Facebook now warns of government hack, but it won’t tell you how it knows

The social media giant has developed a system where it can tell users about possible scrutiny by government agencies, with a catch.

Paul Sakuma
A new Facebook feature may change the face of cybersecurity for users.

Facebook has launched a new security measure that users should hope they never have to see: a notification telling them that Big Brother is watching.

In a statement released Friday, Oct. 16 by chief security officer Alex Stamos, Facebook announced it will now explicitly notify users whose accounts it finds have been compromised by state-sponsored actors –  attacks that the company claims “tend to be more advanced and dangerous than others.”

Users will be notified by a pop-up message (“Please Secure Your Accounts Now”), and will be advised to activate Facebook's two-step authentication process, called Login Approvals.

Facebook also warns those receiving the notification that their hardware may be infected with malware. "Ideally, people who see this message should take care to rebuild or replace these systems if possible," wrote Mr. Stamos in his post.

Facebook may be the first major social network to publicly launch an anti-government-hacking campaign (others like LinkedIn and Twitter have so far made no public initiative), but it is three years behind Google, who began notifying its users potentially at risk of a state-sponsored attacks in 2012.

Despite Facebook’s new move, which has received praise from Internet freedom organizations, including the London’s Open Rights Group, the social media platform is remaining tight-lipped on exactly how it can detect potential state-sponsored hackers.

“To protect the integrity of our methods and processes, we often won't be able to explain how we attribute certain attacks to suspected attackers,” Mr. Stamos wrote in the statement. “That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion. We hope that these warnings will assist those people in need of protection, and we will continue to improve our ability to prevent and detect attacks of all kinds against people on Facebook.”

Investigators exposed a major state-sponsored hack from China last February when the sensitive details of Anthem Inc.’s 80 million customers’ Social Security numbers were stolen by Chinese state-sponsored hackers.

“Twenty years ago, reporting a bug to a big company might fetch a well-intentioned programmer a T-shirt, credit on a website or a small bounty. But more often than not, such people were ignored or even threatened with criminal prosecution,” wrote New York Times cybersecurity reporter Nicole Perlroth.

Nowadays, companies will actually hire hackers – and pay them a bonus – for finding bugs. Facebook seems to be using similar methods for privacy protection, but how the company is able to get hold of sensitive government information – or how “an attacker suspected of working on behalf of a nation-state” – is kept quiet. And one Facebook doesn’t plan on revealing anytime soon.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.