Facebook now warns of government hack, but it won’t tell you how it knows

The social media giant has developed a system where it can tell users about possible scrutiny by government agencies, with a catch.

A new Facebook feature may change the face of cybersecurity for users.

Paul Sakuma

October 19, 2015

Facebook has launched a new security measure that users should hope they never have to see: a notification telling them that Big Brother is watching.

In a statement released Friday, Oct. 16 by chief security officer Alex Stamos, Facebook announced it will now explicitly notify users whose accounts it finds have been compromised by state-sponsored actors –  attacks that the company claims “tend to be more advanced and dangerous than others.”

Users will be notified by a pop-up message (“Please Secure Your Accounts Now”), and will be advised to activate Facebook's two-step authentication process, called Login Approvals.

They took up arms to fight Russia. They’ve taken up pens to express themselves.

Facebook also warns those receiving the notification that their hardware may be infected with malware. "Ideally, people who see this message should take care to rebuild or replace these systems if possible," wrote Mr. Stamos in his post.

Facebook may be the first major social network to publicly launch an anti-government-hacking campaign (others like LinkedIn and Twitter have so far made no public initiative), but it is three years behind Google, who began notifying its users potentially at risk of a state-sponsored attacks in 2012.

Despite Facebook’s new move, which has received praise from Internet freedom organizations, including the London’s Open Rights Group, the social media platform is remaining tight-lipped on exactly how it can detect potential state-sponsored hackers.

“To protect the integrity of our methods and processes, we often won't be able to explain how we attribute certain attacks to suspected attackers,” Mr. Stamos wrote in the statement. “That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion. We hope that these warnings will assist those people in need of protection, and we will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook.”

Investigators exposed a major state-sponsored hack from China last February when the sensitive details of Anthem Inc.’s 80 million customers’ Social Security numbers were stolen by Chinese state-sponsored hackers.

Ukraine’s Pokrovsk was about to fall to Russia 2 months ago. It’s hanging on.

“Twenty years ago, reporting a bug to a big company might fetch a well-intentioned programmer a T-shirt, credit on a website or a small bounty. But more often than not, such people were ignored or even threatened with criminal prosecution,” wrote New York Times cybersecurity reporter Nicole Perlroth.

Nowadays, companies will actually hire hackers – and pay them a bonus – for finding bugs. Facebook seems to be using similar methods for privacy protection, but how the company is able to get hold of sensitive government information – or how “an attacker suspected of working on behalf of a nation-state” – is kept quiet. And one Facebook doesn’t plan on revealing anytime soon.