Apple and Meta reportedly leaked user data to criminals posing as public officials

The technology companies Meta, the parent company of Facebook, and Apple would have provided information about their users to cybercriminals who pretended to be the Police, according to Bloomberg in a recent publication.

YOU CAN SEE: WhatsApp wants to match Telegram and announces the sending of files up to 2 GB in size

As three people investigating the facts have advanced to this medium, both companies provided basic details of their users, such as addresses, telephone numbers or IP addresses, in the middle of last year, after receiving supposedly legal emergency requests.

Law enforcement routinely asks platforms and social networks for information about users, as part of criminal investigations. In the United States, the country of origin and center of operations of both companies, these requests most often include an order signed by the competent authority, in this case, a judge.

YOU CAN SEE: Instagram now lets you view feed posts in chronological order

Although companies only provide this information with a search warrant or subpoena signed by a judge in advance, emergency requests do not have these requirements, since they are intended to be used in cases of imminent danger.

Apple, for its part, has contacted Bloomberg to clarify the case and has sent him a section of its user data protection guidelines.

YOU CAN SEE: WhatsApp already allows you to react with emojis to messages in its beta version. When will it arrive for everyone?

They state that the government supervisor or law enforcement officer who urged the company to deliver that information “can be contacted” and that confirmation would be requested to determine that the emergency request “was legitimate,” according to these documents. .

Meanwhile, Meta’s spokesman, Andy Stone, has pointed out that the company has an exhaustive security system with respect to this type of request, to keep the information of its users safe.

“We review each data request for legal sufficiency and use our advanced systems to validate law enforcement requests and detect abuse”said this spokesman.

In addition, it has detailed that from Meta they block the accounts that have been identified as dangerous so that they do not issue these requests and that they work with the security forces to respond to incidents related to allegedly fraudulent requests.

However, on its own website it specifies that “depending on the circumstances” the company may voluntarily disclose information to the security forces when it has reason to believe that the matter “involves an imminent risk of serious physical injury or death”.

In addition to Apple and Meta, according to Bloomberg, Snapchat would also have received an apparently legal request from this group of cybercriminals, but it is unknown if it provided the required data.

For its part, the website Krebs on Security reported on Tuesday that the hackers would also have targeted the Discord platform. This later confirmed to Bloomberg that they also received a request of these characteristics.

“We verify these requests by verifying that they come from a legitimate source and we did so in this case”the Discord company pointed out in a statement.

“Although our verification process confirmed that the law enforcement account itself was legitimate, we later learned that it had been compromised by a malicious actor.”he explained and assured that he has already notified the case to the Police.

Andy Stone has pointed out that the company has an exhaustive security system with respect to this type of request, to keep the information of its users safe. (Photo: Greg Bulla/Unsplash)

VARIOUS APPLICATION SYSTEMS

Depending on the company or business in question, the procedure for making these urgent requests has certain differences.

Companies like Meta and Snapchat work from their own portals for law enforcement to submit legal requests, but they also accept email requests.

In addition, they monitor requests on an uninterrupted basis, according to the director of the cybersecurity company Recorded Future Inc. and former head of the cyber program at the Department of Homeland Security, Jared Der-Yeghiayan.

Instead, Apple accepts urgent lawful data requests through an apple.com email address.

POSSIBLE CONNECTIONS WITH LAPSUS$

According to investigations, cybercriminals associated with a group known as the Recursion Team are believed to be involved in these fakes and began submitting the requests throughout 2021.

Specifically, the mass sending of these requests began in January of last year and it is believed that they were sent through fraudulent email domains belonging to police organizations in various countries.

To provide a legitimate appearance, the cybercriminals included false signatures of real agents and other fictitious ones in these documents, as confirmed by two of these witnesses.

Instead, the third party told Bloomberg that by compromising law enforcement email systems, fraudsters could have found legitimate legal requests and used them as templates to replicate fake ones.

Although the Recursion Team is currently inactive, the researchers suspect that some of those involved in sending these fake requests might have connections to LAPSUS$.

This group of hackers, in which teenagers participate and whose intellectual author resides in England, has recently been attributed the theft of information and credentials from other large technology companies, such as Samsung, Nvidia, Okta or Microsoft.

By compromising law enforcement email systems, fraudsters could have found legitimate legal requests and used them as templates to replicate fake ones. (Photo: Diffusion)

Source: Elcomercio