It said none of its users' data was
compromised in the attack, which occurred after a handful of employees visited a
website last month that infected their machines with so-called malware,
according to a post on Facebook's official blog released just before the
three-day U.S. President's Day weekend.
"As soon as we discovered the presence of
the malware, we remediated all infected machines, informed law enforcement, and
began a significant investigation that continues to this day," Facebook
said.
It was not immediately clear why Facebook
waited until now to announce the incident. Facebook declined to comment on the
reason or the origin of the attack.
A security expert at another company with
knowledge of the matter said he was told the Facebook attack appeared to have
originated in China.
The attack on Facebook, which says it has
more than 1 billion members, underscores the growing threat of cyber attacks
aimed at a broad variety of targets.
Twitter, the micro blogging social
network, said earlier this month it had been hacked and that about 250,000 user
accounts were potentially compromised, with attackers gaining access to
information, including user names and email addresses.
Newspaper websites, including those of The
New York Times, The Washington Post and The Wall Street Journal, have also been
infiltrated. Those attacks were attributed by the news organizations to Chinese
hackers targeting coverage of China.
Earlier this week, U.S. President Barack
Obama issued an executive order seeking better protection of the country's
critical infrastructure from cyber attacks.
"INFILTRATED"
Facebook noted in its blog post that it
was not alone in the attack, and that "others were attacked and infiltrated
recently as well," although it did not specify who.
The Federal Bureau of Investigation
declined to comment, while the U.S. Department of Homeland Security did not
immediately return a call seeking comment.
In its blog post, Facebook described the
attack as a "zero-day" attack, considered to be among the most sophisticated and
dangerous types of computer hacks. Zero-day attacks, which are rarely discovered
or disclosed by their targets, are costly to launch and often suggest government
involvement.
While Facebook said no user data was
compromised, the incident could raise consumer concerns about privacy and the
vulnerability of personal information stored within the social network.
Facebook has made several privacy missteps
in the past because of the way it handled user data. It settled a privacy
investigation with federal regulators in 2011.
According to one person familiar with the
situation, the type of information on the employee laptops that were compromised
included "snippets" of Facebook source code and employee emails.
Facebook said it spotted a suspicious file
and traced it back to an employee's laptop. After conducting a forensic
examination of the laptop, Facebook said it identified a malicious file, then
searched company-wide and identified "several other compromised employee
laptops".
Another person briefed on the matter said
the first Facebook employee had been infected via a website where coding
strategies were discussed.
The company also said it identified a
previously unseen attempt to bypass its built-in cyber defenses and that new
protections were added on February 1.
Because the attack used a third-party
website, it might have been an early-stage attempt to penetrate as many
companies as possible.
If they followed established patterns, the
attackers would learn about the people and computer networks at all the infected
companies. They could then use that data in more targeted attacks to steal
source code and other intellectual property.
Another fear for such a popular website is
that hackers could use central controls to infect wide swathes of its user base
at once.
In January 2010, Google reported it had
been penetrated via a "zero-day" flaw in an older version of the Internet
Explorer Web browser. The attackers were seeking source code and were also
interested in Chinese dissidents. Google reduced its operations in China as a
result.
By Joesph Menn and Tom Reid
Source:
0 yorum:
Yorum Gönderme