Photo: Ludovic Toinel
Facebook execs admit the site has become a big fat target for cyber criminals. But its security team insists they are doing a great job in (mostly) stopping them.Members of Facebook’s Site Integrity Team, the group dedicated to thwarting the bad guys, met with Business Insider and detailed the many ways that Facebook’s technology stops hijacked accounts, spam and viruses.
“In some ways we’re a victim of own success,” says product manager Jake Brill. “We’re so good at delivering relevant and interesting things in News Feed that when there are some spammy objects in there, people are much more likely click on them,” he said.
For that reason, fear of Facebook is a big enterprise security concern.
The Site Integrity folks say that fear is overblown. Less than 4% of links on Facebook are spam and only 5% of Facebook users see spam on a given day.
Facebook is investing heavily to keep that number low. The team has about 30 full-time members plus “tens of thousand of machines” running algorithms that help it identify the nasty stuff on the fly, says Allan Stewart, a team engineer.
So far, they’ve built about a dozen tools for finding bad guys and bad links. For instance, even if you have the right user name and password, Facebook doesn’t trust you.
“Facebook is one of the only sites that will challenge a user’s login even if they provide the correct password. If you login every day from San Francisco and 10 minutes later you login from Siberia Russia,” Facebook will ask you to prove yourself, says Keyani. It might ask you a security question or to identify pictures of your friends.
People can also sign up for extra password protection like a system that will text you if your e-mail changes.
As for spammy links, Facebook uses a bunch of outside security services to check that they aren’t sending you to a site known to have viruses. If you click, you’ll get a warning about the site.
But the safety net isn’t perfect. Scammers can still post misbehaving applications, as the site is open to any app. If Facebook notices strange behaviour from the app after it’s posted, or if people report it, Facebook will shut it down.
Infrastructure improvements help too, says team manager Pedram Keyani.
“We’ve got hundreds of employees and tens of millions of dollars going into the infrastructure. With every single product, we audit for the way they impact the ecosystem from security holes to new ways spam can infiltrate new channels,” he says.
And if all of this fails and your PC does pick up a virus, Facebook will fix it for you through a partnership with McAfee. You don’t see other social network sites doing that. (Twitter, we’re looking at you.)
But do beware. Fake virus cleaning is also a common scam. “Look at URL browser bar. If it says www.facebook.com you know it’s us,” Brill says.