Inside Facebook security, and how to better protect your account

Facebook’s Nick Bilogorskiy kicked off proceedings at the Virus Bulletin 2010 conference in Vancouver this morning, giving the social network’s view on the scale of the cybercrime problem.

Facebook discussed at VB2010

Bilogorskiy, who heads up the anti-malware team at the social networking giant, revealed some jaw-dropping statistics and fascinating facts:

  • 23 billion minutes are spent each day by people on Facebook.
  • Is email dead? Only 11% of teens use email daily to communicate with their friends – preferring IM, social networks and SMS texting instead. No surprise then that we’ve seen such a rise in the number of reports of attacks via sites like Facebook.
  • And, perhaps most pertinently to the readers of this blog, the authors of the Koobface worm made on average $35,000 per week through their botnet during 2009. That’s $1.8 million per year. Furthermore, Bilogorskiy says he knows their true identities – and law enforcement agencies are investigating.

Sobering stuff, indeed.

Nick Bilogorskiy and Graham Cluley, VB2010
(Facebook’s Nick Bilogorskiy and Sophos’s Graham Cluley, VB2010. Picture courtesy of Andreas Marx, AV-Test.Org)

Nick Bilogorskiy and the rest of Facebook’s security team clearly have some significant challenges – 500 million users, many of whom seem to show little concern about protecting their privacy, and a horde of criminals waiting to take advantage through 419 scams, identity theft, spam, malware and rogue applications.

One piece of advice that Nick shared during his talk that could be of use to some folks, is some new functionality that Facebook introduced earlier this year which can help warn you if someone logs into your account from another computer.

Facebook account security settings

Using the system you can automatically receive an email or SMS text message if your account is accessed from a computer that isn’t registered. That’s handy if you’re worried about an identity thief or spammer breaking into your account.

More details are published on the Facebook blog if you want to try it out for yourself.

Of course, one thing to beware is that it would be easy for hackers to fake an email to appear as though it were one of the messages from Facebook, warning you that your account had been accessed. And if in a blind panic you clicked on a link in that bogus email, you might be taken to a phishing site.

Life’s never simple is it?

If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.