Facebook Shows Off Epic ThreatData Security Platform

Social networking giant Facebook has revealed how it detects and remediates security events across its platform, using its own bespoke framework called ThreatData.

Described as “a framework for importing information about badness on the Internet in arbitrary formats”, ThreatData lets Facebook do security in real-time, whilst efficiently collecting data for long-term analysis, according to a blog post from Mark Hammell, an engineer.

Facebook three-headed security beast

It consists of three parts: feeds, data storage, and real-time response. The feeds bring in data from a variety of sources, such as malware hashes from VirusTotal and malicious URLs from open source blogs and malware tracking sites.

This data is then fed into the storage side, which contains two repositories, called Hive and Scuba. Hive is used for long-term data threat analysis, whilst Scuba is used to look at newer threats.

The real-time response includes a variety of automated actions, including blacklisting of malicious URLs collected from any feed and sending threat data to Facebook’s security platform that protects its corporate networks.

Facebook’s program has already thrown up a number of interesting cases and some positive actions from the social network.

“In the summer of 2013, we noticed a spike in malware samples containing the string ‘J2ME’ in the anti-virus signature. Further investigation revealed a spam campaign using fake Facebook accounts to send links to malware designed for feature phones,” said Hammell.

“The malware, specifically the Trojan:J2ME/Boxer family, was capable of stealing a victim’s address book, sending premium SMS spam, and using the phone’s camera to take pictures. With this discovery, we were able to analyse the malware, disrupt the spam campaign, and work with partners to disrupt the botnet’s infrastructure.”

Below is a map of malicious IPs detected by the system, showing plenty of action in the US:

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

7 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

9 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

10 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

11 hours ago