Facebook steps up to protect its users’ privacy against nation state spies

Facebook has assumed the somewhat surprising role of privacy champion for its users, claiming it will stand up and inform users when it believes that their accounts have been spied upon by government spooks. “Starting today,” says Facebook’s chief security officer, Alex Stamos, “we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation state.

“We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.”

How Facebook can detect if an attempted ‘compromise’ is being made by a sinister nation-state rather than a common-or-garden hacker is not revealed. Instead Mr Stamos implies that Facebook has its own secret methods and if he had told us, he’d have had to shoot us.

“To protect the integrity of our methods and processes, we often won't be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.”

It’s not clear whether users are to be sealed from the ALL nation states’ security agencies, or just those not headquartered near Washington DC.

The UK’s own effort, GCHQ, was fingered in a leaked document last year in which a long list of the  agency’s capabilities were revealed, including details on how it launched attacks on Facebook, as well as Twitter and Second Life. It  used a ‘malware toolkit’ with individual tools named after characters in the Smurfs TV series. These Smurf tools could turn on Android and iPhone microphones to record conversations, track device geolocations and switch phones on and off.

Whether the Smurf’s copyright owners are going to sue the UK authorities is, as yet,  unknown.