Fake Cops Scammed Apple and Meta to Get User Data

from Wired

Ipsa scientia potestas est,” 16th-century philosopher and statesman Sir Frances Bacon famously wrote in his 1597 work, Meditationes Sacrae. Knowledge itself is power. The aphorism, cliché as it may be, takes on a palpable truth in times of war. 

Just ask the people of Mariupol, a city in southeastern Ukraine, where Russia’s devastating attacks have cut off the flow of information in and out of the city. Meanwhile, in Russia, the government has banned Facebook and Instagram amid its crackdown on news without the state’s stamp of approval. But as we explained this week, building a full China-style splinternet is far more difficult than the Kremlin might like to admit

We further explored the power of information—and the power to keep information secret—this week with a look at a new idea for creating digital cash in the US—no, not Bitcoin or any other cryptocurrency. Actual digital cash that, crucially, has the same built-in privacy as the bills in your actual wallet. We also dove into the pitfalls of knowing where your children and other loved ones are at any moment through the use of tracking apps, which you should probably stop using. And following last week’s approval of the Digital Markets Act in Europe, we parsed the tricky business of forcing encrypted messaging apps to work together, as the law requires. 

To round things out, we got our mitts on some leaked internal documents that shed new light on the Lapsus$ extortion gang’s Okta hack. And we took a look at how researchers used a decommissioned satellite to broadcast hacker TV

But that’s not all, folks. Read along below for the rest of the top security stories of the week.

More here.

Posted in Technology and tagged , , , .

2 Comments

  1. The advent of technology in our lives has led us down a very deep and spiraling rabbit hole from which, barring catastrophic global events, there is no real way out. The story above is just another example of how technology has certain loopholes that may not be apparent on its face. Before reading this article, I had no knowledge of the hacker group known as Lapsus$, I also had no knowledge of the Okta hack they performed earlier this year. This information worries me because it apparently is not hard to, given the right knowledge, hack into some of the most security-conscious companies in the world. This raises so many more questions than it does answers. In the case of Apple and Facebook(Meta), if they can be so easily fooled by a false emergency data request (EDR) while simultaneously stating that they have systems in place to help verify such requests, who are we supposed to believe. Clearly, we have anecdotal evidence that proves just the opposite. Did they simply approve the request because it was sent from an unknowingly compromised police system? If that is the case, such an explanation directly counters their claim to have ways of verifying these requests. How do they verify these requests? This one situation could open the door to an innumerable amount of false EDR requests being pinged from compromised police systems or worse even, this could lead to a delay in EDR requests being approved as they will need time to verify them. This, in turn, would lead to more harm coming to someone who is actually in imminent danger.

  2. In an age of widely sought-after data, data is more valuable than gold these days. User-tracked data across social media platforms and other website platforms are used by corporations to target advertisements to users or to keep for other means of efficiencies such as password saving or any identification that is saved for the ease of use by the consumer. While user data is extremely valuable to companies, the data is kept in data servers that can easily be hacked into. This article shows a method that hackers used to hack into Apple and Meta’s data to get user information. If these companies can get so easily fooled into giving away user data by acting like cops, they have no business storing or even collecting data in the first place. The data that is stored in these server rooms are sensitive to being hacked. They have constantly been hacked by individuals who are trying to get their hands on valuable data. I personally believe these big companies should not be allowed to monitor their users at all. I frankly think it is an invasion of privacy that is the most dangerous for monitoring in this day in age, given the ease of data leaks. What is an even scarier thought is that Russians who work under Vladimir Putin, are always on the prowl to obtain U.S. intelligence. Russians have exponentially increased their hacking attempts on U.S. companies, governments, and individuals. These multi-billion dollar companies such as Apple and Meta should be banned from collecting and storing user data as they cannot be trusted to be kept from leaks. If my data were to be hacked I would want it to be from my own mistakes not from a company I never gave explicit consent to collect my data. These companies had a supposed method of verifying EDR requests, but it did not work. The hackers used EDRs to trick Apple and Meta into giving them consumer information. A bit too easy if you ask me.

Leave a Reply to Andry Abraham Cancel reply

Your email address will not be published.