FBI Says Hackers Are Sending Fraudulent Police Data Requests To Tech Giants To Steal People's Private Information (techcrunch.com) 31
The FBI is warning that hackers are obtaining private user information -- including emails and phone numbers -- from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. From a report: The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property.
The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness. "Cyber-criminals are likely gaining access to compromised U.S. and foreign government email addresses and using them to conduct fraudulent emergency data requests to U.S. based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory.
The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness. "Cyber-criminals are likely gaining access to compromised U.S. and foreign government email addresses and using them to conduct fraudulent emergency data requests to U.S. based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory.
The FBI is furious (Score:4, Funny)
Stealing people's private information is THEIR thing and nobody else's.
Re:The FBI is furious (Score:5, Insightful)
Stealing people's private information is THEIR thing and nobody else's.
I'm sure you're posting this as sarcasm, but unfortunately it's absolutely true - and this current "problem" is of their own making: they insisted that they needed this "emergency way" of getting people's information, and just like any other 'backdoor' it's being abused by other bad guys.
Re: (Score:2)
why haven't we de-funded all these assholes already? shut down the police now. i don't feed i need to be "policed", by anyone.
If women have to be policed so they can't exercise bodily autonomy, so do you for whatever you do.
Re: (Score:2)
Careful what you wish for.... (Score:2)
why haven't we de-funded all these assholes already? shut down the police now. i don't feed i need to be "policed", by anyone.
You'll get your wish soon - that path was taken care of on Tuesday.
Re: (Score:1)
Well, that's an irrational hot take. We need good law enforcement, and we need it both at the local and federal levels. Unfortunately the FBI is corrupt to the core. They've known my dad is a rapist and a Russian spy for decades and they are just playing dumb. Meanwhile their entire operation is as leaky as a sieve. This has been papered over as incompetence so many times it shouldn't matter any more whether it's just incompetence or malicious corruption. But who watches the watchers? Other than, apparently
Re: (Score:3)
I do not think it was sarcasm. One indicator of things starting to get really bad is when sarcasm and comments on reality start to sound very much alike.
Re: (Score:2)
Exactly.
FBI Reports: (Score:2)
lawful access (Score:5, Insightful)
Tell me again how 'lawful access' to encrypted data is a good idea.
Re: (Score:2)
Re: (Score:2)
Because nobody has time to wait upwards of 15 minutes during working hours or 30 to 45 minutes on Sunday at 3am to follow due process and actually get a judge to rubber stamp the request.
Re: (Score:2)
The silliest thing is that compromising an FBI email address seems to be all you need. Seriously, do they send the data by email too?
Send a request by email maybe, but it should only contain a link to a secure portal where you can see and verify the request and submit the data there. Or, use something else equally secure.
Re: (Score:2)
Oh, really? (Score:2)
So is anyone regretting now that tech companies have been trained to comply without any questioning, hesitation or public participation?
That's what we wanted.
Re: (Score:3)
A backdoor for anyone... (Score:5, Insightful)
Re: (Score:2)
Quite true. Well said.
Re: (Score:3)
A backdoor for anyone is a backdoor for everyone.
A hole's a hole.
Not collect the data in the first place (Score:2)
Simply, corporations could as best possible within existing regulations, not collect or store the data.
One of` the side-effectes (Score:5, Insightful)
... of a police state and its proto-forms: Impersonating the police gives you massive, unwarranted power.
Lemme guess (Score:2)
impersonation of a police officer / judge is an fe (Score:1)
impersonation of a police officer / judge is an felony
FBI solutions are SO WRONG (Score:2)
- law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication.
- The FBI said that private companies “should apply critical thinking to any emergency data requests received,” given that cybercriminals “understand the need for exigency.”
The companies should refuse requests that do not come through a process that incorporates digital docum
Great work FBI! (Score:2)
You have discovered something the rest of us knew years ago.
Authentication (Score:2)
Most home invasions begin with "open up, it's tthe police!"
Then you get murdered.
Or a rock concert, but probably murdered.
Stay strapped and demand authentication.