The Chief Security Officer at Facebook has given some latest information in an exclusive interview. The report is that Facebook computers have been compromised by Zero-Day Java exploit. It has been discovered that some systems belonging to the Facebook engineers have been hacked by means of a zero-day Java attack which ended up installing some previously unknown malware.
A zero day exploit is a threat that exploits a previously unknown vulnerability in a computer application. Facebook officials are continually harping on the same notion that the customer data has not been exposed by the attack as the invasion was limited to the laptops of few engineers.
The internal security team of Facebook got a third party involved to neutralize the command server of the hackers by taking over the traffic of the inward network from those systems that were infected by malware. The traffic has been identified as coming from certain undisclosed companies and Facebook has now entrusted the case and complaint over to the Federal Bureau of Investigation. They were able to identify the attack when a suspicious domain was tracked in the domain name of Facebook’s Service Request logs. They were tracked to the device of an engineer who had been working on the projects of mobile application development. An analysis by forensics of the files on that laptop gave the lead to the other systems that were compromised.
This attack on Facebook took place at the same time that the passwords were cryptographically hacked at Twitter. It has acknowledged the compromise of the Java browser plug-in and requested users to disable Java in their browsers and to reset their passwords. The zero day Java attack has been infiltrated into the HTML of both these social networking websites resulting in a situation where any engineer who entered the sites and who had Java enabled in his or her browser would end up affecting the user system.