According to the latest data, Apple and Meta gave out information about users of their platforms to cybercriminals posing as representatives of U.S. law enforcement agencies. In mid-2021, the companies provided user addresses, phone numbers, and IP addresses to criminals.
According to the latest data, Apple and Meta gave out information about users of their platforms to cybercriminals posing as representatives of U.S. law enforcement agencies. In mid-2021, the companies provided user addresses, phone numbers, and IP addresses to criminals.
According to Bloomberg, though the transfer of such information is usually carried out in accordance with court orders, in emergency cases there can be exceptions to the rules, and the criminals took advantage of this, citing the need to provide information in an urgent matter. It is known that Snap received similar requests, but there is no information as to whether it shared the data with criminals. Discord was also reportedly affected by the problem.
According to some cybersecurity experts, the people behind the crimes may be minors from the U.S. and/or the UK. Allegedly, the attackers used real email domains of law enforcement agencies around the world to make fake requests. It is believed that it is quite easy to acquire information about the compromised law enforcement accounts on the darknet - it is enough to pay from $10 to $50. Moreover, by gaining access to the mailboxes of the police or other agencies, attackers could become familiar with the templates used to make requests. According to experts, the situation with the sale of "police" email accounts worsened after many law enforcement agencies fell victim to attacks on Microsoft Exchange mail servers, which made it even easier to obtain account data.
While many IT giants have special portals for making requests, ordinary emails from "police" domains are reportedly being handled 24/7 as well. According to some experts, many employees are taking it upon themselves to quickly provide data in emergencies out of the best of intentions. According to Unit 221B, a cybersecurity company, in a huge number of cases the "flexible" response of employees to requests without unnecessary bureaucracy has helped save lives.
The situation is complicated by the fact that companies like Apple and Meta* receive tens of thousands of requests for data disclosure from dozens of countries throughout the year, most of which are granted, and in urgent cases where lives and health may be at risk, decisions on extradition are actually made without warrants.
And each country has its own request system, its own law enforcement agency mailing domains, and a total of tens of thousands of investigative agencies, ranging from small police stations to state-level agencies.
You must be logged in to post a comment.