How Facebook Investigates Cyber Threats and Information Operations

From Facebook’s NewsroomHard Questions is a series from Facebook that addresses the impact of their products on society.

These posts cover different facets of Facebook’s investigations into cyber threats and information operations.

By Alex Stamos, Chief Security Officer (Stamos is now an adjunct professor at Stanford University as of August 2018.)

Deciding when and how to publicly link suspicious activity to a specific organization, government, or individual is a challenge that governments and many companies face.  Last year, Facebook said the Russia-based Internet Research Agency (IRA) was behind much of the abuse found around the 2016 election.  As of November 15th, Facebook shut down 32 Pages and accounts engaged in coordinated inauthentic behavior without saying that a specific group or country is responsible.

The process of attributing observed activity to particular threat actors has been much debated by academics and within the intelligence community. All modern intelligence agencies use their own internal guidelines to help them consistently communicate their findings to policymakers and the public.  Companies, by comparison, operate with relatively limited information from outside sources — though as Facebook gets more involved in detecting and investigating this kind of misuse, Facebook needs clear and consistent ways to confront and communicate these issues head on.  Read on

IPA Permalink:

1 Response
  1. Michael Williams

    The most important line in this piece: “ is wishful thinking to believe that we will always be able to identify persistent actors with high confidence.”
    Indeed, so FB admits it will never be effective in suppressing bad actors on its platform – suggests something about the platform, no?