FBI Says Hackers Are Sending Fraudulent Police Data Requests To Tech Giants To Steal People's Private Information

The FBI is warning that hackers are obtaining private user information -- including emails and phone numbers -- from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. From a report: The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property.

The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness. "Cyber-criminals are likely gaining access to compromised U.S. and foreign government email addresses and using them to conduct fraudulent emergency data requests to U.S. based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory.

The FBI is furious

[Rosco P. Coltrane]

Stealing people's private information is THEIR thing and nobody else's.

Re:The FBI is furious

[Sebby]

Stealing people's private information is THEIR thing and nobody else's.

I'm sure you're posting this as sarcasm, but unfortunately it's absolutely true - and this current "problem" is of their own making: they insisted that they needed this "emergency way" of getting people's information, and just like any other 'backdoor' it's being abused by other bad guys.

Re:

[quonset]

why haven't we de-funded all these assholes already? shut down the police now. i don't feed i need to be "policed", by anyone.

If women have to be policed so they can't exercise bodily autonomy, so do you for whatever you do.

Re:

[LazarusQLong]

everybody says that they don't need police all the way up until their _______ gets stolen!

Re:

[Anonymous Coward]

Men lack bodily autonomy as well.

Men have no right to their foreskins. They lose them before they are even old enough to decide whether or not they want to keep them. "My body my choice" does not apply to men.

Furthermore, men must all register for the draft. There hasn't been one in the USA for a long time, but we all know how eager our government has been to force men to go to foreign lands and die in a conflict that we don't even intend to win. Men, at the government's whim, lose absolute control of t

Careful what you wish for....

[NoMoreDupes]

why haven't we de-funded all these assholes already? shut down the police now. i don't feed i need to be "policed", by anyone.

You'll get your wish soon - that path was taken care of on Tuesday.

Re:

[Narcocide]

Well, that's an irrational hot take. We need good law enforcement, and we need it both at the local and federal levels. Unfortunately the FBI is corrupt to the core. They've known my dad is a rapist and a Russian spy for decades and they are just playing dumb. Meanwhile their entire operation is as leaky as a sieve. This has been papered over as incompetence so many times it shouldn't matter any more whether it's just incompetence or malicious corruption. But who watches the watchers? Other than, apparently

Re:

[gweihir]

I do not think it was sarcasm. One indicator of things starting to get really bad is when sarcasm and comments on reality start to sound very much alike.

Re:

[gweihir]

Exactly.

FBI Reports:

[byronivs]

After retrieving and logging and warehouse all of the data, it's time to turn to the very bad people that made us do that. "Stop it! Ow."

lawful access

[awwshit]

Tell me again how 'lawful access' to encrypted data is a good idea.

Re:

[Valgrus Thunderaxe]

"Lawful access" used to mean a warrant. Why are these companies just handing over this data and not pushing back against any of this?

Re:

[ebunga]

Because nobody has time to wait upwards of 15 minutes during working hours or 30 to 45 minutes on Sunday at 3am to follow due process and actually get a judge to rubber stamp the request.

Re:

[ls671]

The silliest thing is that compromising an FBI email address seems to be all you need. Seriously, do they send the data by email too?

Send a request by email maybe, but it should only contain a link to a secure portal where you can see and verify the request and submit the data there. Or, use something else equally secure.

Re:

[LazarusQLong]

wowzers! That is how we in the DoD are supposed to operate. Why wouldn't the FBI?

Oh, really?

[bickerdyke]

So is anyone regretting now that tech companies have been trained to comply without any questioning, hesitation or public participation?

That's what we wanted.

Re:

[byronivs]

What are you talking about? I've always wanted that. May the king live forever! {goes back to hanging tin can and bone alert bells at property perimeter} I sleep great.

A backdoor for anyone...

[PubJeezy]

A backdoor for anyone is a backdoor for everyone.

Re:

[gweihir]

Quite true. Well said.

Re:

[quonset]

A backdoor for anyone is a backdoor for everyone.

A hole's a hole.

Re:

[geekmux]

A backdoor for anyone is a backdoor for everyone.

When your verification policies literally allow hackers to impersonate law enforcement, that’s hardly a “backdoor”. You’re abusing human ignorance and stupidity here. Those who created these policies could easily correct them. And they should.

Not collect the data in the first place

[will4]

Simply, corporations could as best possible within existing regulations, not collect or store the data.

One of` the side-effectes

[gweihir]

... of a police state and its proto-forms: Impersonating the police gives you massive, unwarranted power.

Lemme guess

[Malay2bowman]

They thought "security through obscurity" was actual security. :-(

impersonation of a police officer / judge is an fe

[Joe_Dragon]

impersonation of a police officer / judge is an felony

FBI solutions are SO WRONG

[laughingskeptic]

These are the FBI's solutions:
- law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication.
- The FBI said that private companies “should apply critical thinking to any emergency data requests received,” given that cybercriminals “understand the need for exigency.”

The companies should refuse requests that do not come through a process that incorporates digital docum

Great work FBI!

[Local ID10T]

You have discovered something the rest of us knew years ago.

Authentication

[bill_mcgonigle]

Most home invasions begin with "open up, it's tthe police!"

Then you get murdered.

Or a rock concert, but probably murdered.

Stay strapped and demand authentication.