Skip to main content

Apple and Meta shared data with hackers pretending to be law enforcement officials

Illustration by Alex Castro / The Verge

Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.

Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.

Fake emergency data requests are becoming increasingly common, as explained in a recent report from Krebs on Security. During an attack, hackers must first gain access to a police department’s email systems. The hackers can then forge an emergency data request that describes the potential danger of not having the requested data sent over right away, all while assuming the identity of a law enforcement official. According to Krebs, some hackers are selling access to government emails online, specifically with the purpose of targeting social platforms with fake emergency data requests.

As Krebs notes, the majority of bad actors carrying out these fake requests are actually teenagers — and according to Bloomberg, cybersecurity researchers believe the teen mastermind behind the Lapsus$ hacking group could be involved in conducting this type of scam. London police have since arrested seven teens in connection with the group.

But last year’s string of attacks may have been performed by the members of a cybercriminal group called Recursion Team. Although the group has disbanded, some of them have joined Lapsus$ with different names. Officials involved in the investigation told Bloomberg that hackers accessed the accounts of law enforcement agencies in multiple countries and targeted many companies over the course of several months starting in January 2021.

“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” Andy Stone, Meta’s policy and communications director, said in an emailed statement to The Verge. “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”

When asked for comment, Apple directed The Verge to its law enforcement guidelines, which state: “If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”

Meta and Apple aren’t the only known companies affected by fake emergency data requests. Bloomberg says hackers also contacted Snap with a forged request, but it’s not clear if the company followed through. Krebs on Security’s report also includes a confirmation from Discord that the platform gave away information in response to one of these fake requests. Snap and Discord didn’t immediately respond to requests for comment from The Verge.



Source: The Verge

Popular posts from this blog

Spotify Q1 beats on sales of $2B with monthly active users up 31% to 286M

The coronavirus may be decimating some corners of the economy, but the impact on the digital music, as evidenced by the world’s biggest music streaming company, appears to be minimal. Today Spotify reported its earnings for Q1 with revenues of €1.848 billion ($2 billion at today’s rates) and an inching into a positive net income of $1 million. Monthly active users (not total subscribers) now stand at 286 million, with paid (premium) users at 130 million and ad-supported monthly active users at 163 million. Ad-supported users are growing at a slightly higher rate at the moment, at 32% versus 31%, Spotify said. Spotify beat  analysts’ forecasts on both sales — they had on average been expecting revenues of $1.86 billion — and EPS, which had been forecast to be -$0.49 but came in at -$0.20 on a diluted basis and $0.00 undiluted. The numbers underscore the positive signals we’ve had from the wider industry. More generally, we have seen a huge boost in streaming media services — includ

Google's new Guest Mode is like incognito mode for Google Assistant

Your interactions with Google Assistant will not be saved when Guest Mode is turned on. What you need to know Google Assistant is getting a new Guest Mode for privacy-conscious users. When it's turned on, the virtual assistant will not save any of its interactions with you. Turning it on and off is as simple as a single voice command. Google this week announced a new Guest Mode for its virtual assistant that's designed with privacy-conscious folks in mind. A simple "Hey Google, turn on Guest Mode" will ensure that none of your interactions with Google Assistant are collected by the company and nor will they be used to 'personalize your experience' — often an indirect way of referring to targeted ads. When it's on, the Assistant will play a special chime to let you know. Smart displays with Assistant will also show a guest icon on the screen. And you can always check for yourself by saying, "Hey Google, is Guest Mode on?" Even with G

Adobe is giving students and teachers free access to Creative Cloud

Your university's IT admin will need to make an application for access. What you need to know Adobe is temporarily making Creative Cloud free for teachers and students. The offer is aimed at enabling them to continue being productive as they work and study from home. Students cannot individually avail the promo, however, as the application for access needs to be made by a university's IT admin. As universities around the world shut their campuses and organizations ask their employees to work from home, many tech companies are making their products available to educational institutes free for use. Google and Microsoft have both made their large-scale communication and videoconferencing tools free for everyone, and now Adobe is temporarily giving free Creative Cloud access to students and teachers. The subscription, which usually costs $79.49 per month, will give affected students and teachers access to the entire range of Adobe's applications, such as Photoshop

Coronavirus tech updates: Twitter removes misleading COVID-19 tweets

The coronavirus has spread to 181 countries around the world, and it shows no signs of abating . The pandemic has proved particularly devastating in recent weeks, with total confirmed cases crossing 2.6 million and fatalities of over 183,000 globally. The virus has effectively shut down all sporting leagues around the world, major gatherings including tech events and music festivals, and closed down restaurants and malls. It has transformed how we live and work, and how we connect with our friends and families. Tech brands are doing their part to assist, with Google teaming up with Apple to build a coronavirus tracking tool . Here's the latest on the coronavirus and how it's affecting not only the tech industry, but also the world at large. April 22, 2020: Twitter takes action against misleading COVID-19 tweets Global COVID-19 cases have crossed 2.6 million, with 74,000 new cases registered in the last 24 hours. With six times as many cases as any other country, the U.