Big Tech firms including Apple, Google, Meta tricked into handing over user data to fake cops

A number of the biggest tech companies in the world are being duped by bad actors posing as law enforcement agencies and personnel into handing over data about their users. This data has since been used by these bad actors to harass, blackmail and sexually extort these users, including minors.

According to a new report by Bloomberg, almost all of the major tech companies dealing with social media and communication tools have been targeted. Among those who handed over data to the fake legal requests include Apple, Google, Snap, Twitter, Meta and Discord. The modus operandi starts with these bad actors hacking into the email system of a foreign law enforcement agency. They would then create an ’emergency data request’ to one of these tech firms, typically asking for a specific user’s account details such as name, IP address, physical address, email details and more.

Real law enforcement agencies do sometimes make these requests, as authorities can use this information in cases that involve suicide, murder, kidnapping and the like. Companies will typically comply with these requests too out of good faith, but when such sensitive information ends up with these hackers, they become a problem. Attackers have used information gained through these fake legal requests to hack into the online accounts of victims or sometimes befriend women and minors and solicitating explicit photos. If they don’t comply, these hackers will then harass by ‘swatting’ or ‘doxxing’ their victims. There’s also been a few cases where the attackers forced their victims into carving their name into their skin, before sharing images of it elsewhere.

“I’m particularly troubled by the prospect that forged emergency orders may be coming from compromised foreign law enforcement agencies, and then used to target vulnerable individuals. No one wants tech companies to refuse legitimate emergency requests when someone’s safety is at stake, but the current system has clear weaknesses that need to be addressed,” – Ron Wyden, US Senator

US federal law enforcement agencies are now working together with industry investigators on the issue. Discord have since said that they validate all emergency legal requests, while Facebook stated that they review every data request for ‘legal sufficiency’ and have a number of advanced systems in place to validate legal requests and detect abuse. Google meanwhile also responded to Bloomberg, stating that they first saw fake requests from bad actors pretending to be law enforcement last year and contacted the authorities over it.

“In 2021, we uncovered a fraudulent data request coming from malicious actors posing as legitimate government officials. We quickly identified an individual who appeared to be responsible and notified law enforcement. We are actively working with law enforcement and others in the industry to detect and prevent illegitimate data requests,” – Google spokesperson

It’s a shame to see that user data can so easily be given away like this, but in these companies’ defense, emergency data requests are usually helpful for authorities in real life-threatening situations. However, in light of this new tactic by hackers, authorities around the world will need to start improving their own cybersecurity while the tech firms themselves should implement some form of a confirmation callback policy. This way they can prevent more of these fake legal requests from successfully getting away with user data.

[ SOURCE, IMAGE SOURCE ]

Recent Posts

Yes 5G now lets you roam in 12 countries including South Korea from RM10/day

Yes 5G has expanded its Yes Roam ASEAN Plus Data Roaming offering which now covers…

5 hours ago

This foldable smartphone redefines its segment with next-level design and performance

This post is brought to you by HUAWEI. In Q1 2024, HUAWEI captured an impressive…

20 hours ago

TM confirms staff and contractors involved in cable theft incident in Penang

Telekom Malaysia (TM) has acknowledged a cable theft incident in Tanjung Bungah, Penang involving their…

22 hours ago

Acer Revo Box Mini PC launched in Malaysia – 13th Gen Intel Core i5 & i7, priced from RM2,049

Acer has launched the Acer Revo Box Mini PC here in Malaysia. Offered in two…

24 hours ago

Proton e.MAS 7 EV supports wireless Android Auto, Apple CarPlay

One of the most common questions that we get whenever there is a new car…

1 day ago

Samsung Galaxy S25 series launch happening on 22 January 2025?

As 2024 comes to an end, Samsung appears to be preparing for the launch of…

1 day ago

This website uses cookies.