By Jim Lundy
While everyone is talking about the recent hack of Sony, it wasn’t that long ago (late 2009, early 2010) that Google got hacked badly by the Chinese. Facebook Messenger was used in that attack.
It was part of what is commonly referred to as an Advanced Persistent Threat or APT. I wrote a blog about that attack in 2010 and after founding Aragon, we published a research note about how Facebook is not a friend of your enterprise. We have also written about other attacks that used LinkedIn.
This week, Facebook released a limited beta version of its Facebook at Work app. For many Chief Information Security Officers (CISOs), their jobs are about to get harder.
For many unsuspecting business users that choose to use Facebook for work, you are opening your business up to much more than just information theft.
Google Hack of 2010: Not Much Has Changed at Facebook
The major thing that has changed since the Google hack is that Facebook has added more encryption to some of its apps. Otherwise, it is still one of the number one methods being used by hackers and governments to attack your enterprise. The other thing to note is that due to its focus on advertising, Facebook is increasingly being viewed as spammy, due to the sheer volume of ads that appear on its activity feeds.
Regarding the Google hack, the story was that the Chinese used Facebook to target one of the Google staffers that managed passwords. They got access to his device and for a while, had access to Google accounts. Google was obviously furious over this, and that is one of the reasons they made the business decision later that year to pull out of China.
Google Chairman Eric Schmidt doesn’t mince words about China in his new book.
Facebook at Work: Better Choices Exist
So, the bottom line is that enterprises need to think very carefully about using Facebook for anything related to work. Linking personal and work accounts is tantamount to inviting spies into your enterprise.
We will be discussing this more in related posts and research, but the key thing to remember is that consumer-focused firms often have to spend years making their products and services secure. The fact is, many are not secure, but they will market to your business users that they are.
Our best advice is for enterprises to use an enterprise-class social network. We profile many of them here.