Inside Facebook's Cyber-Security System

An anonymous reader writes "The Facebook Immunity System (FIS) processes and checks 25 billion actions every day, or 650,000 actions every second. The social networking giant's cybersecurity system was developed over a three-year period to keep the service's users safe from spam and cyberattacks. FIS scans every click on Facebook for patterns that could suggest something malicious is spreading across the social network."

And it doesn't work.

[NoobixCube]

Numerous pages I've liked incessantly spew spam at me, my mother keeps getting messages from "facebook security" or some variation thereof, asking her to confirm her password.

Re:And it doesn't work.

[syousef]

Numerous pages I've liked incessantly spew spam at me, my mother keeps getting messages from "facebook security" or some variation thereof, asking her to confirm her password.

I'm not aware of any security system that can prevent external sites from spamming their users. Of course it doesn't help if a company plays fast and loose with your privacy allowing attackers to discover the user base and target them. But as much as I hate Facebook lately, i can't see how you can expect their security system to prevent others from sending your mother email. There are many much more legitimate concerns with Facebook to address, so let's not get into irrationalities and hysterics about things we can't expect them to fix.

Re:And it doesn't work.

[NoobixCube]

Just saying, if they really want to protect their users, they can do some regular expressions voodoo on their messaging system. If Gmail can recognise phishing and spam, why can't Facebook?

Re:And it doesn't work.

[syousef]

"But as much as I hate Facebook lately, i can't see how you can expect their security system to prevent others from sending your mother email."
You're seriously suggesting that they shouldn't bother with national and international level data protection laws because it might be a bit tricky? Wow.

Explain to me how on earth international data protection laws require Facebook to prevent random fishing attacks that use databases gathered from a wide variety of sources, and infrastructure that Facebook does not control? If Facebook lost, leaked or sold the data, I can see the problem and they should be held accountable. If someone got hold of your name and email address elsewhere and sent you a message that looked like it came from Facebook, it's not just "a bit tricky". I don't see what they can do.

It does not work..

[Lumpy]

It has not detected any of the Zynga games at all.

It prevents me from finding Beta Testers

[MichaelCrawford]

From time to time I would post a link to the Beta Testing announcment for my iOS App. After a while Facebook would not allow me to post the link anymore, claiming that it was abusive.

A friend of mine who uses Facebook quite a lot had to sign up for a second account because her first account kept getting censored. She was not doing anything the least bit abusive, just using Facebook a lot to keep in touch with her friends.

Re:It prevents me from finding Beta Testers

[GWBasic]

You can mark posts from other people as abusive. Perhaps your friend needed to unfriend someone who didn't like what she had to say?

Investigation: Facebook still doesn't get it

[tomhudson]

In a one-hour look at Facebook and privacy, CBC's Doczone identified Facebook as the worlds #1 site for scammers and other illegal activity.

Facebook Follies is a one-hour documentary that takes a look at the unexpected consequences of people sharing their personal information on social media. Viewers meet people who lost their jobs, their marriages, their dignity, or who even ended up in jail - all because of their own or someone elseâ(TM)s Facebook posting. To give a broader context to the events, these stories are intercut with reflections from experts in the areas of social change, internet security and contemporary media.

If you missed it, it's also on again tomorrow night.

Other interesting points - researchers made an account for a plastic frog, and invited a couple of hundred random people to friend it - most did, sharing their contacts, personal info, etc., with a PLASTIC FROG! And they really do nail what facebook really is
For users - a large MMORPG where the object is to collect as many friends as possible
For facebook - a way of getting people to give it up to advertisers.

Re:Investigation: Facebook still doesn't get it

[Amorymeltzer]

This reminds me of the (semi) recent story about how CraigsList is a "cesspool of crime" and, more specifically, CL's response.

AIM group “documents” 330 crimes that it says occurred in connection with use of CL in the US over a 12 month period. Sounds scary until you compare that number to the 570 million classified ads posted by 100 million or more US craigslist users during that same time span, generating literally BILLIONS of human interactions, many involving face-to-face meetings between users who do not know one another...[snip]

James Temple at the SF Chronicle is reporting that, in terms of crime rate, or incidence of crime, craigslist is roughly 11,000 times safer than the city of Oakland. And as he has now updated, there is no reason to pick on his hometown of Oakland, the 11,000x incidence ratio would likely apply to any major city in the US.

Sure, some stinkers get through and sure, a lot of bad things happen on Facebook, but given 25 billion actions a day, an immensely low rate of incidence will give a very high number of incidents. Roswell, NM has a much higher murder rate than New York City (even after accounting for aliens, I hear) but we don't talk about all the murder in New Mexico.