As a social networking giant with more than 2 billion users and 80,000 employees worldwide, how does Facebook protect the personal and property safety of its employees around the world? Recently, the reporter of the technology blog Business Insider learned through in-depth investigation that the social network giant's security team is like a small army, effectively dealing with various complex security conditions. The reporter also wrote an article about the security team of the social networking giant and its daily work.
Here is the content of this article:
In April 2018, an angry user of YouTube, a Google video site, fired at the company's headquarters in California with a semi-automatic pistol, injuring three people. The gunshots rang through Silicon Valley.
Just 30 minutes from here, Facebook quickly acted and quietly strengthened its defense. The Menlo Park-based social networking company has dramatically increased the number of off-duty police officers wearing plain clothes and carrying guns for secret patrols. Few employees knew about the existence of these police officers, a move that scared some employees who later noticed them.
The company also spent about $1 million to equip its fleet with more than 30 new Toyota RAV4 hybrid SUVs for its security department to patrol between office buildings in the Bay Area — but at the company consider how When they were branded, it was useless for these cars to stay in the garage for a few months. (It is not clear whether they are now being used.)
If this sounds like a small army, it is because in many ways it is indeed an army.
Silicon Valley's freedom and disobedience creates open offices and university-style campuses. Such offices and parks have been emulated by the business community.
But now, within Silicon Valley Technology, under this idyllic surface, there is a more ruthless reality. Technology brands and leaders have become the focus of public attention, and in some cases, even completely hostile concerns. As a result, technology companies like Facebook have no choice but to build more complex and expensive security fortifications, especially after the YouTube shooting.
For shareholders, this means taking on more costs, often tens of millions of dollars, to protect the company's top management and property security. Inside Facebook, this means enhancing the ability of 6,000 shadow employees to work. Their daily work provides a window that allows people to look at the other side of Silicon Valley, away from the other side of application marketing programs and machine learning sessions: a hidden world full of followers, prototype equipment theft, car bombs Fear, earthquake contingency plans, gang violence, and concerns about government-sponsored espionage.
A former member of the Facebook security team said: “As a security person, you can build a safe and secret place like Fort Knox tomorrow, but this will not happen in a real-world technology environment. [So] you created policies, obstacles, and processes so you can be as friendly as possible and as safe as possible. ”
Some of the daily problems facing Facebook's security team are unremarkable, and you'll find problems in any big company: petty theft, car accidents, emergency medical assistance, and more. But Facebook's unprecedented impact on the daily lives of billions of people around the world means it faces unique security challenges. People flocked to Facebook's offices —— whether it's for casual browsing, trying to sell to company executives, or expressing their dissatisfaction.
“ Fast action, breaking the rules & rdquo; not always the best security method
Today, Facebook has 40,000 full-time employees, but the total number of employees is much higher.
The company has more than 80,000 employees worldwide (including contractors and temporary workers who do not necessarily have the same benefits as full-time employees), and they are protected by a global security team. It has more than 160 plants in more than 100 countries and territories, from engineering offices to data centers to content management centers.
In order to deal with security issues, the company has a huge security force.
More than 6,000 people work in Facebook's global security department (500 of whom are full-time employees, the rest are contractors and temporary workers), and there are more than 1,000 security guards working in the San Francisco Bay Area only —— on foot patrols, patrolling by car Carry a sniffer dog and patrol on a bicycle (&"Fox squad”). Relatively speaking, “read and burn”, the photo sharing app Snapchat's parent company, Snap, has a total of 3,000 employees and Twitter has fewer than 4,000 people.
Third-party contractors who provide security and intelligence analysts to Facebook include Allied Universal, G4S and Pinkerton. Facebook also funded the Menlo Park Police Department to establish a branch office near its office and work closely with local law enforcement and emergency services.
There are five key aspects of Facebook's security work. The most obvious are the global security services, the Facebook security team ("blue shirt"; and its Global Security Operations Center. There are also global security intelligence and investigations, as the name implies, which are dedicated to investigating information and research intelligence.
Then there is the Global Security Strategic Plan, which examines the risks that arise as the business grows: Is this a high-risk expansion area? Is it really a good idea to build an office building here? It is also responsible for systems and technologies (think of key cards, security cameras and their software); and of course the executive protection team.
Like other Facebook functions, its global security department is also a data greedy department that absorbs a lot of intelligence, from open source information to third-party data streams, from media reports about breaking news events to possible sales. The company's intellectual property dark market, and of course the user posts on Facebook.
It is an “intelligence-based organization” that attempts to detect and resolve potential problems in advance through extensive information, and it identifies millions of “security threats” to employees every year, from natural disasters to natural disasters. Threats to violence against employees, of course, these threats have varying degrees of credibility.
The top leader of the security team is Nick Lovrien, a former anti-espionage officer for the US Central Intelligence Agency (CIA) and currently the chief global security officer for Facebook.
Lovlin reports to John Tenane, vice president of cooking, facilities and security at Facebook, who reports to chief financial officer David Wehner.
“(Facebook) is the key infrastructure of modern democracy, which is why we are so concerned about the integrity and security of the platform. The work done by Facebook also poses a unique risk to it. ” Lovlin said.
In short: Protecting Facebook is a daunting task —— but this is not made easier by the company's internal philosophy.
Facebook has long been known in the world for its fast action, breaking the motto of the regularity, although it has alienated this motto in recent years. The company emphasizes speed and initiative; if there are any problems that have not been resolved in the past, it can always be resolved in the future. A number of sources said that while this attitude may be effective for developing applications, it does not apply to a one-on-one security world.
A source said that when Facebook set up a new headquarters, the security team realized that there was a big security risk in allowing people to bypass the security checkpoint at the main reception desk, so they blocked some of Facebook's entry points. Some security projects may go wrong because engineers don't like something about security.
Throughout the company, different teams have taken a very different approach to background checks and recruitment (Facebook says it, in addition to hiring traditional security staff, it is “people who are interested in hiring non-traditional backgrounds”).
“I know that the culture of Facebook is that we are all friends and there is no friction. But the reality is that security sometimes requires a certain amount of friction. & rdquo; A source said.
Lovlin admits that this is indeed the case. But he said that Facebook has improved a lot since then. He said: “Over the past six years, we have focused on getting those (old) security programs offline and introducing new security systems. ”
Lovlin said: "I have hired the most powerful leader, and the level of expertise we have is not found in any other company, so (I) are very proud of the team here. ”
In recent months, Facebook has been accused of racial discrimination in its workplace. This was caused by an open letter shared by a former employee, Mark Luckie. Two former security executives also said they saw racial discrimination in the company.
“I will give you a brief talk about —— black guards are placed in very bad positions. Black guards have no chance of promotion. In the same accident, white drivers can have room for manoeuvre, while black drivers are severely punished. The rules regarding hair color and visible tattoos vary from person to person. & rdquo; One of them said.
Facebook stated that it has clear guidelines for contractors working with it and has conducted a joint investigation of any such allegations.
Allied Universal, which provides security services to Facebook in the Bay Area, said the company is committed to creating a diverse and inclusive work environment. Our goal is to represent a diverse community that we are proud of because diverse security personnel create a safer environment and a stronger community. To this end, we have comprehensive standards of conduct and a zero tolerance policy for any form of discrimination, retaliation or harassment. At all levels of the organization, we actively promote an inclusive culture to help expand the development opportunities for all in the communities we protect. ”
In August 2018, Facebook security personnel negotiated a union contract. However, sources said that some security executives are still not satisfied with the concessions they have received. In addition, recruiting new security executives is difficult because the unemployment rate in the US has been low —— although this is not a problem unique to Facebook.
Facebook is busy shutting out countless uninvited guests
Another key challenge facing Facebook is managing visitors and keeping people who shouldn't be there out.
The number of people entering Facebook is shocking: for example, in June 2018, the company had 140,000 invited visitors worldwide —— from job seekers to business meeting attendees and employees' friends. (Only Monroe Park has nearly 54,000 visitors.) There are 1.5 million invited visitors throughout the year.
But the uninvited guest also flocked to Facebook, and the sheer number is also jaw-dropping. The company had to reject about 1,000 visitors a week: tourists, people who sell business to the company, and a steady stream of angry users and protesters who came to make trouble.
Facebook's security team sees dozens of “events” happening every day, from people who are angrily asking for the reasons why their accounts are banned, to internal problems such as medical assistance for staff injuries. If uninvited visitors are hostile, they may be listed as BOLO (careful) visitors. Some individuals are also classified as interested parties (POI).
Facebook does not directly indicate whether the reporter was listed as a BOLO visitor, or whether the company has visited the reporter's location data or other personal information (whether or not it is BOLO). “There is no credible reason for anyone to be bound by the above procedures. "Anthony Harrison" said in an e-mail: "One person —— whether it is journalist —— only if it is assessed as a credible threat to Facebook or its employees After that, it will be listed as a BOLO visitor. ”
Our security team exists to protect the security of Facebook employees. They use industry-standard measures to assess and address credible threats to our employees and our company and to bring them to law enforcement when necessary. We have strict procedures to protect people's privacy and to comply with applicable legal provisions. Any statement that our on-site security team has a cross-border behavior is completely wrong. & rdquo; Harrison continued.
Previously, the technology blog Business Insider found 911 call records from Facebook's campus, which allowed us to understand which extreme events might occur: a scepter attack on a security guard, and one was told that they had a Facebook lottery in the rdquo; The deceived user, an angry confrontation caused by "no one was injured", and so on.
However, only a small number of incidents have reached the level of the alarm, and most of them are handled internally. For example, in April 2018, Facebook had more than 2,000 “incidents” in offices around the world, of which 124 were medical incidents.
In 2017, in a compelling event in London, YouTube users were able to sneak into Facebook's London office, then enjoy the buffet and candy inside, and produced a video about their experiences.
Therefore, one source said, “When these people arrive in the United States, we will add additional staff and ensure that each security guard knows their looks in case they are mixed into our building. ”
More than one person managed to escape the security guard in order to present an idea to Mark Zuckerberg until he was told that he had asked other employees how to find the CEO’s desk and he was discovered. .
On another occasion, it was reported that a visitor lied that he was going to attend the meeting. After many rejections, the result was put in from the side door by an unwitting employee who went to lunch. The sneak sneaked in a Facebook brand T-shirt and the security staff later discovered it.
Recently, people have begun to worry about espionage supported by businesses and the government. Lovlin said that Facebook has never found anyone infiltrating the company to steal intellectual property, but this is a problem that the security team will worry about. It has taken anti-espion measures and tried to “alleviate these potential risks”.
In December 2018, Facebook temporarily withdrew from the headquarters after receiving a bomb threat against the office. No one was injured and no explosive devices were found. Lovlin declined to provide more information about the incident.
Occasionally, unauthorized drones fly over Facebook's campus because drone operators try to see what's going on inside Facebook's sacred walls.
Of course, most activities are not malicious. Visitors also traveled in groups to Facebook and other Silicon Valley campuses, trying to take a look at famous companies around the world, or just taking a photo next to the iconic thumbs-up company brand. This made the security team have to track a large number of tourists. (“ 99% of rejected visitors are tourists. & nbsp; Lovlin said.)
The company uses technology solutions to help them solve all of these problems. It uses a license plate scanner to check the visitors' vehicles to see if they are on the blacklist or belong to BOLO visitors —— this helps identify the sneak sneak into the park. The company also explored the use of facial recognition cameras to monitor people coming and going, but the technology was ultimately not used.
There is also a “red team” in the company, which is a “penetration test” department that attempts to break into the company's factory building in a creative way to test its security defense capabilities. Managers are sometimes recruited to help with these security tests, exchange access cards, and try to get away with others. (Facebook security guards get photos of the company's leadership so they can get familiar with their faces, just like posting BOLO guest lists and photos before the event.)
In the worst case, Facebook also arranges improper police officers with guns, although many employees are not aware of their existence.
Facebook's security nerve center guards the safety of 80,000 employees worldwide
In November 2015, when the terrorists attacked the Batakran Theatre and other venues in Paris, France, Facebook's GSOC (Global Security Operations Center) quickly moved.
GSOC is the nerve center of the physical security infrastructure of the social network, monitoring threats, managing problems, and analyzing large amounts of data. This is a large room with dozens of computers and a large screen on the wall. It monitors the overseas journey of all employees. As the attack unfolded, the security team quickly collected data from Facebook employees in the area to see if they were hurt and asked them to report with Everbridge, the notification software.
In this terrorist attack, no Facebook employee was hurt, but it strengthened GSOC's role as a key node for Facebook to protect employee safety, especially during times of crisis.
In addition to being open 24/7, GSOC also uses its monitoring capabilities to oversee the environment surrounding executives' homes & mdash;— from Zuckerberg's surveillance videos to local shootings that may affect Facebook employees in the region. Lovlin said one of the most important daily challenges he handled was the recent problems caused by the deadly tornado in Alabama and the protection of employees and factories from harm. This is an extreme example of the recent.
GSOC has three outposts in the rest of the world to provide round-the-clock service: one in London, covering Europe, the Middle East and Africa; one Asia-Pacific base in Singapore; and the third in Sao Paulo, Brazil, responsible for Latin America. It also compiled a "Daily Newsletter". This is a regular intelligence document that organizes recent security issues, potential new issues, employees in high-risk locations, and other data points in the company's leadership. (Some investigations and studies were also conducted by the Global Security Intelligence and Investigation Agency GSII.)
It also handles some of the user-centric features of Facebook. It helps to run a Safety Check, a feature of Facebook that allows users to report their peace messages to their friends after terrorist attacks, natural disasters and other crises, including the Paris attacks of 2015. And post an amber alert on Facebook to help find missing children and donate blood. Throughout 2018, security check functions have been activated in more than 690 locations, and more than 37 million users report their own security messages.
The global security department has developed a wide range of security plans and best practices for a variety of possible events. Are the executives kidnapped? Inform the law enforcement department, get proof that the executive is still alive, contact the kidnapping and ransom insurance company, and then proceed from the next step. Encounter gunmen? Collect key information about the location and face of the gunman, call the local law enforcement agency, issue an emergency notice, block the building or evacuate the building if necessary, and so on.
Unexpectedly sent to the executive's home package? Know who sent the package, alert the event, and send the package to the GSII without opening the package. The media appeared outside Zuckerberg's residence? Find out who they are, why they are there, send people to communicate with them, and notify the police at the request of the management or executive protection team.
Such agreements are by no means unique to Facebook; they provide a clear, consistent framework for doing things in times of crisis. But this shows Facebook's current challenges in protecting employees around the world, from civil crisis to safe dismissal “high-risk employees”.
Whenever a new plant is built, Facebook must be prepared similarly: When Facebook built a new headquarters designed by Frank Gehry in Menlo Park, it was forced to consider security threats ranging from seismic risks to earthquake risks. The possibility of falling into the park from an airplane taking off from San Francisco International Airport.
Theft, fight, appointment after work: The challenge of managing Facebook employees is great
In a large organization like Facebook, tens of thousands of employees are equivalent to the population of a small city. Maintaining order means protecting the perimeter from external threats and controlling internal threats.
A source said that a few years ago, when many employees' headsets were missing, the company installed a covert mobile camera to monitor the desk, and found that an employee stole these items for sale online. A Facebook spokesperson said that sometimes, items were misplaced when the office was relocated and then misidentified as theft.
But the open tradition of Silicon Valley can complicate things. For example, a prototype of an Oculus virtual reality helmet was stolen in a conference room. Like many companies, there is no surveillance camera in Facebook's office, and the large open design of the office means that there may be hundreds of suspects and you can't narrow it down. You can't take any effective security measures, this prototype helmet has never been found.
When talking about Facebook's open office environment, Lovlin said: "The company has determined that we really need an open office environment that promotes our cooperation. Therefore, the risk we are willing to accept in the office is this open office environment. Our next concern will be how we can reduce this risk. “This includes everything from proactively screening intelligence to setting up physical monitoring points and deploying security staff around the office.
Facebook also offers its employees free vending machines with spare charging cables, headsets, computer mice and other items —— this may be another source of theft. (Lovlin said that these thefts are not common.).
Employees sometimes try to use the video chat app to have their friends visit the office virtually, which is a violation of the rules. At least one employee was arrested and allowed to enter the park without authorization.
The fact that the office is open 24/7 also means that NSFW may not occur (not suitable for work time): employees are found to have a one-time behavior in the office every three months on average. (Security guards may issue warnings to HR departments, but couples are usually not fired.) On the other hand, family disputes may also have an impact on the workplace: there is at least a couple of restrictions on couples working on Facebook, forcing They work in different locations.