Please create an account to participate in the Slashdot moderation system


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - Facebook Rolled Its Own 0Day for Red Team Exercise? (

chicksdaddy writes: "Threatpost has the story of the extreme — even hair-raising — lengths that Facebook's incident response team has gone to in order to prepare the company's staff to be hacked. Among the methods described at the CanSecWest Conference: "Operation Loopback" in 2012, which was designed to mimic an APT-style attack from China and used what appears to be an internally developed exploit for an internally discovered 0day.

From the Threatpost article:
"McGeehan and his team this time identified a likely attacker--China--and decided to impersonate its tactics. For this one, they recruited an internal engineer as an accomplice. They wanted to get a backdoor into Facebook's production code, so they sent a spear-phishing email containing exploit code for a live zero-day vulnerability to the engineer. He dutifully clicked the link and his machine was promptly compromised. (McGeehan would not identify which product the vulnerability affected, nor how the Facebook team came into possession of it, but said that they disclosed it to the affected vendor before the Loopback exercise and used it before the patch was publicly available.)" Ouch!"

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Facebook Rolled Its Own 0Day for Red Team Exercise?

Comments Filter:

The trouble with being poor is that it takes up all your time.