- It is said that hackers pretending to be law enforcement officers got user data from Apple and Meta so that they could meet bogus emergency requests for data.
- Both organizations were deceived into turning over personal information, such as phone numbers and email addresses, to scam artists in the middle of 2021.
- A group of cybercriminals is suspected of being behind the wave of attacks that happened last year.
- The Recursion Team, a group of cybercriminals, is suspected of being behind the wave of attacks that happened last year.
- Companies like Meta and Apple were also subjected to fake emergency data requests.
An investigation by Bloomberg claims that Apple and Meta turned over user data to hackers posing as law enforcement agencies in order to comply with false emergency data request demands. The bad news is that this happened in the middle of 2021, when both companies were tricked into handing over personal information like phone numbers and e-mail addresses to scam artists.
In criminal investigations, law enforcement officers often seek data from social media networks, enabling them to collect information on the account holder. Emergency data requests, on the other hand, don’t need a search warrant issued by a court and are designed for instances involving life-threatening conditions.
Fake emergency data requests are on the rise, according to a new Krebs on Security analysis. First, hackers need to get into an organization’s email system to carry out an attack. The hackers may then pretend to be a law enforcement officer and create an emergency data request that warns of the consequences of not receiving the needed information immediately. People say hackers are selling their access to government emails online so they can spam social media with fake requests for urgent data, but this is not true.
Security specialists suspect the Lapsus hacker, who is believed to be in his teens, might be participating in this sort of phishing scam since, as Krebs points out, most of the bad actors committing these phony requests are minors. Seven teenagers have since been arrested by police in London in connection with the gang, and they have been charged.
However, a cybercriminal outfit known as the Recursion Team may have been behind the wave of assaults that occurred last year. Lapsus has a few members that used to be in the band, but the group has split up. In January 2021, Bloomberg reported that hackers had been able to get into the accounts of law enforcement agencies in a lot of different countries and were able to attack a lot of different businesses.
In an email, Meta’s policy and communications director, Andy Stone, open to Vox Media (The Verge) that the company uses “sophisticated systems and procedures” to verify law enforcement requests and prevent misuse. However, if an account is discovered to have been hacked, it will be blocked from making requests, and we will collaborate with legal authorities to react to occurrences like this one.
For clarification, Apple pointed out to its law enforcement policies, which state: “If a government or law enforcement agency seeks customer data in response to an Emergency Government and Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government and Law Enforcement Information Request can be contacted and asked to confirm to Apple that the emergency request was made.”
A report by Krebs on Security, Discord has confirmed that it gave information to one of these false requests. According to Peter Day, Discord’s group manager for corporate relations, “this strategy presents a huge danger throughout the internet sector.” In order to deal with concerns like these, we’re always investing in our trust and safety skills.
Other firms have been targeted by phony emergency data demands, including Meta and Apple. A falsified request was sent to Snap, and according to Bloomberg, it’s unclear whether the firm responded or not.