Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy Security Social Networks Apple Slashdot.org

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests 32

Posted by BeauHD from the what-will-they-think-of-next dept.
According to Bloomberg, Apple and Meta "provided customer data to hackers who masqueraded as law enforcement officials." Bloomberg's William Turton reports: Apple and Meta provided basic subscriber details, such as a customer's address, phone number and IP address, in mid-2021 in response to the forged "emergency data requests." Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don't require a court order. Snap Inc. received a forged legal request from the same hackers, but it isn't known whether the company provided data in response. It's also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. [...] The fraudulent legal requests are part of a months-long campaign that targeted many technology companies and began as early as January 2021. The forged legal requests are believed to be sent via hacked email domains belonging to law enforcement agencies in multiple countries. The forged requests were made to appear legitimate. In some instances, the documents included the forged signatures of real or fictional law enforcement officers. By compromising law enforcement email systems, the hackers may have found legitimate legal requests and used them as a template to create forgeries. Further reading: Hackers Gaining Power of Subpoena Via Fake 'Emergency Data Requests'
This discussion has been archived. No new comments can be posted.

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests More

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Comments Filter:
  • Are you a hacker if you ask nicely for access and they give it to you?
    This must like one of those life hacks.

    • Re: (Score:2)

      by mmell ( 832646 )
      Yes, it's called "human factors" hacking, and its probably the most effective method ever for getting access where you shouldn't have it. Ask Cap'n Crunch or Dave Mitnik about it. Most of their best stuff consisted of telling someone (like the night switch technician at an ATT NOC) why they need in/need to know now or they're going to get fired in the morning. Funny how folks will forget everything they were taught about rules and security just to help a stranger in need.

      • Re: (Score:2)

        by dgatwood ( 11270 )

        Yes, it's called "human factors" hacking, and its probably the most effective method ever for getting access where you shouldn't have it. Ask Cap'n Crunch or Dave Mitnik about it. Most of their best stuff consisted of telling someone (like the night switch technician at an ATT NOC) why they need in/need to know now or they're going to get fired in the morning. Funny how folks will forget everything they were taught about rules and security just to help a stranger in need.

        That's a terrible term. It's social engineering, not any sort of hacking. Hacking means being an advanced computer enthusiast. I grudgingly allow its misuse to refer to a cracker, which means someone who breaks into computer systems. But this is stretching the term way too far. This is just conning someone over the Internet and tricking them into giving you somebody else's data. That's pure social engineering, with no actual access to accounts or computer systems. Calling that "hacking" is grossly mi

    • Re: (Score:2)

      by gweihir ( 88907 )

      Called "social engineering" and just as bad. Harder to prosecute though. For example in Germany, they needed a new law to make hacking ATMs illegal. After all, it asked nicely for you to take the money it just provided, so no coercion or pressure was in place and hence it could not be theft or robbery.

  • Pretty sure I was called paranoid and delusional too.

    • Re: (Score:2)

      by mmell ( 832646 )
      Uh, you ain't the only one who saw this comin', friend. It was obvious to anybody with the common sense to step back and look. Unfortunately, your average smackhead doesn't ask if the stuff's pure, just can I have more, please?
      I'm just waiting for them to start scanning my retinas as I enter buildings. "Hey, Mister Nakamura. How's that blouse working out for you?" I bought it for my WIFE, damnit!

      • Re: (Score:2)

        by gweihir ( 88907 )

        And that is the problem. The _average_ person is already quite stupid and basically does understand nothing. Then you have that around 50% are below average...

    • Re: (Score:2)

      by gweihir ( 88907 )

      You and me both. Basically anybody with common sense saw that one coming. Unfortunately, common sense is anything but common. I recently read that only around 20% of all people are even reachable by rational arguments, which means the ones that can actively use common sense and reach rational conclusions by themselves are even fewer.

  • This story is essentially a straight-up dupe of the one from the other day [slashdot.org], and the editor even linked to it. I kinda feel like they're just screwing with the /. readership at this point. Moderation is inexplicably broken, and they're like "let them eat dupes."

    • Re: (Score:2)

      by mmell ( 832646 )
      Yeah, moderation worked just fine up until about, what, seven or eight years ago? Maybe a little less than that, but not much.

    • Re: (Score:2)

      by gweihir ( 88907 )

      This is called a "follow up" and it is commonly done when more relevant information comes to light that is deemed important enough. The link to the older story is a dead giveaway that it is _not_ a dupe.

  • You deserve what you get

    • I'd apply that equally to the police.

      • Not at all like the police. I'm pretty sure I could do just fine if both Apple and Meta disappeared tomorrow (Google's pretty evil too, if that makes you feel better; but until DuckDuckGo came along, I was pretty well stuck with 'em).
        If we're all agreed that the police departments of our nation aren't meeting our standards, I suppose we'd better spend a lot more money on law enforcement. I hate "lookin' in my mirror and seein' a po-lice car" as much as the next guy, so how much more are you willing to sp

        • Starting salaries just shy of six figures before overtime and over half a million plus benefits if they work overtime game the system with their sick days isn't enough? Just WTF do YOU think they should be paid? In my book, they're seriously OVERpaid considering the paltry qualifications, insufficient training, and routine dereliction of duty and not-uncommon active malfeasance.

          • Re: (Score:2)

            by mmell ( 832646 )
            What force are these guys on? They don't pay like that in Cook County, IL. Nor in Port Jervis, NJ. Come to think of it, Hennepin County, MN's finest ain't the richest guys on the planet, and my brother-in-law didn't get rich in Grand Island, Nebraska. Funny how an old robber like me has so many cop friends around the country - love 'em all, but they all make me nervous.
            Careful with that broad brush - you're getting paint all over the place, not just where it belongs.

            • I know this is the era of "alternative facts," but seriously? They are public employees. And I don't know how they may have hidden their shenanigans in any of those places. But in my neck of the woods, sunshine laws still apply. And the compensation of public servants is part of the public record and required to be published:

              https://www.sanfranciscopolice... [sanfranciscopolice.org]
              https://transparentcalifornia.... [transparen...fornia.com]

              Paulo Morgado: Police Officer 3
              Total pay & benefits: $712,802.36 (Way too goddamned much!)

      • Your username is so apropos. You are indeed a TOOL.

    • Re: (Score:2)

      by gweihir ( 88907 )

      You deserve what you get

      This is more a problem with the police and the laws that are in place. But if you trust them, you are even more stupid than if you trust Apple or Alphabet. Apple and Alphabet at least see you as a customer and so attribute some minimal value to your person, after all...

  • If you mandate a cryptographic backdoor, you can bet hackers will get hold of the key.

    Turns out it works for legal backdoors too.

    • Re: (Score:2)

      by gweihir ( 88907 )

      If you mandate a cryptographic backdoor, you can bet hackers will get hold of the key.

      Turns out it works for legal backdoors too.

      Indeed, it does. This can serve as an excellent reminder how "secure" your data or backdoor-keys would be with the "authorities"...

  • > The forged legal requests are believed to be sent via hacked email domains belonging to law enforcement agencies in multiple countries.

    So they are in some ways genuine requests, at least they are genuinely from the police IT system. The real breach seems to be the police, and maybe we need to put a bit more security in place.

  • Why would you need to hack email "domains"? (I assume that means "email servers" or "email accounts"...) You can just forge the sender in email, simple to do.

    Or is this because the answer also goes via email? In that case you _could_ try to register a domain that sounds like it is the one of a police department, but hacking the email server or some accounts of a real one is probably cheaper, faster and safer.

Slashdot Top Deals

Elliptic paraboloids for sale.

Close