Facebook warns users of ‘state sponsored’ hacking

Facebook has announced a new system for alerting users when their accounts have been compromised by “state-sponsored actors,” the latest measure taken by the social network to convince users that it is a partner against unlawful government surveillance and espionage.

Alex Stamos, Facebook’s Chief Security Officer, said in a post over the weekend that a warning message will now pop up any time a user tries to log into an account believed to be targeted by a “nation-state.” According to a screenshot of the new warning, it reads: “We believe your Facebook account and your other online accounts may be the target of attacks from state-sponsored actors.” It then instructs the user to switch on login approvals, which require the user to enter a security code sent by phone.

The warning is the latest public effort by Facebook to introduce new security protections for its users, possibly to roll back some of the damage to its reputation in the wake of the Edward Snowden leaks. They revealed that Facebook and other Silicon Valley giants like Google and Microsoft were actively collaborating with the National Security Agency’s PRISM data-collection program, calling into question Facebook's status as a global platform for free expression.

Ever since, the security leadership at Facebook has shifted gears. Earlier this year, it became the first major social media platform to introduce a “dark” version of its website, allowing users to hide their location by logging in via the surveillance circumvention software TOR.

One interpretation of Facebook's new “state-sponsored” warning system is as a public relations push “to assuage fears outside the U.S., since Facebook has been collaborating with U.S. government entities and handing over data,” said Franz-Stefan Gady, a senior fellow at the EastWest Institute and a founding member of the Worldwide Cybersecurity Initiative. Alternatively, it could also be a message to “whomever is mining these systems” that Facebook is cracking down.

Still, skeptics are doubtful that new digital protections will apply equally to the surveillance and cyber espionage tactics that every global power is engaged in — from the NSA's big data collection and the British GCHQ's “Smurf” malware tools, to the burgeoning cyberespionage capabilities wielded by Western rivals like Russia, China and Iran.

Experts also noted that the algorithms Facebook uses to determine the identity or affiliation of an attacker remain confidential, making it difficult to know how effective they are. Often, the fingerprints of a state-sponsored actor can be detected by the highly advanced nature or resources required of an attack, or by its targets: namely, government officials or corporate executives with access to sensitive information. But “these sorts of things are happening every second on the Internet,” Gady said, “and it would be really tricky to figure out who is behind every attack.”

Prior to the new warning, Facebook was already alerting its 1.4 billion users when they suspect an account may have been compromised by a hacker or by malware planted on their computer or mobile phone. It is taking extra care to warn about state involvement “because these types of attacks tend to be more advanced and dangerous than others,” Stamos wrote, “and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”

Cyber security experts generally welcome any steps to alert users to the dangers of these types of attacks, especially phishing — when users are tricked into clicking malicious links or downloading spyware onto their computers — which are the most prevalent attacks on Facebook. “By warning users of the ‘state-sponsored’ nature of an attack, it alerts the user to the fact that they, individually, are targeted,” said Morgan Marquis-Boire, a senior researcher at the University of Toronto’s Citizen Lab. “This is different in character to many of the crimeware, banking malware, adfraud, and other types of malware attacks commonly encountered online.”

According to recent data, the number of active phishing schemes – of the state-secret or the more common, financial variety – is rising. Some of the most sophisticated attacks even involve long-term schemes of social engineering. In one instance, actors believed to be linked to Iran set up a fake news website, called Newscaster, maintaining believable Facebook and LinkedIn profiles for each of its reporters that the hackers used to forge online relationships with high-level U.S. government officials.