Tech giants reportedly served up data to hackers pretending to be law enforcement
Apple and Facebook’s parent company Meta were persuaded to give up customer data to hackers posing as law enforcement agents bearing phony “emergency data requests,” Bloomberg revealed on Wednesday, citing three sources familiar with the matter. The fraudulently obtained information allegedly included users’ phone numbers, IP addresses, and even physical addresses.
The hackers also attempted to con Snap, the parent company of Snapchat, into coughing up the same data, but it’s not clear if they were successful. Sources declined to elaborate on how many times the social media platforms in question were convinced to turn over information in response to the fraudulent requests.
While such information is normally only provided in response to a subpoena or search warrant, both of which would require a judge’s signature, so-called “emergency requests” require nothing of the sort, making the hackers’ task surprisingly easy. Indeed, cybersecurity researchers investigating the case believe at least some of the hackers in question are minors operating out of the US and UK.
At least one of the minors is thought to be the leader of Lapsus$, a cybercrime ring which has previously hacked Microsoft, Samsung, and Nvidia, according to Bloomberg’s sources. City of London police have arrested seven people in connection to the Lapsus$ probe.
Attempting to explain its eagerness to fork over customer data, Apple referred Bloomberg to a section of its enforcement guidelines stating a “supervisor for the government or law enforcement agent who submitted the request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”
Meta insisted it reviewed all data requests for “legal sufficiency” and claimed to use “advanced systems and processes to validate law enforcement requests and detect abuse.”
According to spokesman Andy Stone, the company also blocks “known compromised accounts from making requests” and works with law enforcement to respond to “incidents involving suspected fraudulent requests, as we have done in this case.”
Snap declined to comment beyond a statement pointing out that the company has safeguards to block fraudulent data requests.
The social media firms are ultimately the victims of law enforcement’s lust for data, given how often such agencies request information from online platforms. Apple provides data in response to a whopping 93% of emergency requests, while Meta reportedly responds with data to 77%.
This particular scam began around January 2021, two of the sources claimed, explaining the hackers targeted tech firms via hacked email domains belonging to law enforcement agencies located in several countries, forged with the effort to make them look legitimate. Sometimes they even included real stolen signatures, which can be obtained on dark web marketplaces for as little as $10, according to Gene Yoo of cybersecurity firm Resecurity.
RT (Russia Today) is a state-owned news organization funded by the Russian government. The information provided by this news source is being included by the Libertarian Hub not as an endorsement of the Russian government, but rather because it is being actively censored by Big Tech, Western governments and the corporate press. During times of conflict it is imperative that we have access to both sides of the story so we can form our own opinions, even if both sides are spewing their own propaganda. The censorship of RT, despite likely being a propaganda outfit for the Russian government, reduces our ability to hear one side of the conflict. For that reason, the Libertarian Hub will temporarily republish the RSS feed from RT. Visit https://rt.com
