A brand new type of notification has been launched by Facebook. This one will tell you that your account is being targeted by someone who works for a nation state. A blog post has been created by the Facebook security team in order to explain the move.
While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.
Facebook is keen to tell its users that this notification means that their account is under attack, but that it doesn’t mean Facebook itself is being hacked. Rather than being an issue with Facebook, in other words, it is an issue with the device that the user is accessing Facebook with. They may, for instance, have malware on their machine that could be putting all their accounts, not just Facebook, at risk.
Interestingly, Facebook is not divulging how it will define what an attack by a nation state is, nor how it will tell them apart from a small scale hacker. In fact, they have released an official statement to explain that they will often not be divulging this information.
To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.
So what does this mean? Basically, if you receive the notification from Facebook, you will know that there is something seriously wrong. The recommendation is then that you completely rebuild or even replace your current operating system. Additionally, you should change your passwords on all the different accounts you have. Facebook also recommends that all users turn on login approvals as standard on their accounts. This will mean that, if their account is being accessed from an unknown device, they will have to authorize this first.
State sponsored cyber attacks are very real and they can target anybody. The existence of this type of threat became more widespread last year, when Sony Entertainment was attacked by North Korea. It was confirmed by the FBI that the hacker group responsible for the attack had been asked to do so by the North Korean government.
Several times either because they forgot or they had a technical problem they connected directly and we could see them. And we could see that the IP addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans.
When Guardians of Peace, the group behind the attack, hacked into Sony, they shut down the company’s entire computer systems. Additionally, large amounts of personal information, including names and salary details, were publicly revealed. It is believed that the attack came as a response to the movie The Interview, in which the country’s dictator was portrayed.
The Sony hack was addressed again recently at the Vanity Fair conference. Here, John Carlin, the Department of Justice’s assistant attorney general for national security, addressed the potential seriousness of nation state attacks. He stated that these types of attacks can be particularly brutal and hard to fight against. Unfortunately, no firewall is high enough to stop them. It is for this reason that it is so important to have an early notification system in place.
We hope that these warnings will assist those people in need of protection and we will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook.