|
Facebook reports
sophisticated ¡¥zero-day¡¦ cyberattack
Reuters, SAN FRANCISCO AND LOS ANGELES
Facebook Inc said on Friday that hackers had infiltrated some of its employees¡¦
laptops in recent weeks, making the world¡¦s No. 1 social network the latest
victim of a wave of cyberattacks, many of which have been traced to China.
The company said that none of its users¡¦ data was compromised in the attack,
which occurred after a handful of employees visited a Web site last month that
infected their machines with malware, according to a post on Facebook¡¦s official
blog released just before the three-day US President¡¦s Day weekend.
¡§As soon as we discovered the presence of the malware, we remediated all
infected machines, informed law enforcement and began a significant
investigation that continues to this day,¡¨ Facebook said.
It was not immediately clear why Facebook waited until now to announce the
incident. Facebook declined to comment on the reason or the origin of the
attack.
A security expert at another company with knowledge of the matter said he was
told that the Facebook attack appeared to have originated in China.
The attack on Facebook, which says it has more than 1 billion members,
underscores the growing threat of cyberattacks aimed at a broad variety of
targets.
Twitter, the microblogging social network, said earlier this month it had been
hacked and that about 250,000 user accounts were potentially compromised, with
attackers gaining access to information, including user names and e-mail
addresses.
Newspaper Web sites, including those of the New York Times, the Washington Post
and the Wall Street Journal, have also been infiltrated. Those attacks were
attributed by the news organizations to Chinese hackers targeting coverage of
China.
Facebook said in its blog post that it was not alone in the attack, and that
¡§others were attacked and infiltrated recently as well,¡¨ although it did not
specify who.
In its blog post, Facebook described the attack as a ¡§zero-day¡¨ attack,
considered to be among the most sophisticated and dangerous types of computer
hacks. Zero-day attacks, which are rarely discovered or disclosed by their
targets, are costly to launch and often suggest government involvement.
While Facebook said that no user data was compromised, the incident could raise
consumer concerns about privacy and the vulnerability of personal information
stored within the social network.
According to a person familiar with the situation, the type of information on
the employee laptops that were compromised included ¡§snippets¡¨ of Facebook
source code and employee e-mails.
Facebook said it spotted a suspicious file and traced it back to an employee¡¦s
laptop. After conducting a forensic examination of the laptop, Facebook said it
identified a malicious file, then searched company-wide and identified ¡§several
other compromised employee laptops.¡¨
Another person briefed on the matter said that the first Facebook employee had
been infected via a Web site where coding strategies were discussed.
The company also said it identified a previously unseen attempt to bypass its
built-in cyberdefenses and that new protections were added on Feb. 1.
|
