In the year 2019, HACKERS packed portable network equipment in the back of a backpack, and then roamed around the Facebook corporate campus to trick users into signing up to an untrue guest Wi-Fi network. The same year, they set up more than 3000 cryptocurrency miners on genuine Facebook production servers to cover up further shady hacking within the midst of all the background noise. This could have been highly alarming had the culprits not were Facebook employees themselves, or members in the controversial red team , charged with spotting weaknesses before the criminals do.
The majority of large tech businesses have a red group that is an internal group which plots and makes plans as hackers in real life to stop threats. However, when people began working remotely, becoming more dependent on social media platforms such as Facebook to conduct all of their communications and communications, it was apparent that the nature of threats started to shift. The Facebook red team’s manager Nat Hirsch and colleague Vlad Ionescu identified a potential opportunity and a need in their work to change and grow in scope. Thus, they created a brand new red team that is focused on evaluating the software and hardware that Facebook depends on, but does not develop. They dubbed it Red Team X.
Red teams typically look at their organization’s products and systems for weaknesses as opposed to the most reputable bug-hunting organizations like Google’s Project Zero, which can focus on scrutinizing anything they think is crucial, no matter who is responsible for it. Red Team X, founded in the spring of 2020 and led by Ionescu, is a type of hybrid strategy, working without the Facebook red team to probe third-party software products that could be vulnerable and affect the company’s security.
“Covid to us is an occasion to step back and assess how we’re doing and how things are going and what’s in the future for our red team,”” Ionescu says. As the epidemic grew, the team began receiving requests to investigate items that were not within the scope of its standard. In the case of Red Team X, Facebook has dedicated resources to managing these requests. “Now engineers contact us and ask us to take a look at the tools that they’re using” Ionescu says. “And it could be any kind of tech, including hardware firmware, software, low-level cloud services consumer devices and network tools, or even Industrial control.”
“Our goal is to study the security of almost anything that could be of significance in the eyes of Facebook as a corporation.”
VLAD IONESCU, FACEBOOK
The group is now comprised of six software and hardware hackers with vast experience in the process of vetting. It is easy for them to travel down rabbit holes of hacking throughout a period of go probing each aspect of a particular product. Therefore, Red Team X designed an intake procedure that asks Facebook employees to explain specific questions they’re asked: “Is data stored on the device highly secured?” say, or “Is this cloud-based device controlling access control strictly?” Anything to give the direction on what vulnerabilities might create Facebook the most problems.
“I’m an avid nerd on this subject, and the my colleagues have similar traits,” Ionescu says, “so in the absence of specific questions, we’ll look around for six months and it’s not really very useful.”
On the 13th of January, Red Team X openly revealed an issue in the very first instance. This issue affected Cisco’s AnyConnect VPN, which has since been fixed. The company is releasing two more vulnerabilities today. The first one is an Amazon Web Services cloud bug that affected using the PowerShell component that is part of the AWS service.
PowerShell is an Windows software that manages the system and has the ability to execute commands. The team discovered that the PowerShell module was able to allow PowerShell applications from people who should not be capable of making such inputs. The flaw is difficult to exploit since unauthorised scripts would execute once the system had been rebooted. This is something that users would not be able to initiate. However, the researchers noted that it is feasible for any user who wants to restart through an issue with support. AWS solved the problem.