In emergencies, when it is a matter of “life and death”, large law enforcement agencies have a rapid mechanism for communication with technology companies. Such Emergency Data Requests, for obvious reasons, avoid litigation, and companies can indeed provide information in cases where the case is criminal.
This is done through separate channels of communication between law enforcement and social networks or technology giants. And as in most other cases, attackers can access such resources and forge requests for personal data, according to a report by Kerbs on Security. Of course, hackers even sell access to such resources.
And according to Bloomberg, in the middle of last year, Apple and Meta (Facebook) fell on this hook, as a result of which hackers were given IP and home addresses of users, along with their phone numbers.
According to Bloomberg and Kerbs, many of these cases are caused by teenagers from the hacker group Lapsus$. Earlier, London police arrested seven of them. But last year’s episodes belong to the group Recursion Team. The latter managed to “disintegrate”, and some of it members joined Lapsus$.
According to Bloomberg, officials investigating the case told the publication that hackers had gained access to law enforcement accounts in several countries and thus contacted many companies for months starting in January 2021.
Meta’s Director of Policy and Communications Andy Stone responded to The Verge’s request as follows:
We check the legal component of each data request, use advanced systems and processes to verify law enforcement requests and detect abuses. We are blocking known hacked accounts and working with law enforcement to respond to incidents of suspected fraud, as we did in this case.
In turn, Apple, in response to a request for comment, refers to its instructions on cooperation with law enforcement. It says that the company may contact the government to clarify the legality of such a request.
Of course, such cases are not isolated. It is noted that similar stories happened in Snap and Discord. In the first case, the company could not be reached for comment. But Discord confirmed that one case did occur, the company responded to an emergency request, which later turned out to be fake. “This tactic poses a significant threat to the entire technology industry,” said Peter Day, Discord’s corporate communications manager, adding that the company continues to work to increase the security of such requests.