Written by Brian Frederick –
Meta implemented several new programs and features in 2022 designed to improve safety and security on its platforms, the company announced in an end-of-year recap news release.
In the past year, the Facebook and Instagram parent company continued to emphasize initiatives designed to eliminate covert influence operations and spyware and identify bugs.
Crackdown On Coordinated Inauthentic Behavior
In the wake of fears of Russian meddling in the 2016 and 2020 U.S. presidential elections, there has been a call for social media platforms to help eliminate outside influencers.
According to a Facebook news release, Meta has taken down over 200 covert influence operations since 2017 using its Coordinated Inauthentic Behavior (CIB) policy. It has also made the details about these threats public, including whether they came from commercial organizations, nation-states, or unattributed groups.
“Sharing this information has enabled our teams, investigative journalists, government officials and industry peers to better understand and expose internet-wide security risks, including ahead of critical elections,” Ben Nimmo, Global Threat Intelligence Lead, and David Agranovich, Director, Threat Disruptions, said in the release.
Threats were identified originating from 68 countries using at least 42 languages. The United States is the most frequently targeted country, with 34 CIB operations, followed by Ukraine with 20 and the U.K. with 16.
Russia was the top source of these CIB networks, accounting for 34, while 28 were in Iran.
Countering The Global Spyware Threat
The social media titan has also continued to focus on eliminating spyware. Its latest threat report on what it calls the “surveillance-for-hire industry” found this is a growing problem that indiscriminately targets people in an attempt to gather intelligence and compromise devices and accounts.
As part of its commitment to fighting these bad actors, Meta has disabled accounts, blocked infrastructure from using its platforms, and shared this data with policymakers, security researchers, and other platforms.
It also notifies people the company believes were targeted, many of whom are often unaware they were at risk.
Expanded Bounty On Bugs
This year also saw the expansion of Meta’s bug bounty program, according to a news release. Meta Quest Pro and the Meta Quest Touch Pro controllers are now eligible for bounties.
This program, launched in 2011, generated more than 10,000 reports on bugs in Meta’s software this year. Of those, more than 750 were issued bounties totaling more than $2 million in awards, according to the release.
2022 also saw an increased focus from Meta to make its hardware technology more accessible to the research community. This included a focus on VR technology at BountyCon, the company’s annual conference for bug hunters.
At this conference, researcher Youssef Sammoud reported an issue in Meta Quest’s oAuth flow that could have led to a 2-click account takeover. Upon fixing this issue, which Meta found had no evidence of abuse, this report was awarded $44,250, including program bonuses.
What Meta Expects in 2023
Meta’s security experts expect the company’s new focus on information sharing will allow it to identify and shut down CIB operations sooner, as it expects them to keep targeting more minor services with lower resource levels.
The continued growth of spyware organizations has made it difficult for Meta to tackle them on its own, so it has called for regulatory action while publishing a set of recommendations for a society-wide response.
To provide advanced account protections, Meta will be employing three new tactics in 2023:
- Adding new on-platform protections.
- Educating people to help them avoid compromise.
- Increasing support for people when they are locked out of their accounts.
Continuing its bug bounty program, Meta sets new payout guidelines with awards ranging as high as $300,000.
There will also be a continued emphasis on breaking down silos between departments and outside agencies. This helped the social media company improve knowledge-sharing between teams and improve efficiency while also making it easier to identify and eliminate bad or fraudulent actors.
Featured Image: Ingus Kruklitis/Shutterstock