Facebook beefs up site against hackers

The world's largest social network is employing various means to stop scammers

Facebook is employing aggressive legal means in combination with technical measures in order to stop hackers from abusing its social-networking site, according to its chief security officer, Max Kelly.

The company is constantly under fire from hackers trying to spam its 400 million registered users, harvest their data or run other scams.

Facebook's security team started off with just a few people, said Kelly, who began working at Facebook in 2005 after a stint as a computer forensic analyst for the U.S. Federal Bureau of Investigation. He gave a keynote presentation at the Black Hat security conference on Tuesday.

Now, as many as 10 percent of Facebook's 1,200 employees are involved in security-related functions for the site, Kelly said. Its core security team consists of 20 people, a site integrity team of around 15 people and 200 others that are part of a user operations team that monitors illegal activity.

With the right data, it is relatively easy to identity where the attacks are coming from, even if a specific individual can't be identified. If an attack is under way, it's important to understand the person's motivation, Kelly said.

"We diligently go after attackers on this site," Kelly said. "We want to know what people are attacking us and why."

Facebook has integrated its security incident response team with its law enforcement team, which allows both groups to use some of the same tools in order to respond to a security incident, Kelly said.

On the technical side, Facebook has automated systems that detect when someone is using the site in a way that is different from the normal user. Those systems can then employ countermeasures, such as limiting the number of messages a user can send, employing CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart) and disabling accounts, Kelly said.

Facebook's security teams tends to worry less about vulnerabilities, focusing instead on the actual attacks, Kelly said. It allows Facebook to focus on the individuals behind the attacks and trying to frustrate those attackers.

The site is also rewarding individuals who responsibly disclose security problems by giving them credit on its security page. "If it's a really good hack, we'll probably end up hiring you," Kelly said.

Facebook has pursued a variety of criminal and civil penalties against those who abuse the site, using laws such as the U.S. CAN-SPAM act, which levies penalties of as much as $100 per spam message, Kelly said. Facebook has "dozens" of lawsuits in the works, he said.

The company has had some notable successes with this strategy.

In November 2008, it was awarded one of the largest judgments ever, winning statutory damages of US$1.3 billion (later reduced to $873 million). That suit charged Adam Guerbuez of Canada, Atlantis Blue Capital and 25 other unnamed people for falsely obtaining login information for Facebook users and then sending spam to those users' friends. Although the individuals charged are in Canada, Facebook could still pursue the money. Even if it doesn't, the judgement still has an impact, Kelly said.

"It means that any asset that goes through the United States, we have a claim," Kelly said. "It makes the cost of doing business in the U.S. much more prohibitive."

Join the PC World newsletter!

Error: Please check your email address.

Tags securityFacebook

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?