Facebook To Warn Users Of Government Spying — But Won’t Tell You Who

Facebook has announced it will begin giving its users a warning when the company suspects an account has been targeted or compromised by a cyber spying attack from a nation-state or state-sponsored actor, reports Mashable.

In a post on Facebook’s official privacy page, Facebook chief security officer Alex Stamos wrote, “Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state.”

“While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”

Alex Stamos, Facebook

Facebook will warn users of potential spying through boxed pop-up messages, and encourage them to secure accounts by way of a two step authentication. The warning message will contain a link directing Facebook users to a page where they can activate an existing feature, that adds an extra layer of security to their Facebook account. Facebook will then send users a verification code to their mobile phone, which will then need to be entered, in combination with a password.

Facebook warning message
The warning message users will receive when Facebook suspects government hacking and spying.

The Facebook announcement comes in the wake of revelations from former National Security Agency contractor Edward Snowden about the extent of government spying and surveillance. When speaking about Facebook during a satellite address to Bard College just hours before this announcement, Snowden urged the social network to “decide who they work for; the government or the people who use their services,” according to Newsweek.

The move sees Facebook follow in the footsteps of Google, who started doing the same thing in 2012, notifying users when it suspected they were being attacked by spying, state-sponsored hackers.

At the time, Google made a very similar statement which read “our detailed analysis — as well as victim reports strongly suggest the involvement of states or groups that are state-sponsored.

“You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors”

Google, 2012

Just like Google, Facebook won’t offer any details as to why it suspects a user’s account has been compromised, and will not identify which state or government is culpable for cyber spying.

“To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.”

Facebook, 2015


The warning doesn’t relate to the compromise of the Facebook platform itself, but a Facebook account being compromised may indicate a computer or mobile device has been infected with spying malware. Stamos also advised that Facebook users who have been attacked should “rebuild or replace” their computer system, as it is highly likely to be infected with spying software.

There are a number of spying malware programs believed to have been created by government-backed hackers, such as the Stuxnet, thought to have been built by the U.S., Duqu, DarkSeoul, supposedly from North Korea, China’s ShadyRAT and Russia’s The Dukes malware, reports ZDnet.

In the statement, Facebook also underlines its commitment to protecting the security of users, affirming that it will continue to develop the company’s ability to prevent and detect spying attacks of all kinds against people on Facebook. The company has also joined forces with Google, Yahoo and others to oppose the CISA bill currently being proposed by the U.S. government, on the grounds that it has an excessively wide remit, according to ItPro.

[Photo by Dan Kitwood/Getty Images]