The APWG eCrime Exchange (eCX) is the oldest and most trusted repository developed specifically to exchange machine-event and Internet-event data about common cybercrimes such as phishing. The APWG’s member organizations contribute new data, and extract data programmatically to inform their products and services — as well as to drive their own security applications and forensic routines.
The eCX offers a RESTful API for fast and easy use in a programming environment as well as a Web UI for researchers and responders to query data and submit reports.
Submitting data into the eCX helps protect both your organization’s users and the wider public. Simply submit new data, and it will be available to other eCX users, including browser developers and antivirus vendors who use the data to block phishing and responder organizations who work to prevent attacks and to take down active criminal campaigns. Pull data out, and use it in your own security products and research. All entries are timestamped and consistently categorized, and fresh data flows in continuously.
The eCX and its progenitors have served the counter-cybercrime communities of interest since 2004.
The eCX’s success as a clearinghouse, however, is as dependent on its risk policy and user governance instrumentation as well as attentive, rigorous curation of the clearinghouse’s data assets.
Bilateral data sharing requires corporate legal teams to forge agreements with everyone they want to share data with. That approach often requires years of legal work, and many times does not result in effective data sharing.
APWG has spent many years refining a simple legal framework that allows data exchange to take place (among usually non-correspondent parties) while limiting and precisely defining the risk to submitters and receivers. A large part of the value of the APWG eCrime Exchange is the facilitation of legal data-sharing agreements and the liability protections that these agreements afford.
The eCX revolutionizes cybercrime event data exchange by providing contractual instrumentation that satisfies the risk-management requirements of corporate counsel — as well as providing crucial cybercrime related machine event data for security applications and forensic routines.
This model of trust architecture also ensures that counterparties are vetted by the process itself, so that data consumed or sent can be verified as being from known, legitimate parties.
Currently, total report flow inbound to the /phish endpoint on the eCX from all member sources POST well more than one million new records per month from scores upon scores of institutions (many reporting on behalf of any number of enterprises and any number of client brands).
As importantly, Arizona State University researchers found, in recent research, that eCX was alone in its class in one keystone metric: reports lodged at /phish on the eCX generated the highest level of crawler traffic of any entity.[1]
