Now Facebook Will Notify You If State-Sponsored Hackers Compromise Your Account

A targeted attack notification.

Image from Facebook

You may not think there’s any reason for North Korea to personally target you for a cyberattack, but who knows! Totalitarian dictatorships are nothing if not mercurial. Even if you never have a Sony Pictures–style moment, there is still a lot of state-sponsored malware floating around the Internet for various surveillance and reconnaissance programs. And if you’re compromised, Facebook wants to warn you.

On Friday, the company’s chief security officer Alex Stamos announced “notifications for targeted attacks” that tell you if something fishy/phishy is going on on your account, which could mean that your device itself has malware running on it. Stamos is quick to clarify that “this warning is not related to any compromise of Facebook’s platform or systems.”

What’s less clear is which nation-state malware will trigger the alarm. I asked Facebook if malware that is known to be used by the U.S. government for surveillance will prompt a notification, but the company hasn’t responded. I’ll update if it does.

Stamos did write:

To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion.

Just gotta take their word for it. As Gizmodo points out, Google has offered a similar feature since 2012. It’s great to give people more security monitoring and information, but Facebook itself alludes to one problem with the notifications: People probably won’t know what to do if they get one. Stamos says, “Ideally, people who see this message should take care to rebuild or replace these systems if possible.” That would be ideal.

Of course, it’s not Facebook’s responsibility to do everything for us (as much as it may want to), but the notification feature serves as a reminder that users don’t always feel empowered to take charge of their personal cybersecurity. Hopefully you’ll never get one of Facebook’s “notifications for targeted attacks,” but it’s good to be ready in case you ever do.