Connect with us

Apple

Apple and Meta handed over data to hackers pretending to be police

Hackers got into law enforcement emails and requested user data use Emergency Data Requests (EDR).

hackers are attacking presidential campaigns according to microsoft
Image: Unsplash

Apple and Meta handed over confidential information on customers to hackers. Yes, handed over, as the hackers were masquerading as law enforcement officers at the time, Bloomberg reports.

This new report comes not 24 hours after KrebsOnSecurity reported that hackers, like LAPSUS$ who recently hacked Nvidia, Microsoft, and others, are pretending to be law enforcement for the purposes of data gathering.

First, they hack into an email account owned by law enforcement. Then they start using that account to ask for specific data, in accordance with existing legal pathways.

READ MORE: Google, Meta supplied fake cops with data used to exploit minors

The normal process for law enforcement officers is to get a warrant or subpoena for specific data. This requires a judge to sign off on.

The hackers circumvent this by using Emergency Data Requests (EDR), which don’t need warrants. Often the requests come with warnings of implicit threats of violence by the users.

The companies handed over user data to the hackers in 2021

It looks like both Apple and Meta complied with fraudulent EDRs in mid-2021. The user data handed over had home addresses, phone numbers, and IP addresses. The data was probably then used for financial fraud.

Snap Inc, Snapchat’s parent company, was also given falsified EDRs. But it’s not clear if they complied and sent user data to the hackers.

READ MORE: Hackers reportedly hacked the DEA

Cybersecurity researchers are reasonably sure that the hackers are the same underage hackers behind the LAPSUS$ group, which recently breached Nvidia, Microsoft, Samsung, and more.

The real issue here is that law enforcement is still using email to request customer data. There needs to be a way of digitally signing those requests so that impersonators can’t get access.

READ MORE: Hackers can use Bluetooth to unlock and steal some Teslas

The Digital Authenticity for Court Orders Act would require digital signing. But, it still needs to get passed.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Maker, meme-r, and unabashed geek. Hardware guy here at KnowTechie, if it runs on electricity (or even if it doesn't) I probably have one around here somewhere. My hobbies include photography, animation, and hoarding Reddit gold.

Comments

More in Apple