Facebook Introduces Gov’t Attack Warning

data centre, facebook

Affected users should ‘ideally’ consider wiping or replacing affected devices

Facebook is to begin warning users if it suspects their accounts have been targeted by government-backed intruders, warning that in such a case users should consider wiping or replacing affected computers and mobile devices.

The company said it plans to send users a specialised alert (pictured) if it has a “strong suspicion” that a government was involved in an attack.


Malware risk

The Facebook warning message advises users to switch on a feature called Login Approvals, which sends a login code to the user’s mobile phone each time he or she accesses Facebook from a new location or device.

“Having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware,” said Facebook chief security officer Alex Stamos in an advisory published on Friday. “Ideally, people who see this message should take care to rebuild or replace these systems if possible.”

Stamos said the company created the specialised alert because government-sponsored attacks “tend to be more advanced and dangerous than others”.

Targeted attacks

He said the company will “often” not be able to divulge how it arrived at its attribution, in order to protect “the integrity of our methods and processes”.

“That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion,” he wrote.

Facebook accounts present a tempting target for attackers, since they provide access not only to a user’s detailed personal information and movements, but also to that of his or her list of contacts.

Automated tools aimed at spreading malware or junk messages typically use such access to send malicious messages to a user’s contacts, but targeted attacks can be used to gather information in more subtle ways, according to security experts.

Last year Facebook joined with ESET to offer users a free tool that scans an account to determine whether it has been used to spread junk messages or infected links.

Are you a security pro? Try our quiz!