• All Share : 48362.22
    UNCHANGED0.00%
    Top 40 : 4183.85
    UNCHANGED0.00%
    Financial 15 : 13650.32
    UNCHANGED0.00%
    Industrial 25 : 54866.52
    UNCHANGED0.00%

  • ZAR/USD : 10.5014
    UP 0.08%
    ZAR/GBP : 17.6293
    UP 0.08%
    ZAR/EUR : 14.5037
    UP 0.02%
    ZAR/JPY : 0.1026
    UP 0.18%
    ZAR/AUD : 9.7975
    UP 0.03%

  • Gold : 1294.9000
    UP 0.39%
    Platinum : 1413.0000
    UP 0.28%
    Silver : 19.6400
    UP 0.04%
    Palladium : 797.0000
    UP 0.63%
    Brent Crude Oil : 109.530
    UNCHANGED0.00%

  • All data is delayed by 15 min. Data supplied by I-Net Bridge
    Hover cursor over this ticker to pause.

Fri Apr 18 22:47:27 SAST 2014

Facebook reveals sophisticated hacking attack, no data compromised

Reuters | 16 February, 2013 10:05
An illustration picture shows the log-on screen for the Website Facebook on an iPad, in Bordeaux, Southwestern France, in this January 30, 2013 file photo. Facebook said on Friday that it been the target of a series of attacks by an unidentified hacker group, but it had found no evidence that user data was compromised.
Image by: REGIS DUVIGNAU / REUTERS

Facebook said it had been the target of an unidentified hacker group, but it found no evidence that user data was compromised.

“Last month, Facebook security discovered that our systems had been targeted in a sophisticated attack,” the company said in a blog post posted on Friday afternoon, just before the three-day Presidents Day weekend. “The attack occurred when a handful of employees visited a mobile developer website that was compromised.”

The social network, which says it has more than one billion active users worldwide, also said: “Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well.”

Facebook declined to comment on the motive or origin of the attack.

A security expert at another company with knowledge of the matter said he was told the Facebook attack appeared to have originated in China.

The FBI declined to comment, while the Department of Homeland Security did not immediately return a call seeking comment.

Facebook’s announcement follows recent cyber attacks on other prominent websites. Twitter, the microblogging social network, said earlier this month it had been hacked and that about 250 000 user accounts were potentially compromised, with attackers gaining access to information, including user names and email addresses.

Newspaper websites, including those of The New York Times, The Washington Post and The Wall Street Journal, have also been infiltrated. Those attacks were attributed by the news organizations to Chinese hackers targeting coverage of China.

While Facebook said no user data was compromised, the incident could raise consumer concerns about privacy and the vulnerability of personal information stored within the social network.

Facebook has made several privacy missteps over the years because of the way it handled user data and it settled a privacy investigation with federal regulators in 2011.

Facebook said it spotted a suspicious file and traced it back to an employee’s laptop. After conducting a forensic examination of the laptop, Facebook said it identified a malicious file, then searched company-wide and identified “several other compromised employee laptops.”

Another person briefed on the matter said the first Facebook employee had been infected via a website where coding strategies were discussed.

The company also said it identified a previously unseen attempt to bypass its built-in cyberdefences and that new protections were added on Feb. 1.

Because the attack used a third-party website, it might have been an early-stage attempt to penetrate as many companies as possible.

If they followed established patterns, the attackers would learn about the people and computer networks at all the infected companies. They could then use that data in more targeted attacks to steal source code and other intellectual property.

In its statement, Facebook said the attack was launched using a “zero-day,” or previously unknown flaw in its software that exploited its Java built-in protections.

“Zero-day” attacks are rarely discovered and even more rarely disclosed. They are costly to launch and often suggest government sponsorship.

In January 2010, Google reported it had been penetrated via a “zero-day” flaw in an older version of the Internet Explorer Web browser. The attackers were seeking source code and were also interested in Chinese dissidents, and Google reduced its operations in the country as a result.

Attention to cybersecurity has ratcheted up since then and this week President Barack Obama issued an executive order seeking higher safety standards for critical infrastructure.

Other companies stand to benefit more from comprehensive legislation, which has stalled in Congress. Republicans have opposed additional regulations that would come with mandatory security standards.

SHARE YOUR OPINION

If you have an opinion you would like to share on this article, please send us an e-mail to the Times LIVE iLIVE team. In the mean time, click here to view the Times LIVE iLIVE section.
Fri Apr 18 22:47:27 SAST 2014 ::