Facebook’s ‘Red Team X’ Hunts Bugs Beyond the Social Network’s Walls
The questionable red team charged with recognizing vulnerabilities before the unhealthy guys do
Most big tech corporations have a red team, an interior cluster that plots Associate in Nursing plans like real hackers would assist leave potential attacks, Wired reported.
However, once the globe began operating remotely, progressively dependent on platforms like Facebook for all of their interactions, the nature of the threats began to change.
Facebook red team manager Nat Hirsch and colleague Vlad Ionescu saw an opportunity, and a need, for his or her mission to evolve and expand in kind. in order that they launched a brand new red team, one that focuses on evaluating hardware and software that Facebook relies on but doesn’t develop itself. They called it Red Team X.
Facebook will crack down on groups that break its rules repeatedly
A typical red team focuses on probing their own organization’s systems and products for vulnerabilities, while elite bug-hunting groups like Google’s Project Zero can focus on evaluating anything they think is important no matter who makes it.
Red Team X, founded in the spring of 2020 and led by Ionescu, represents a sort of hybrid approach, working independently of Facebook’s original red team to prod third-party products whose weaknesses could impact the social giant’s own security.
“Covid-19 for us was really an opportunity to take a step back and evaluate how we’re all working, how things are going, and what might be next for the red team,” Ionescu says.
As the pandemic wore on, the group increasingly got requests to look into products that were outside of its traditional scope.
With Red Team X, Facebook has put dedicated resources toward running down those inquiries. “Now engineers come to us and request that we look at things they’re using,” Ionescu says.
“And it can be any kind of tech—hardware, software, low-level firmware, cloud services, consumer devices, network tools, even industrial control.”
“Our scope is to look at the security of pretty much anything that would be consequential to Facebook as a company.”
VLAD IONESCU, FACEBOOK
The group now has six hardware and software hackers with broad expertise dedicated to that vetting. It would be easy for them to go down hacking rabbit holes for months at a time prodding every aspect of a given product.
So Red Team X designed an intake process that prompts Facebook employees to articulate specific questions they have: “Is data stored on this device strongly encrypted?” say, or “Is this cloud container managing access controls strictly?” Anything to give direction about what vulnerabilities would cause Facebook the biggest headaches.