Facebook to Flag When Nation States Try to Access Accounts

Facebook has announced it will be monitoring for and notifying users if it spots signs of nation state-sponsored targeted attacks.

Users suspected of being targeted will get a pop-up message in their feed explaining what has happened and asking them to switch on Login Approvals.

With that feature enabled, whenever the account is accessed from a new device or browser, Facebook will send a security code to the user’s smartphone.

“While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored,” said Facebook chief security officer, Alex Stamos.

“We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”

Stamos was at pains to point out that any notification of a possible nation state attack indicates a compromise via the user’s PC or mobile device rather than the Facebook platform.  

“To protect the integrity of our methods and processes, we often won't be able to explain how we attribute certain attacks to suspected attackers,” he added. “That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.”

The move brings Facebook in line with its Silicon Valley rival Google, who began sending users alerts like these a few years back.

Security experts largely welcomed the move.

"It would be easy enough to dismiss this as something of a publicity stunt, but without these notifications users are unlikely to know that they are at risk,” Bloxx head of product management, Jim Black, told Infosecurity.

“If as a result of these pop ups they then take steps to strengthen the security associated with their other online accounts, well that can only be a good thing. The security industry talks a lot about consumers needing to be more security aware, and if these pop ups help, then they are to be welcomed."

It is unclear if Facebook will notify users if the US authorities are trying to access their accounts, although the risk of them being able to do so at the back-end forced one noted law student to take the issue to the European Court of Justice.

It famously ruled that as the privacy of such data couldn’t be guaranteed, the Safe Harbor agreement between the EU and US was invalid.

What’s Hot on Infosecurity Magazine?