Sign up to our newsletter
Facebook has announced that it will notify its users of a possible cyberattack on their account by an individual or group working on behalf of a nation-state.
Alex Stamos, chief security officer at the tech giant, explained that this new process is part of its ongoing commitment to boosting security across the social network.
He said that if Facebook, through its regular monitoring of questionable activity, detects that an account has either been targeted or compromised, it will quickly inform the possible victims.
The message that a user will receive will read as such: “We believe your Facebook account and your other online accounts may be the target of attacks from state-sponsored actors.
“Turning on Login Approvals will help keep others from logging into your Facebook account. Whenever your account is accessed from a new device or browser, we’ll send a security code to your phone so that only you can log in.”
Mr Stamos added that this additional warning is only shown in instances where the company’s security team believes an attack may have been sponsored by a nation.“It’s important to understand that this warning is not related to any compromise of Facebook’s platform or systems.”
The extra security measure, he continued, reflects the fact that state-sponsored cyberattacks are usually more advanced and dangerous than those delivered by other cybercriminals.
“It’s important to understand that this warning is not related to any compromise of Facebook’s platform or systems,” the expert elaborated.
“And that having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware.”
This policy is not new to the tech world. In 2012, Google announced that it was rolling out a similar programme to the one outlined by Facebook, whereby it would contact users if it thought their accounts had been attacked by state-sponsored cybercriminals.
As with Facebook, Google explained that while it understood many individuals would be curious to know how it identified that the attack was of this nature, it was unable to disclose such information.
“We can’t go into the details without giving away information that would be helpful to these bad actors,” Eric Grosse, Google’s vice president of security engineering, noted at the time.
“But our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”
Author Karl Thomas, ESET