News & Updates

Is Facebook’s State-Sponsored Attack Alerts an Overreaction?

Yes. You read it correctly – one of the biggest online social network operators has now implemented a system which alerts its users of state-sponsored cyberattacks.

State-sponsored what? State-sponsored operations, typically distinguished from cyber criminals or hackers, are more sophisticated and highly organized – aimed at data-gathering, cyber espionage or sabotage. In the past, state-sponsored attacks were patterned to make use of memory corruption vulnerabilities which translates to malware attacking basic operating systems and appliances. These days, we see web applications using Java and .NET to gain entry into datacenters and computer systems targeting airports, telecommunication providers, and even government agencies. For examples, see Flame aimed at Middle Eastern countries and Stuxnet targeting the Iranian nuclear plant.

As we witness the increasing number of state-sponsored attacks, Facebook reacted by introducing (a not so new feature as Google had it for Gmail since 2012) a new feature which warns users of possible attacks and activating its “Login Approvals”. In effect, you will receive an authentication code on your registered mobile phone for logging in every time your account is accessed from a new device.

Alex Stamos, Facebook’s Chief Security Officer explains that these steps are necessary as “[state-sponsored attacks] tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”

Perhaps this issue had received less attention than it is due. William J. Lynn, U.S. Deputy Secretary of Defense, states that:

“as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.“

It is only the tip of the iceberg when trying to determine whether an attack is state-sponsored or had sprung from an independent source. It is no simple task to distinguish one from the other and such exercise involves intricate and complicated methods of investigations. Perhaps this explains why Facebook’s notification says:

“To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.”

Needless to say, if you receive such a notification, chances are that your computer has been infected with malware which had given the attacker a point of entry and you should consider “rebuilding” your system. In the meantime, it seems that we would be seeing more steps taken by Facebook in this arena as it rolled out yet another tool called Security Checkup sporting similar login alerts and auto account log-outs.

Leave a Comment