High profile hackings seem to be growing exponentially more commonplace. Congress has warned businesses against using Chinese telecommunications companies for fear of espionage; Twitter, The Wall Street Journal, The New York Times, Google, Bloomberg, and other businesses have all reported attempts to infiltrate their networks and collect data; President Obama even deemed the matter serious enough to discuss it in his State of the Union Address.
“We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets,” he said, “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
This weekend, Facebook was only the most recent in what has become a long string of large business that have reported being the targets of cyber-attacks. In a note from the website’s security team, Facebook reveals that it “is frequently targeted by those who want to disrupt or access our data and infrastructure.”
The most recent incident resulted from several employees visiting a mobile developer’s website which had been breached. An exploit in Java was used to forcibly download a host of previously unseen malware onto the laptops of the employees, from where the hackers gained limited visibility of Facebook’s production systems as well as corporate data and e-mail information. The laptops had fully up-to-date anti-virus software, but the novelty of the malware was such that it could not be recognized or easily thwarted.
Facebook has since removed the malicious software, conveyed the incident to law enforcement, and informed Oracle, who in turn immediately created a patch for the Java exploit. According to Facebook Security, other websites had also been attacked through the same method, and have been informed of the infiltration.
An ongoing investigation has been launched by Facebook in response to the hackings. It has not turned up any evidence that user data was compromised by the intrusion, but the company pledges to continue working with law enforcement and other organizations to prevent future attacks.