Victim of state spying? Facebook will tell you
The
social network will now explicitly warn users it fears are being targeted by
state-sponsored hackers
Facebook
will warn users who are being targeted by state-sponsored hackers, the company
has confirmed. Photograph: Facebook/PA
Monday 19 October 2015 08.57 EDTLast modified on Wednesday 21 October 201504.37 EDT
Facebook will explicitly notify users it
believes have been targeted by an attacker suspected of working on behalf of a
nation state, the company has announced.
Users whose accounts are targeted or
compromised by state-sponsored hackers will now receive a notification upon
login, warning them that “we believe yourFacebook account
and your other online accounts may be the target of attacks from
state-sponsored actors”.
The user is then prompted to turn on
Facebook’s “login approvals”, a form of two-factor authorisation which texts a
login code to the user when they (or anyone else) tries to access the app using
their phone.
The company’s chief security officer, Alex
Stamos, explains that the warning is necessary because government-sponsored
attacks “tend to be more advanced and dangerous than others”, necessitating
active defence on the part of the target. He also emphasised that being the
target of such an attack may indicate that other devices have already been
compromised. “Ideally, people who see this message should take care to rebuild
or replace [their computers or mobile devices] if possible.”
Stamos declined to explain how Facebook
identifies attacks from nation states as opposed to conventional malicious
actors, citing the need “to protect the integrity of our methods and
processes”. But specialists in “advanced persistent threats”, such as large
criminal enterprises and nation-states, say there are a number of tell-tale
signs that can point towards such an actor.
Jason Meller, the chief security strategist at
cybersecurity firm FireEye, said that Facebook is helped by the fact that
targeted hacks often use information gleaned from the social network as part of
the opening volley. “Spear phishing” attacks, which aim to entice a specific
target into opening an infected attachment, clicking a malicious link, or
sharing personal information, “require the attacker to learn as much as
possible about the potential victim” to ensure success, Mueller said. Often,
that involves harvesting information from social networks.
“If
Facebook is able to detect this initial reconnaissance activity (like a sudden
spike of profile views from new Facebook accounts not friendly with the target)
and correlate it with other network and behavioural indicators that match an
advanced attacker, then it stands to reason they can proactively warn a user
with a limited degree of confidence,” Meller said.
He continued: “Facebook has built a great team
of security professionals with a deep level of experience on nation-state
attacks. Their vast amount of users around the globe would likely allow an
adversary a wide choice of government users to target via this social media
channel for access to the assets those targeted individuals have access to at
their work sites.”
Facebook’s move was welcomed by digital rights
organisations. Jim Killock, the head of London’s Open Rights Group, said that
the move was “very welcome” for people who live under highly oppressive
governments. However, Killock warned: “Facebook needs to continue to work with
citizen groups in the USA and Europe to ensure that surveillance laws do not
allow broad access to the databases of companies like Facebook.”
No comments:
Post a Comment