Facebook's Security Breeched - Java Zero-Day Vulnerability Found
Facebook was attacked by unidentified hackers on Friday. The attack was carried out when Facebook Co.'s employees visited a developer's website which was, you guessed it, compromised. The malware was installed on their laptops and so began the journey of Facebook's self-enlightenment.
Facebook has over 1 million users to its disposal who share sensitive information on the social networking site, giving Facebook the edge to control and use it freely. However, none of these 1 billion users want their private content to be spread out for everyone's eyes to see. Facebook is very aware of what attacks like such could mean for their following. It could bring down the very foundation of Facebook as we know it.
Facebook published a formal bulletin regarding the security breech titled "Protecting People on Facebook":
Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service. The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.
Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.
We have found no evidence that Facebook user data was compromised.
Previously, Facebook had claimed that none of the data that it has authority over or has been intrusted to them was compromised in the attack. In response to which Kevin Mitnick, the founder of Mitnick Security Consulting LLC, tweeted:
Surely enough, Facebook's CSO, Joe Sullivan is then reported to have said in an interview:
An analysis of the activity of the malware showed that "they were trying to move laterally into our production environment," Sullivan said. The attackers gained "some limited visibility" into production systems, but a forensic review found no evidence that data was exfiltrated from that. However, some of the information on the laptops themselves—"what you typically find on an engineer's laptop," Sullivan said—was harvested by the hackers, including corporate data, e-mail, and some software code.
It is reported that the security breech occurred to due a Java zero-day vulnerability. Through this exploit the hackers were able to infiltrate Facebook's network and inject malware. Facebook now claims that the exploit has been patched and anti-virused. Therefore, users of Facebook can be at ease again.
Facebook has been jumping up and down trying to convince its users that their sensitive data has not been compromised by the attack:
There are a few important points that people on Facebook should understand about this attack:
- Foremost, we have found no evidence that Facebook user data was compromised.
- We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.
However, we would request all our readers to switch off Java in their browsers.
Cheers!
About the Author:
This article is written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.
Wow.. Nice post once again. Can you please explain what is "Zero-Day Vulnerability"?
ReplyDeleteAnd please reply to previous post! ;)
@Mehul Zero day vulnerability is a newly found vulnerability in any software.
ReplyDeleteZero-Day Vul. means the vulnerability is founded recently :)
ReplyDelete