Seriously! Pretending To Be Law Enforcement, Hackers Successfully Tricked Apple, Meta And Discord To Request User Data
JAKARTA - Hackers have managed to trick tech giants like Apple and Meta. The hackers managed to solicit user data by pretending to be law enforcement.
The incident reportedly occurred in mid-2021, when hackers tried to ask the two companies for information on users' IP addresses, phone numbers and even home addresses. Both Apple and Meta are not aware of it.
Indeed, law enforcement officers often request data from social platforms in connection with criminal investigations, which allows them to obtain information about the owners of certain online accounts.
However, this request is not easy. The applicant requires a subpoena or search warrant signed by a judge. Emergency data requests are not intended for cases involving life-threatening situations.
In the Kerbs on Security report, fake emergency data requests are becoming increasingly common. During the attack, hackers must first gain access to the police department's email system.
The hacker can then forge an emergency data request explaining the potential danger if the requested data is not sent immediately, while assuming the identity of a law enforcement official.
According to Krebs, some hackers are selling access to government email online, specifically with the aim of targeting social media with requests for fake emergency data.
Launching The Verge, Friday, April 1, the malicious actors who made this false request were claimed to be teenagers. But last year's series of attacks may have been carried out by members of a cybercriminal group called the Recursion Team. Although the group has disbanded, some of them have joined Lapsus$ under different names.
"We review each data request for legal adequacy and use advanced systems and processes to validate law enforcement requests and detect abuse," said Meta's director of policy and communications, Andy Stone.
"We block accounts known to be compromised from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case."
While Apple states, “If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, the government supervisor or law enforcement agency submitting a Government & Law Enforcement Emergency Information Request may be contacted and asked to confirm with Apple that the emergency request is legitimate," Apple said.
For your information, Meta and Apple are not the only companies known to be affected by fake emergency data requests. Hackers also contacted Snap and Discord with similar bogus requests. However, it is not known whether Snap followed through, while Discord also complied with the hacker's request.