Facebook has launched a new feature that notifies users if their accounts have been targeted by government-sponsored hackers.
In a one billion-plus users about how to secure their accounts—Facebook’s chief security officer, Alex Stamos said users would be notified “if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state.”
The notification will advise users to turn on a feature called Login Approvals, which sends them a new security code that must be inputted each time an account is accessed from a new device or browser.
Stamos said that receiving such a notification was not an indication that Facebook’s central systems had been compromised but rather that the user’s computer or mobile may be infected with malware and should be rebuilt or replaced if possible.
Facebook would not reveal how it attributed certain attacks to state-sponsored actors, Stamos added, but that it would only use the notification system “where the evidence strongly supports our conclusion.”
In 2013, conducting widespread surveillance operations, including the allegation that the U.S. National Security Agency hacked directly into the servers of nine internet firms including Facebook.
North Korea was also accused of state-sponsored hacking after the December 2014 cyberattack on Sony Pictures Entertainment, which resulted in the personal details of around 6,000 Sony employees being leaked online, as well as information about upcoming films and salaries of the company’s top executives. North Korea denied any involvement.
During his recent visit to the U.S., Chinese President Xi Jinping denied that Beijing engages in state-sponsored hacking.
Facebook Chief Security Officer Alex Stamos has announced that the social network will now inform users if it believes their account has been compromised by a government agency.
Stamos writes that “while we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored”.
He added that such attacks “tend to be more advanced and dangerous than others”, meaning that users who are thus compromised should take great care in addressing them.
Facebook identifies the primary source of such attacks as users’ own computers and mobile devices, infected by malware tools such as GCHQ’s ‘Smurfs’, revealed in documents leaked by NSA whistleblower Edward Snowden. Facebook says that its own service is unlikely to be the origin of such security breaches, stating that “it’s important to understand that this warning is not related to any compromise of Facebook’s platform or systems” and suggesting that users who see the message “rebuild or replace” their affected hardware.
Unfortunately, Alex Stamos didn’t go into detail about exactly how Facebook would be able to distinguish accounts compromised by “an attacker suspected of working on behalf of a nation-state” from more commonplace private-sector hacking attempts, but said that the company would “use this warning only in situations where the evidence strongly supports our conclusion”.
Want to be a GCHQ spy? Play this game Want to be a GCHQ spy? Play this game
Facebook appears to be promising blanket announcements of malicious activity originating with any government’s intelligence or law enforcement agencies, saying that it hopes to “assist those people in need of protection” without giving any indication that it will, for example, warn people of attacks by Chinese authorities, but not British ones.
Known malware tools used by British intelligence services include Nosey Smurf, which turns on your mobile device’s microphone to spy on conversations, Tracker Smurf, which reports your geolocation data, and Dreamy Smurf, which surreptitiously switches phones on.