Facebook will warn you about ‘government-sponsored’ attacks

We’ve all been there: you’re going about your business, harbouring state secrets and attempting some low-key espionage, when out of the blue, international aggressors start targeting your computer.

Fortunately, Facebook has now pledged to notify you if your account has been targeted by an attacker suspected of working on behalf of a nation-state.

So if, for example, Chinese hackers are surreptitiously crawling through your “NYE 2013 mash-up” photo album, Facebook will now do its best to let you know.

Here’s an example of what the notification will look like on the desktop version of Facebook’s website:

“While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored,” writes Alex Stamos, Facebook’s Chief Security Officer.

“We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”

Stamos explains that the warnings aren’t related to a compromise of Facebook’s own platform or systems.

Instead, it claims that if your account is compromised by an agent from another country, it’s probably because your computer or mobile device has been infected with malware.

“Ideally, people who see this message should take care to rebuild or replace these systems if possible,” explains Stamos.

Related: Best Free Antivirus 2015

Stamos also confirms that Facebook won’t be explaining how it attributes certain attacks to suspected attackers.

That’s because the company wants “to protect the integrity of [Facebook’s] methods and processes”.

However, Jason Mueller, Chief Security Strategist at security firm FireEye, suggests a theory as to how Facebook may pick up on potential attackers.

“Crafting a successful spear phishing campaign for a particular
target requires the attacker to learn as much as possible about the
potential victim to maximise the chance of that victim clicking a
malicious link or attachment,” Mueller tells TrustedReviews.

He continues: “The data collection that makes
this possible often starts with attackers visiting social media outlets
like Facebook and LinkedIn.”

Mueller adds: “If Facebook is able to detect this
initial reconnaissance activity – like a sudden spike of profile views
from new Facebook accounts not friendly with the target – and correlate
it with other network and behavioural indicators that match an advanced
attacker, then it stands to reason they can proactively warn a user with
a limited degree of confidence.”

To that end, Sean Sullivan, of online security firm F-Secure, suggests that Facebook may be using a “human driven” process, not automated, to uncover state-sponsored attacks.

“Facebook is widely used among human rights advocates and attorneys,” says Sullivan, speaking to TrustedReviews. “When advocates report being targeted, I suspect that Facebook’s security team is readily able to cross-reference IP addresses which interact with and target various accounts. And so Facebook is then able to draw connections between people that might benefit from such notifications.”

Sullivan adds that the security team will have to use notifications sparingly at first to avoid confusion, but that it’s a “good first step”.

But exactly how big is the threat from nation-states? According to Tony Cole, government CTO at FireEye, there’s serious potential for damage due to Facebook’s huge user-base.

“The data collection that makes this possible often starts with attackers visiting social media outlets like Facebook and LinkedIn,” Cole tells us. “With over 1.23 billion monthly active users, Facebook has a large amount of high-value individuals from the government sector and private sector on whom to conduct reconnaissance and also target them through the Facebook platform itself. Compromising these individuals could lead to the later breach of their high-value employers or friends.”

The security expert continues: “Facebook has clearly built a great team of security professionals with a deep level of experience on nation-state attacks to address this. With this team and such a large set of data to work with, Facebook choosing to now notify their users of potential nation-state attacks clearly highlights how this has become a problem for the masses and that every individual needs to think about protecting sensitive data – whether theirs or those individuals or organizations around them.”

It’s not yet clear whether Facebook, which is based in the USA, will inform users about any invasions by US government intelligence agencies.

Check out our smartphone buyer’s video guide below: