In the year 2019, HACKERS put portable network equipment in the back of a backpack, and then roamed around a the Facebook corporate campus in order to trick users into signing up to an untrue guest Wi-Fi network. In the year, they also installed more than 30000 cryptocurrency miners on actual Facebook production servers to conceal additional hacking that was more sinister in the midst of all the background noise. This could have been extremely alarming had the perpetrators had been Facebook employees themselves, or members in the controversial red group charged with spotting weaknesses before the hackers do.
Many large tech firms have a red team which is an internal team which plots and makes plans as hackers in real life to stop possible attacks. However, as the world started working remotely, becoming more dependent on social media platforms such as Facebook for all their communications and communications, their nature of threats began to shift. Red team manager of Facebook Nat Hirsch and colleague Vlad Ionescu identified a potential opportunity and a need that their task change and broaden in its scope. Thus, they created a brand new red team which focuses on assessing the hardware and software that Facebook uses but doesn’t create itself. It was dubbed Red Team X.
Also Read: Create your next big idea using Cloudflare Pages
Facebook’s Red Team X Finds Bugs Beyond the Social Network’s Walls
The typical red group concentrates on looking at their organization’s products and systems for vulnerabilities and weaknesses, whereas top bug-hunting groups such as Google’s Project Zero can focus on evaluating any product they believe is significant, regardless of who is responsible for it. Red Team X, founded in the spring of 2020, and led by Ionescu it is a type of hybrid approachthat works independent of Facebook’s red team to challenge the third-party products with weaknesses that could affect the company’s security.
“Covid to us is an chance to step back and assess the way we’re working together and how things are going and what’s coming next for us as a red group,” Ionescu says. As the epidemic grew and the team began receiving requests to investigate items that were not within the scope of its normal. Through Red Team X, Facebook has set aside resources for managing these requests. “Now engineers approach us to ask that we examine the devices that they’re using” Ionescu says. “And it could be any type of technology, hardware software, firmware, software, low-level cloud services consumer devices and network tools, or even Industrial control.”
“Our mission is to examine the security of nearly everything that is important in the eyes of Facebook as a corporation.”
VLAD IONESCU, FACEBOOK
The group currently has six software and hardware hackers with a wide range of experience dedicated to the process of vetting. It’s easy for them to travel through the hacker’s rabbit hole over a long period of go probing each aspect of a particular product. That’s why Red Team X designed an intake procedure that asks Facebook employees to answer specific questions they’re asked: “Is data stored on the device highly secured?” say, or “Is this cloud device controlling access control strictly?” Anything to give the direction on what vulnerabilities might create Facebook the greatest headaches.
“I’m an enormous nerd when it comes to the subject and I find that my colleagues have similar traits,” Ionescu says, “so in the absence of specific questions, we’ll look around for six months and it’s not really very useful.”
On the 13th of January, Red Team X openly revealed an issue at first. This was an issue that affected Cisco’s AnyConnect VPN that has since been fixed. Today, it’s releasing two more. The first one is an Amazon Web Services cloud bug which involved using the PowerShell component in an AWS service. PowerShell is an Windows administration tool which is able to run commands.
The team discovered that the PowerShell module could allow PowerShell applications from people who should not be in a position to input such commands. The flaw is difficult to exploit since the script that was not authorized would be executed after the system had been rebooted. This is something that users would not be able to initiate. However, the researchers suggested that it is possible for anyone in need of a restart through an issue with support. AWS solved the problem.
