Login
iscover
Facebook’s chief information security officer and head of security policy have shared an overview of the company’s security results for the last year, and it looks like they and their teams have been very busy indeed.
Facebook’s focus has been on three key areas — countering covert influence operations, disrupting the surveillance-for-hire operators, and improving account security.
Since 2017, Facebook has this year dealt with over 200 covert influence networks that were in breach of the company’s Coordinated Inauthentic Behavior policy. The networks operated in 68 countries and in dozens of languages. Most of them targeted individuals in their own countries, but one-third targeted foreign audiences.
Most of the networks operated in Russia, with Iran and Mexico the next most prolific. The most targeted country was, unsurprisingly, the United States, followed by Ukraine and the UK. Interestingly, Russian influence operations targeted Ukraine the most, with a range of African countries next and the US after that.
When it comes to surveillance-for-hire and spyware, Facebook has disrupted global operators from a range of countries, including Russia, Israel, and the US. These operations reached nearly 200 countries. In a blog post, Facebook has said the global reach of these operations requires a broader response from both industry and social groups.
“We strongly believe that we need a concerted regulatory response by democratic governments, as well as continued action by industry and focus from civil society,” the post says. “To help inform our collective defences, we’ve published a set of recommendations for a broad whole-of-society response.”
These recommendations include improved investigation of threats, public reporting of any findings, improved education, and legal action, alongside better industry cooperation.
When it comes to account security, Facebook has found that the key driver behind most compromised accounts was a lack of up-to-date contact information. Those contact points themselves are a threat vector, with one-in-four compromised accounts being accessed via an in-turn compromised contact point.
While much of Facebook’s support process is automated, the company has been slowly rolling out human-driven support initiatives, to handle more complex situations. In October 2022, live support already operated in nine countries, and will expand to more than 30 in the near future.
Additionally, Facebook reports its bug bounty programs have been a success, with over 750 bug reports in 2022 alone, paying out a total of US$2 million to security researchers.
Newsletter
