Apple, Meta gave user data to hackers who used forged requests

Mar 31, 2022: According to a Bloomberg report, Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter.

Apple and Meta provided basic customer details, such as user address, phone number and IP address, by mid-2021 in response to fake “emergency data requests”. Generally, according to the source, such requests are only provided with a search warrant or a petition signed by a judge. However, court orders are not required for emergency petitions.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said.

City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.

According to the source who wished to remain anonymous, imposters were able to get details like physical addresses or phone numbers in response to falsified “emergency data requests,” which can slip past privacy barriers.

Criminal hackers have been compromising email accounts or websites tied to police or government and claiming they can’t wait for a judge’s order for information because it’s an “urgent matter of life and death,” cyber expert Brian Krebs wrote Tuesday.

Bloomberg news agency, which originally reported Meta being targeted, also reported that Apple had provided customer data in response to forged data requests.

The two tech giants did not officially confirm the incidents, but provided statements citing their policies in handling information demands.

Krebs wrote that when U.S. law enforcement officers want data on the owner of a social media account or the cell phone number associated with it, they have to submit an official warrant or petition for a court order. But in urgent cases, the authorities may request “emergency data”, which “largely ignores any official review and does not require the petitioner to provide court-approved documents,” he added.

The firm reviews every request for data for “legal adequacy” and uses “modern systems and procedures” to verify and detect misuse of law enforcement requests, Meta said in a statement.

The statement from Meta noted, “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case,”

Meanwhile, Apple said, “a supervisor for the government or law enforcement agent who submitted the… request may be contacted and asked to confirm to Apple that the emergency request was legitimate.”

Hackers affiliated with a cybercrime group known as “Recursion Team” are believed to be behind some of the forged legal requests, which were sent to companies throughout 2021, according to the three people who are involved in the investigation.

The information obtained by the hackers using the forged legal requests has been used to enable harassment campaigns, according to one of the people familiar with the inquiry. The information may be primarily used to facilitate financial fraud schemes. By knowing the victim’s information, the hackers could use it to assist in attempting to bypass account security.

According to sources, the fake lawsuits are part of a month-long campaign that targeted several technology companies and began in January 2021. Fake legal applications are believed to have been sent through hacked email domains by law enforcement agencies in several countries, according to the source and an additional person investigating the case.

The forged requests were made to appear legitimate. In some instances, the documents included the forged signatures of real or fictional law enforcement officers,  by compromising law enforcement email systems, the hackers may have found legitimate legal requests and used them as a template to create forgeries, according to one of the sources.

Stay tuned to BaaghiTV for latest news and Updates!

China issues NTSB investigators visas for China Eastern crash probe