Bloomberg News

Facebook Said to Work With FBI on Malware Attack Probe

February 16, 2013

Facebook Targeted by ‘Sophisticated Attack’ Using Malware

Malware was installed on laptops used by Facebook employees when they visited a mobile developer, Facebook said. Photographer: Daniel Acker/Bloomberg

Facebook Inc. (FB:US), operator of the largest social network with more than 1 billion members, is working with the U.S. Federal Bureau of Investigation to probe a malware attack, people with knowledge of the matter said.

Facebook said yesterday that it was subjected to a “sophisticated attack” by hackers last month, without saying where the attack originated. Investigators haven’t found any evidence that user data was compromised, Menlo Park, California- based Facebook said on its website. The people who discussed the FBI’s involvement asked not to be identified, citing the sensitive nature of the probe.

Facebook, which stores information on users, often grapples with attempted breaches. It has a team dedicated to detecting and responding to attack attempts, pays bounties to outside programmers who help identify malfeasance and said it successfully prevents attacks the “vast majority of the time.”

“As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” Facebook said.

Malware infected laptops used by Facebook employees when they visited a mobile developer’s website, the company said.

Facebook fell less than 1 percent to $28.32 at yesterday’s close in New York, and it has risen 6.4 percent this year.

The attack also affected other companies, Facebook said, without identifying them. It’s collaborating on the incident through an informal working group.

Incident Prevention

“We are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future,” Facebook said.

Twitter Inc., the microblogging site with more than 200 million active users, said Feb. 2 that it was subjected to unauthorized attempts to hack into its systems and that attackers may have obtained access to information for about 250,000 people. It said the perpetrators were “extremely sophisticated.”

Representatives of Twitter and Facebook declined to comment on whether the attacks were linked. Julianne Sohn, a spokeswoman for the FBI in San Francisco, said she couldn’t comment on whether the agency is working with Facebook.

The New York Times Co. reported Jan. 30 that its computer network was hacked repeatedly by attackers in China. For four months, the newspaper’s computer systems were infiltrated and Chinese hackers accessed some passwords for its reporters and other employees, the publisher said.

Oracle’s Patch

The Wall Street Journal also detailed similar attacks on its systems, while Bloomberg LP, the parent of Bloomberg News, said there have been unsuccessful attempts to infiltrate its network.

Facebook, as part of its monitoring efforts, flagged a suspicious domain in its corporate logs and tracked it back to an employee computer. After examining the laptop, the company found a malicious file and then uncovered several other compromised laptops after a companywide search.

By first hacking a mobile developer’s site, the attackers had ensured that they would infect the computers of engineers working for several companies, said Anup Ghosh, founder of Invincea Inc, a security firm based in Fairfax, Virginia.

“There is a range of developers that might visit that site and they would infect them all,” Ghosh said of the attack.

The malicious software bypassed built-in protections to install malware. Facebook immediately reported the exploit to Oracle Corp. (ORCL:US), which owns the Java software that was compromised. Oracle provided a patch Feb. 1 to address the vulnerability.

Deborah Hellinger, a spokeswoman for Redwood City, California-based Oracle, declined to comment on the Java software hack.

To contact the reporters on this story: Brian Womack in San Francisco at bwomack1@bloomberg.net; Michael Riley in Washington at michaelriley@bloomberg.net

To contact the editors responsible for this story: Tom Giles at tgiles5@bloomberg.net; Michael Hytha at mhytha@bloomberg.net


Best LBO Ever
LIMITED-TIME OFFER SUBSCRIBE NOW

Companies Mentioned

  • FB
    (Facebook Inc)
    • $76.43 USD
    • 0.35
    • 0.46%
  • ORCL
    (Oracle Corp)
    • $41.14 USD
    • -0.05
    • -0.12%
Market data is delayed at least 15 minutes.
 
blog comments powered by Disqus