Apple and Meta shared data with hackers pretending to be law enforcement officials

Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.

Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.

Fake emergency data requests are becoming increasingly common, as explained in a recent report from Krebs on Security. During an attack, hackers must first gain access to a police department’s email systems. The hackers can then forge an emergency data request that describes the potential danger of not having the requested data sent over right away, all while assuming the identity of a law enforcement official. According to Krebs, some hackers are selling access to government emails online, specifically with the purpose of targeting social platforms with fake emergency data requests.

As Krebs notes, the majority of bad actors carrying out these fake requests are actually teenagers — and according to Bloomberg, cybersecurity researchers believe the teen mastermind behind the Lapsus$ hacking group could be involved in conducting this type of scam. London police have since arrested seven teens in connection with the group.

But last year’s string of attacks may have been performed by the members of a cybercriminal group called Recursion Team. Although the group has disbanded, some of them have joined Lapsus$ with different names. Officials involved in the investigation told Bloomberg that hackers accessed the accounts of law enforcement agencies in multiple countries and targeted many companies over the course of several months starting in January 2021.

“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” Andy Stone, Meta’s policy and communications director, said in an emailed statement to The Verge. “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”

When asked for comment, Apple directed The Verge to its law enforcement guidelines, which state: “If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”

Meta and Apple aren’t the only known companies affected by fake emergency data requests. Bloomberg says hackers also contacted Snap with a forged request, but it’s not clear if the company followed through. Krebs on Security’s report also includes a confirmation from Discord that the platform gave away information in response to one of these fake requests.

“This tactic poses a significant threat across the tech industry,” Peter Day, Discord’s group manager for corporate communications said in an emailed statement to The Verge. “We are continuously investing in our Trust & Safety capabilities to address emerging issues like this one.”

Snap didn’t immediately respond to a request for comment from The Verge.

Update March 30th 9:24PM ET: Updated to include a statement from a Discord spokesperson.

Repost: Original Source and Author Link


Iran and Russia obtained US voter registration data, officials say

National security officials announced Wednesday that Iran and Russia obtained voter registration information that could support efforts to interfere in the 2020 presidential election. The officials also confirmed that Iran sent threatening emails designed to intimidate voters.

“Iran and Russia have taken specific actions to influence public opinion relating to our election. Some voter registration information has been obtained by Iran and separately by Russia,” Director of National Intelligence John Ratcliffe said in a press conference Wednesday evening. “This data can be used by foreign actors to attempt to convey misinformation.”

Voter registration information is often publicly available, so there’s no indication that either Iran or Russia breached any US infrastructure. Still, Ratcliffe and FBI director Christopher Wray warned Americans to be cautious when reading and sharing information regarding voting online.

The announcement about Iran’s involvement in the emails confirms The Washington Post’s reporting from earlier today. The report said that Iran was behind emails sent to some Democratic voters that were spoofed to appear to have been sent from the far-right Proud Boys organization earlier this week. One of the emails viewed by CBS News showed that it threatened individuals to vote for President Trump or “we will come after you.” That email also said that “we are in possession of all of your information.”

Ratcliffe also said that Iran is distributing other content, such as a video that “implies that individuals could cast fraudulent ballots.”

“We ask every American to do their part to defend against those who wish us harm,” Ratcliffe said. “Do not allow these efforts to have their intended effect.”

Repost: Original Source and Author Link