October has always been John Flynn’s favorite time of year, but this year, it’s even better. He gets to spend the month trying to hack into a fleet of Facebook computers equipped with a new kind of security tool — a tool that takes computer security beyond the password.
Since jumping to Facebook from his job at Google a few years ago, Flynn has been part of the Facebook security team that masquerades as bad guys during the month of October, doing their best to bust into the corporate network that underpins the social networking giant. They call it “Hacktober,” and the idea is to find the holes where the real bad guys might attack the company. Last year, Flynn and other Facebook security engineers created a fake news story designed to spread a computer worm around the network.
Flynn — who goes by the nickname “Four” — won’t say what’s in store for Facebook’s employees this October, but one thing seems certain: Hacking them is going to be that much more of a challenge. Over the past year, the company has equipped many employee systems with Yubikeys, a little pieces of hardware that let employees securely log into machines with the tap of a finger. This nifty tool can make it that much harder for hackers to bust into a corporate network and do whatever they want — even if the hacker manages to take command of an authorized network machine.