Facebook is Struggling to live up to the responsibility it faces for adequately securing the vast amount of personal information it amasses, the social network’s top security executive said in a leaked phone call with company employees.
“The threats that we are facing have increased significantly and the quality of the adversaries that we are facing,” Facebook Chief Security Officer Alex Stamos said during a taped call, which was reported Thursday by ZDNet1. “Both technically and from a cultural perspective, I don’t feel like we have caught up with our responsibility.”
The way that I explain to management is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost . We have made intentional decisions to give access to data and systems to engineers to make them “move fast,” but that creates other issues for us. Stamos also discussed a report on the state of Facebook’s security posture and described it as a “very painful process.” He said the report will be updated every six months and that the company’s management team will be briefed on its contents. Stamos told ZDNet reporter Zack Whittaker2 he used the words “college campus” as a figure of speech several times during an internal discussion to describe challenges that the company faces. “My team runs network security for the company, and of course we secure it thoroughly,” Stamos said . The leaked comments were made during an internal talk with employees discussing the challenges Facebook had protecting its networks from the growing threat of nation-sponsored hackers.
In 2014, Russian intelligence agents orchestrated a hack on Yahoo that compromised 500 million user accounts, federal prosecutors have alleged3 . Google said in 2010 that it was on the receiving end of a highly targeted attack by Chinese hackers that was aimed at accessing the Gmail accounts of activists and stealing the company’s intellectual property . Researchers have presented evidence strongly suggesting that dozens of other breaches on defense contractors, security companies, and others have also been carried out by state-sponsored attackers.
In a series of tweets Thursday4, Stamos said a basic challenge Facebook and similar companies face stems from the freedom they give engineers to customize their environments and experiment with new tools and development processes.
“As a result, we can’t architect our security the same way a defense contractor can, with limited computing options and no freedom,” Stamos wrote. “Keeping the company secure while allowing the culture to blossom is a challenge, but a motivating one, I’m happy to accept .
The ‘college campus’ wording is just a figure of speech to make the point.”
The headline and first sentence of this post were updated in an attempt to better paraphrase Stamos’s comment “Both technically and from a cultural perspective, I don’t feel like we have caught up with our responsibility.”
A top US security chief has warned that Islamic State militants are planning another huge terror attack on the same scale as 9/11. The acting Secretary of Homeland Security in the United States, Elaine Duke, warned that recent attacks involving knives and vehicles were to keep followers of the terror group engaged. But she said that US intelligence suggested extremists are planning an attack involving a big explosion to cause maximum casualties.
She also said it was clear terrorists want to hijack planes to target civilians, mirroring the devastating attack in the US in 2001.
Ms Duke warned of the threat at an event in London (AFP/Getty Images)
The MailOnline reported that Ms Duke, speaking at an event at the US Embassy in London, said: The terrorist organisations, be it ISIS or others, want to have the big explosion like they did on 9/11 . They want to take down aircraft, the intelligence is clear on that.
However, in the interim they need to keep their finances flowing and they need to keep their visibility high and they need to keep their members engaged, so they are using small plots and they are happy to have small plots. Referring to a series of recent atrocities in which terrorists have attacked people using knives or vehicles, she said: Creating terror is their goal and so a van attack, a bladed weapon attack, causes terror and continues to disrupt the world but does not mean they ve given up on a major aviation plot.
Her warning comes after MI5 director general, Andrew Parker, said the UK faced its biggest terror threat yet.
Terror threat: Islamic state (AP)
The chief of the normally secretive organisation gave a speech warning that it was taking less time for terrorists to plan attacks as they could exploit safe spaces online to evade detection. And Ms Duke said the internet was providing the means for more home-grown terrorists in the US through the use of propaganda.
She added that one of the biggest threats to the safety of aviation travel was the free movement of goods and people between countries.
What we believe is that because of the movement of goods and people, we have to raise the baseline worldwide, we can t only consider our borders, she said. She said US officials have strong measures in place to prevent another attack but added: Terrorists are strong, they are adaptable and the terrorist threat is the highest it has been since pre-9/11 .
We have got to have every tool that s possible.
Almost 3,000 people were killed in the 9/11 attack when planes were hijacked and flown into the World Trade Center in New York and the Pentagon in Washington.
- ^ UK facing ‘worst terror threat in 34 years’ warns MI5 chief (www.standard.co.uk)
- ^ Lack of police helicopters could put lives at risk in terror attacks (www.standard.co.uk)
‘The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills’ This weekend, Barclays and Cabinet Office-backed security initiative Cyber Security Challenge UK1, hosted an immersive competition to test the skills of thirty cyber enthusiasts.
The competition required contestants to adopt the role of interns at a fictitious cyber security firm, who had to defend their company from a cyber-attack, triggered by an insider, all while their superiors were on a team-building canoeing adventure. >See also: The cyber security challenge for retail branch IT2 The competition is the last of 2017 s Cyber Security Challenge UK face-to-face competitions to unearth the UK s hidden cyber talent and place these individuals in public and private sector cyber security roles to fill the critical cyber security skills gap . Not only does cyber security offer an exciting and varied career, but a lucrative one too with roles averaging over 60,000 per year after training. The competition took place in national heritage site and grand country house, Radbroke Hall, which is also the current site of Barclays Technology Centre . In the scenario, the interns , who were staffing a fictitious security firm called Research4U , had to spring into action after a hacking group launched a large-scale cyber attack on the company, stealing confidential technology, source code and client data . The story saw hackers demand a ransom of 10m to prevent releasing the data to the press. Competitors had to infiltrate and stop the fictional hacker group in order to destroy the leaked information before it could be released to the press . Leading cyber specialists from Barclays and other leading industry organisations assessed the contestants on their vulnerability assessment, reconnaissance, attack strategies and espionage skills in order to rank their performance and suitability for careers in the industry.
>See also: The security challenges with the Internet of Things3 The winning team was team Wormhole: Carolyn Yates, Isabel Whistlecroft, Kajusz Dykiel, Peter Campbell and Waldo Woch. The eight contestants that have qualified for next month s Masterclass grand finale were: Cameron Howes, Asher Caswell, Tom Brook, Vlad Ellis, Mohammed Rahman, David Young, Rajiv Shah and Isabel Whistlecroft .
They will join the previous F2F winners from earlier in the year at Masterclass where they will compete against each other and have the opportunity to network with industry experts, in addition to winning career-enhancing prizes including degree scholarships, training courses, technology and gadgets and industry memberships. Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said: This year s scenarios have been varied in nature in order to demonstrate the range of cyber threats that this nation faces as well as the sheer breadth of sectors that need cyber security professionals from banking and finance, to automotive and even retail . Sponsors, like Barclays make this possible and, in turn, help to open the door to dozens more careers . I would like to encourage any budding cyber security specialist, or white hat hackers , to consider applying for our competitions . The nation faces a growing cyber security threat, so we are in real need of talent that can keep organisations, and the public, secure . Why not Challenge Yourself today?
>See also: Cyber security the unrelenting challenge for leadership4 The competition mirrors recent high profile attacks, such as WannaCry, where hackers held organisations to ransom across the globe . With the Public Accounts Committee revealing earlier this year that the Government s ability to protect Britain from high-level cyber attacks is undermined by a skills shortage, the need to find individuals with cyber skills has never been greater. Troels Oerting, Barclays Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO) said: The best way to learn about cyber security is to engage in realistic scenarios, such as the competition that we ve just hosted . Saturday s event created a scenario that really tested a candidate s ability to perform under pressure, think strategically, work as a team and display leadership skills . A career in cyber security requires various skills, including the ability to second-guess hackers and make critical decisions quickly .
It was very encouraging to see students so immersed in solving the challenge we set them, and I wish all the candidates the very best in their careers.
- ^ Cyber Security Challenge UK (www.cybersecuritychallenge.org.uk)
- ^ The cyber security challenge for retail branch IT (www.information-age.com)
- ^ The security challenges with the Internet of Things (www.information-age.com)
- ^ Cyber security the unrelenting challenge for leadership (www.information-age.com)