Seven US companies have been attacked by government-associated Chinese hackers in the three weeks since the US and China announced a pact that banned government spying on companies, a US security firm said Monday.
The hacks by "actors we have affiliated with the Chinese government" targeted five technology companies and two pharmaceutical companies, US security company CrowdStrike said in a blog post. The first of these occurred the day after the two countries struck a landmark pact in which they agreed not to spy on one another to steal business secrets. They "are continuing to this day", the company said.
Facebook will now warn people if it has a strong suspicion an account is being targeted by a nation-state.
The social networking service already takes steps to secure accounts that may have been compromised but has decided to directly alert users of the type of attack that's under way, wrote Alex Stamos, Facebook's chief security officer.
Since state-sponsored attacks can be more sophisticated "having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware," he wrote.
(Score: 2) by LoRdTAW on Tuesday October 20 2015, @11:44AM
This isn't some one way street where China is the only aggressor. Though i'm sure the US government wants to paint that picture so we forget about their little NSA snafu.
I'm pretty sure everyone, and I mean everyone, is hacking everyone else.
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 20 2015, @05:51PM
To me it seems more like Facebook trying to scare more users into giving them their real phone numbers.
From the article:
When Facebook sees someone logging on from a different browser or computer, it sends a one-time passcode to their mobile phone that must be entered in order to access the account.
Anyone who knows their IT security stuff would know that the one-time passcode would be traveling in clear-text form through many unencrypted channels to that phone.
So if a nation state is truly targeting you and they aren't hiring/using completely incompetent fools Facebook would be helping them gain control over your account!
Doesn't even need to be a nation-state:
https://en.wikipedia.org/wiki/IMSI-catcher [wikipedia.org]
http://www.wired.com/2010/07/intercepting-cell-phone-calls/ [wired.com]
http://www.twelvesec.com/using-a-gsm-tester-to-intercept-calls-and-sms-part-2-equipment-and-setup/ [twelvesec.com]
And if it really is a Nation-State, as far as I know the encryption is only between the phone and the cellular tower- the messages on the wire are plaintext (or effectively plaintext to the Telco). So a determined Nation-State with significant resources might be able to pwn the Telco if it didn't already own it- e.g. you're visiting/living in that Nation-State and using their Telco's network - they just have to look at the log/archive of text messages.