Hackers Using Fake Police Data Requests against Tech Companies

from Schneier on Security

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data.

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

But in certain circumstances ­– such as a case involving imminent harm or death –­ an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents.

It is now clear that some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.

In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR -­- and potentially having someone’s blood on their hands -­- or possibly leaking a customer record to the wrong person.

More here.

Posted in Technology and tagged , , , .

5 Comments

  1. In a generation where technology is used for almost everything now, hacking is becoming a big issue in where hackers all around the world are attempting to hack into major companies to steal information. According to Michael Kreb’s, hackers have been using fake police date request to trick companies in order to get information from them. However, investiagting authorities are starting to crack down on these cases as it is happening more often as ever. They make a emergency data request which bypasses official review. Using the police data request as a hacker is hard to be detected wheather it is fake or real. Which is why hackers see this as one on the most effective ways to doing this. I believe this article is very interesting because it gives you an insight og how hackers end to do when trying to hack a major company and how agents are constantly trying to prevent it from happening. I think this article proves how careful businesses should be because you never know when someone can be hacking you or attempting to do so. Adding a safe password and other protections in order to prevent this from happening. This article provided a great example, but this occurs all the time because of how big technology is being able to get into someones software for information or money. I think agents need to do a better job trying to prevent this from happening and i think softwares are starting to do a better job because of all the security they provide like the password and only nonification going to your phone or email. Overall, this was a great article becasue of the example they provide and how big companies are now dealing eith this problem and trying to prevent it from happening.

  2. This article exposes a sad reality of our world and one which is dividing people by making a lot of them be very powerful. Hackers and people with a large technological knowledge have so much opportunity nowadays for their benefit. In so many social medias there are fake accounts and the hackers are able to create “friendships” with people and get information about their lives to the point of hacking them. This article states, “hackers reportedly duped Apple and Meta into handing over sensitive user data, including names, phone numbers, and IP addresses”. This is the proof of hackers powers as they got the information from Meta which is one of the largest companies in the world and leading at getting people’s information.
    This article is related to a dilemma that many people feel nowadays. In order to protect yourself from hackers it is suggested that you minimize the use of technology and use protection such as VPNs on the tech that is inevitable. At the same time, companies and employers require tech knowledge from workers and being away from it could lead to a competitive disadvantage in the market. The result of this is people becoming slaves of the system and having to use technology to live and make their income, which then leads to all their information being available to big tech companies and exposure to hackers.

  3. I never understood the significance of cybersecurity until I read this article. Everyone’s information and privacy is so vulnerable to hackers and people with extensive knowledge of online security. They create fake profiles which are linked to peoples’ interest to lure them into a fake reality and expose their privacy by bits and pieces which means that people can be “cat-fished” and or fooled and they wouldn’t know due to the fact that it is all a virtual arena and one can never know who is on the other side of the screen. I found it interesting how they mentioned how different social media applications sell consumer’s information and search history in an attempt to promote the idea of spending money and pushing products and interests they have as much as they can. It is a little scary to the point that they share even further information such as IP addresses and the vicinity in which a user is located. To my understanding, the boundary is very thin in which privacy is protected and our identities’ and well beings’ are in danger. Because of these types of issues, different softwares has developed ways around this to counter the effects and the danger of cyber invasion. Users can buy things such as VPNs to protect their information and keep their data safe and secured. This article has demonstrated the importance of how vulnerable and our information and our safety. We must do everything to fight this problem even though we don’t notice it much.
    I never understood the idea o

  4. The content of this article is very alarming and should be known to more individuals. The police department is an organization that is empowered by the state and represents the civil authority of the government. They are responsible for maintaining public order and safety and even they are now victims of unethical hackers. The hackers request businesses into leaking significant data of customers utilizing police data appeals referred to as EDRs. An Emergency Data Request is a procedure used by U.S. law enforcement agencies for obtaining information from service providers in emergency situations in which there is not sufficient time to conduct official reviews and provide detailed explanations. The hackers manipulate the companies by attacking their moral beliefs for the high-value credentials of users. The incidents are becoming more prevalent and have intruded into prominent enterprises including Apple, Google, and Meta.
    I discovered an event related to these fake emergency data requests that caught my attention. These same hackers are now targeting women and minors with the intention of coercing them into distributing sexually explicit pictures and clips of themselves. Since companies have been implementing policies to verify the legitimacy of emergency data requests, hackers have moved to more vulnerable parties. U.S. law enforcement has to take the additional initiative to prevent these attacks on tech companies and children.

  5. In a critical time period where technology is at its peak, there are both pros and cons that come along with that burden. For example, hackers are at an all-time peak as well. Hackers are such a significant negative because certified hackers typically abuse their authority and remove the rights of people, by obtaining their personal information. Due to this, the world is becoming independent, everyone is becoming greedier, and people are selfishly driven. Personally, I see this dilemma as a concern due to the credentials a hacker can gain, just within minutes or even seconds. For instance, hackers tend to go after IP addresses, credit cards, bank information, etc. The simple fact that hackers can breach companies such as Apple and Facebook is unbelievable. I believe that hackers are so ahead of protection software that it is nearly impossible to stay away from hackers in today’s world. Although cybersecurity is now gaining recognition due to numerous amounts of people getting hacked, I believe cybersecurity will not be enough to stop these hackers. This article made me realize how much of an effect hacking/hackers are having on our society. In today’s world, hacking is already a significant problem and we as a society with the government’s help need to come together and form a solution for this crisis in the 21st Century.

Leave a Reply

Your email address will not be published.