedback, or they can make they private, inviting only people from their own company to respond.

Users can also create their own investigation notebook, called a “collection,” where they can copy-and-paste useful information they have gathered from throughout the platform to help them as they work to solve a problem. This part of the site is designed like Evernote: It is relatively unstructured, allowing the user to add notes in whatever format suits them best. Again, this knowledge can be public or it can remain private, allowing the user to include confidential information pertinent to their own company.

X-Force Exchange is currently free, although as the team builds up the platform and adds new features, they might begin including a paid component. Anyone can go on the site to see the map and to use the search function, but you need to be a member of the community to use the commenting and “collection” functions.


This means, of course, that hackers and cybercriminals can use the site as well. But the system does not provide incentives for the “bad guys,” as Holz calls them, to remove information. “It would be a waste of their time,” Holz explains. “Any information a user includes on the site is backed up on the cloud and they could always just repost it. The only thing this will prompt them to do is change their tactics faster.”

If hackers and cybercriminals changed their tactics faster, this would still be a positive outcome. The IBM Security team believes that this system has the potential to make hackers stop using the cheap, easy methods of hacking that work so well today. “That’s going to eliminate one type of hacker that thrives on using the most basic tactics,” Helman explains. “And the better hackers will have to step up their game. This will free up the security community to concentrate on the extremely pointed and penetrating attacks, instead of constantly tackling small attacks that someone else has already solved.”

IBM Security is not the only company thinking about how design figures into the work of security analysts; this is a trend that is growing throughout the cybersecurity world. Chris Young, the head of Intel Security, says that one of the biggest issues in security is that it is a highly complex, data-heavy world and it is often necessary to translate information for different types of users.

“Part of making security effective is simplifying it—while not making it less intelligent—so that we can drive more pervasive use of these products,” he says. This process of simplification relies on the expertise of UX and graphic designers who can can create user-friendly platforms. As a result, Young says that Intel Security has been increasingly hiring designers for its teams that produce both consumer-facing and enterprise products.

Today, IBM employs more than a thousand designers across all parts of the company, working in 20 design studios around the world. Holz says that bringing designers into a broad range of departments is becoming more common and that she’s found it fascinating to dig deep into the complexities of the security, although it has been a very steep learning curve.

“Ultimately, as designers, our role is to understand the problems consumers are facing and solve them,” she says. “This kind of work transcends particular fields or industries.”



About the author

Elizabeth Segran, Ph.D., is a staff writer at Fast Company. She lives in Cambridge, Massachusetts