Apple, Meta and Discord handed over user data to hackers pretending to be law enforcement officers. According to a Bloomberg report, the slip-up occurred in mid-2021 with three companies providing information such as customer addresses, phone numbers and IP addresses in response to ’emergency data requests’.
Under normal circumstances, law enforcement agencies in the US are required to provide a search warrant or subpoena signed by a judge to request information from tech companies. However, emergency requests do not require a court order. Emergency data requests or EDRs bypass this mechanism and they allow authorities to request data from social media companies and other tech firms. However, EDR is requested only in life threatening situations.
But now hackers posing as law enforcement officers are sending fake EDRs to tech companies. Krebs on Security notes That some hackers have discovered that there is no easy way for the company receiving the EDR to determine whether it is legitimate or not. And so, hackers are using their illegal access to police email systems to create a ‘fake EDR’ as well as a confirmation that, unless the requested data is provided immediately, innocent people There will be a lot of damage or he may die. The report also said that some hackers are selling access to government emails online with the aim of targeting social platforms with fake EDRs.
The security firm suspects teenagers to be behind the attacks. Krebs says teen hacker groups like Lapsus$ and Recursion Team are behind the majority of these fake EDRs. The publication quoted several security researchers as saying that the leader of Lapsus$, a hacker named ‘White’, was also a founding member of a cybercriminal group called the Recursion Team. The group specialized in SIM swapping fraud and ‘swatting’ attacks, in which hackers use fake bomb threats, hostage situations and other violent scenarios to trick police officers into visiting potentially harmful websites, resulting in their credentials being compromised. goes. These compromised credentials are sometimes sold on the dark web and in other cases they are used to send fake EDRs to companies.
UK police have arrested seven teenagers in the UK in connection with the Lapsus$ attacks on Microsoft, Nvidia, Samsung, Ubisoft and Okta.
Notably, Apple, Meta and Discord are not the only companies that have received fake EDRs. A Bloomberg report states that Snap has also received a fake EDR from the same hackers. But it is unknown whether the company provided data in response.
Responding to the matter, Meta said it did its due diligence in validating such requests. “We prevent requests from known compromised accounts and work with law enforcement to respond to incidents involving suspected fraud requests, as we have done in this case,” it told the publication.
“If a government or law enforcement agency solicits customer data in response to an emergency government and law enforcement information request, the government supervisor or law enforcement agent who submitted the emergency government and law enforcement information request may be contacted and may be asked to confirm that the emergency request was valid,” Apple says in its guidelines.
Apple, Meta gave user data to hackers pretending to be police officers, first appeared on BGR India.