Half-Measures? Facebook Warning Users of State Sponsored Attacks
In perhaps a subtle stab at the NSA and other surveillance agencies, Facebook has joined Google in informing users when it suspects they are being victimized by state-sponsored hacking.
Users who fall into this category will now receive a warning when they login to Facebook along with information regarding “approved logins,” a form of two-factor authentication Facebook uses. Approved logins work like many two-factor systems, sending a text message to the user with a login authorization code.
Facebook isn’t disclosing how it differentiates between a state-sponsored hack and a regular hack, but it also advises users to replace their operating systems when such compromises happen.
More likely than not, the thinking goes, the Facebook account is not the only thing the malicious actor has access to at that point. Certain things, no amount of password hygiene can prevent. With catch-all nexuses now in existence which make copies of all traffic and then proceed to try and decrypt it, it’s difficult anymore to know exactly how much privacy anyone can expect online. More and more the cultural attitude veers toward expecting none.
Services like Facebook and webmail have been huge contributors to the problem, in that their business models rely on knowing as much as possible about their userbase. Thus, users are encouraged to surrender details and trust that the companies, such as Facebook, are not somehow vulnerable to compromise. In any case, no one can fault Google and Facebook for being loyal enough to their users to let them know. It’s unclear as of yet what backlash there might be from various regimes as a result.
Speaking to TechCrunch, Facebook Chief Security Officer said, “We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”
Certain countries like Israel, Saudi Arabia, China, Iran, and even the United States and the United Kingdom would certainly like to know more about the social media goings-on of their citizenry. In recent times, Palestinian resistance movements have been organized via social media, rather than locally, and Mossad could gain serious insight into the plans of Palestinian activists simply by gaining access to their Facebook accounts.
New, decentralized, cryptographically unbreakable systems are required so long as repressive regimes exist. Facebook’s actions are only anecdotally in the right direction since the existence of centralized servers means that they must eventually answer to the authorities if they want to stay in business at all. Alternative models which have no central point of failure and are difficult to trace from hub to spoke would be better in terms of promoting human freedom.
Images from Shutterstock.