Hackers Acting as Law Enforcement Allegedly Obtained User Data from Apple, Facebook, and Discord
The Queries were sent from "Compromised" Email Accounts.
According to a new Bloomberg story, Apple, Facebook, and Discord handed up customer data to hackers acting as law enforcement authorities. The demands, which were allegedly sent from legitimate email accounts that had been "compromised," were made to look like genuine legal inquiries.
Both Facebook and Apple, according to Bloomberg, handed out "basic subscriber details, such as a customer's address, phone number, and IP address." According to Krebs on Security, Discord offered "the Internet address history of Discord accounts attached to a certain phone number." Snap was also targeted by the hackers, however it's unclear whether the firm provided the desired information.
According to Bloomberg, businesses like Apple and Facebook routinely pass over data to law police, and these corporations have specific teams to respond to such requests. Normally, these demands are accompanied by a court order, but in "emergency" situations, such as when someone's life is deemed to be in danger, law enforcement may obtain data without one.
The hackers used this technique in this case to gain access to personal information about specified targets in order to "enable financial fraud schemes." They were able to trick the corporations into turning over the data by using hacked emails linked to actual law enforcement employees.
Meta spokesperson Andy Stone stated in a statement to Bloomberg that the company has systems in place to authenticate legal requests and detect abuse. "We stop known compromised accounts from making requests and, as we have done in this case, we assist with law enforcement to react to incidents involving suspected fraudulent requests," Stone added.
Apple and Snap both cited business policies, claiming that they had systems in place to evaluate the legality of requests for customer data. However, if the demands appear to come from emails linked with actual law enforcement bodies, these precautions may be ineffective. According to Discord, who spoke with Krebs on Security,
"We can confirm that Discord received demands from a genuine law enforcement domain and that the requests were fulfilled in accordance with our procedures." We verify these requests by making sure they come from a legitimate source, which we did in this case. While our verification process revealed that the law enforcement account was genuine, we later discovered that it had been hacked by a criminal entity. Since then, we've conducted an investigation into this criminal activities and informed law authorities about the hacked email account."
Surprisingly, some of the people involved in this plan have been linked to another high-profile hacking gang, Lapsus$, whose members are accused of hacking Microsoft and Okta.
One of the people involved in fabricating the requests is also "believed to be the mastermind behind the cybercrime group Lapsus$," according to Bloomberg.
