Laptops belonging to Facebook employees were hacked as they were infected with malware. The attack took advantage of Java 0-day exploit.
Although Facebook says that no user data has been compromised, I wonder how good the company can protect the user’s data if they cant protect their own data. (laptop) ?
The company said it has reported the vulnerability to Oracle, which then patched the Java bug on Feb 1st.
Facebook made the following statement.
“Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops,” the company’s security team said in a blog post.
“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”
The kind of attack that Facebook’s security team described is a very common scenario. Attackers regularly compromise legitimate Web sites, plant exploit code on them that targets a specific vulnerability or group of vulnerabilities and then wait for users to hit the site with vulnerable browsers. They often run these attacks with exploit kits such as Blackhole or Eleonore and typically use exploits for known vulnerabilities rather than zero days, which are much more valuable to attackers. Once a zero day is used and then discovered, as in the Facebook attack, it loses most of its value to attackers, so they tend to be selective in their use of them.
An exploit that is able to bypass the Java sandbox would be especially valuable to an attacker, given the huge installed base of Java. There have been several such exploits circulating in recent weeks, but it’s not clear which one Facebook security personnel discovered on their network.
Facebook officials were not specific about what other companies they believe were also victims of this attack, but said that once the company discovered the malware and traced it back to the originating domain, it began sharing data about the attack with other companies.
“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means,”
Do leave your valuable comments, would love to know what do you think ? Do you really think Facebook can protect your data ?
Source: Facebook Security Page.