Facebook announced that it would notify users who it suspects are being targeted by state-sponsored hackers. Here’s what you need to know.
In a post on the social networking site made on Friday, Alex Stamos, Chief Security Officer at Facebook, revealed that the firm would notify users whom it believes have “been targeted or compromised by an attacker suspected of working on behalf of a nation-state.”
State-sponsored attacks have risen dramatically in recent years, and, as I mentioned in a piece last month, despite an agreement between China and the United States intended to curtail such attacks, I do not believe that the volume of attacks will drop any time soon. Hackers have also been increasingly focusing attention on social media — seeking, for example, to obtain overshared information in order to craft more successful spear-phishing campaigns or conduct virtual kidnappings — so they are quite familiar with the platforms, their security, and the treasure trove of data found within them. They also know that it is often easier to breach personal accounts belonging to people in positions of power than it is to breach official systems, and that a compromised personal account can be exploited in various fashions in order to gain access to other resources (e.g., social engineering using the data found in the social media account, using Facebook authentication elsewhere, etc.), so Facebook accounts are a natural target for state-sponsored actors.
State-sponsored actors are also typically better equipped than most other hackers, and more likely to succeed in their endeavors. As Facebook noted “While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”
Furthermore, evidence of a state-sponsored attack against someone’s Facebook account may also serve as a warning that other attacks against that party have already been successful; the Facebook account may have been breached via a compromised device. As Stamos noted “having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware. Ideally, people who see this message should take care to rebuild or replace these systems if possible.”
It should be noted that Facebook will not issue the warning for all attempts to breach an account; this warning is specifically sent to users “only in situations where the evidence strongly supports our [Facebook’s] conclusion” that government-sponsored agents are at work.
Facebook was sure to clarify that “this warning is not related to any compromise of Facebook’s platform or systems.”
To help prevent your account from being compromised in the first place, it might be wise to turn on on Facebook’s “Login Approvals” feature–which requires anyone logging into your account to have access to your phone in order to receive a code texted to the device upon login.
An example of Facebook’s new notice appears here. If you receive one, I would suggest turning on Facebook’s strong authentication if you have not done so already, and consulting a cybersecurity expert immediately to make sure you aren’t already compromised elsewhere.