Tag Archives: are your phone records safe from government agencies

State-sponsored attack? Facebook will now tell you ‘You’ve been hacked’

Just don’t expect Facebook to reveal how it knows when government hackers are coming after you.

facebook logo sign image www.socialselect.net

Facebook has started to notify users when it suspects they’ve been targeted by government-sponsored hackers, rather by than run-of-the-mill cybercriminals.

“Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state,” Facebook’s chief security officer Alex Stamos said in a Notes post on the weekend.

A state-sponsored hacker alert. Image: Facebook

The notification users will see when Facebook detects that they are probably being targeted by a state-sponsored hacker advises them to turn on its two-factor authentication feature, Login Approvals, which requires the user give Facebook their phone number.

Facebook sends users a login code to the person’s phone the next time it detects an account has been accessed from a new device or browser.

“We decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts,” Stamos said.

Facebook won’t be revealing how it tells when a state-sponsored hacker is targeting a particular user, although there are numerous pieces of known malware that are suspected to have been created by government-backed hackers, such as the Stuxnet, thought to have been built by the US, Duqu, DarkSeoul, supposedly from North Korea, China’s ShadyRAT and Russia’s The Dukes malware.

“To protect the integrity of our methods and processes, we often won’t be able to explain how we attribute certain attacks to suspected attackers. That said, we plan to use this warning only in situations where the evidence strongly supports our conclusion,” Stamos said.

The new hacker alert notifications join Facebook’s other security efforts, such as its security check-up tool, and teaming up with several antivirus vendors to offer online malware scanning and clean-up tools.

Facebook earlier this year said it helped clean up two million infected PCs after using a “combination of signals” to find the infections. While helpful at cleaning up malware, some users have objected to being locked out of their accounts until they download anti-malware from Facebook’s partners.


Henry Sapiecha


More than 84,000 Telstra customer records accessed by government agencies


Telstra says the majority of access requests were performed to check whether customer accounts were active. 

Only 3.9 per cent of Telstra customer records accessed by policing and spy bodies in 2014 were approved by a court order or warrant, according to the company’s first annual Transparency Report.

Government agencies and policing bodies gained access to 84,949 Telstra customer records in financial year 2014. Telstra is Australia’s biggest telecommunications provider by market share with around 3 million fixed-line internet customers and 16 million mobile customers.

The number of requests has also risen over the past 12 months with 44,305 requests in the second half of the year compared to 40,644 in the first half.

“Between 1 July 2013 and 30 June 2014, we received and acted on 84,949 requests for customer information,” the company said. “Of this, 2,701 were warrants for interception or access to stored communications.

“Outside of Australia, we received less than 100 requests across all the countries that we operate in.”

Of the 84,949 cases of information handed over by the company, just 598 were in response to court orders while 2,701 were based off warrants for the interception to data. Around 6,202 were related to emergency calls for help to triple-0 or similar services.

Telstra said the vast majority, 75,448, of these records were carriage service records, customer information or “pre-warrant checks” that determine whether or not a customer is still active at the company.

A range of police and spy agencies are allowed to access customer information with a “lawful request” that does not require a warrant or court order.

These range from conventional bodies like the Australian Federal Police to other agencies such as the Royal Society for the Prevention of Cruelty to Animals (RSPCA) and local councils.

The number of customer records accessed across all telcos is likely to be far higher because Telstra only manages around 50 per cent of the market. It is one of the very few companies in Australia to provide a detailed breakdown of data requests from police and spy agencies.

Greens Senator Scott Ludlam has been leading a Senate inquiry into Australia’s surveillance and data retention laws. He said he was concerned about the figures and that the number of warrantless requests was rising by 10-20 per cent every year.

“It’s a huge escalation of warrantless access to people’s records and you’d have to expect that if the data retention regime was brought forward that the number would continue to skyrocket,” he said.

Civil libertarian and privacy advocacy groups are fighting the federal government’s push to force telcos to capture and store the metadata of all customers for a two year period.

Critics pointed to the often confused and contradictory announcements made by different government ministers over what types of metadata would be recorded with fears the scheme would cost the industry hundreds of millions of dollars.

“It appears these agencies can conduct their business and have done for years and years without a data retention policy and without access to new categories of metadata that didn’t exist ten years ago,” Senator Ludlam said.

“Even if the data retention proposal was taken off the table … we’ve got a very big problem with the warrantless accessing of extremely invasive material including location records.”

Telstra has already admitted it has provided the browsing history of some customers without a warrant “in rare cases”. The telecommunications industry is negotiating with the federal government over what will be included in the highly controversial scheme.

But spying and law enforcement bodies have said the system is vital for fighting crime and terrorism in a digital age.

Henry Sapiecha