The Inquirer-Home

Facebook is hit with a 'sophisticated' attack

Engineers trapped on mobile developer website
Mon Feb 18 2013, 10:01
A Facebook logo

SOCIAL NETWORK Facebook has admitted that its servers have been hit with a security attack that made the most of a Java vulnerability.

The firm described the attack as "sophisticated" in a blog post that finishes with a request that people make more of its bug reward programme and put less of a strain on its systems.

Facebook said that it, like "every significant internet service", is regularly hit by people that want to take it down or disrupt it and hoover up its data. Most of the time, it said, it is successful in spotting, preventing and defending against these attacks.

"Our security team works to quickly and effectively investigate and stop abuse," it said. However, it appears that in this instance the attackers had some success.

"Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops," said the blog post.

"The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."

There around one billion Facebook users, but user data was compromised and Facebook said it is working with the authorities, security firms, and its own engineers to make sure it does not happen again.

The problem was traced back to a 'suspicious domain' in the Facebook DNS logs and an employee laptop. A malicious file was found on that laptop, and then, during a company wide search, on several other employee laptops.

Analysis showed that it was a zero day exploit that was able to bypass the relevant Java sandbox protections and install malware. Facebook told Oracle about this and the company released a patch to take care of it earlier this month.

Facebook said that it was not alone in being attacked, adding that it was clear that others had fallen victim too recently. It said that it shared information with the other companies and organisations that were affected.

Twitter was attacked last month and had to reset some 250,000 customer passwords. These customers included some rather high profile accounts. Around the same time both the New York Times and Wall Street Journal reported assaults on their servers.

Twitter recommended that users disable Java. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015