It is revealed that Apple and Meta were sharing user data with hackers impersonating law enforcement agencies

Bloomberg reports that Apple and Facebook's parent company, Meta, provided user data to hackers impersonating law enforcement agencies.

Apple, Meta Gave User Data to Hackers With Forged Legal Requests (AAPL, FB) --Bloomberg

https://www.bloomberg.com/news/articles/2022-03-30/apple-meta-gave-user-data-to-hackers-who-forged-legal-requests

Apple and Meta shared data with hackers pretending to be law enforcement officials --The Verge
https://www.theverge.com/2022/3/30/23003600/apple-meta-shared-data-hackers-pretending-law-enforcement-officials

If you want to know the SNS account owner or the Internet address used in the past on a specific mobile phone, a court warrant / subpoena is required in the United States. However, in an emergency, it is possible to make 'Emergency Data Requests (EDR)' that skip the issuance of warrants and summons. Bloomberg reports revealed that the hacker who forged this EDR had obtained user data such as customer addresses, phone numbers, and IP addresses from Apple and Meta. It has been revealed that Snap, the developer of the photo sharing application Snapchat, also received a similar forged EDR, but it is unknown whether it provided user data at the time of writing the article.

Cybersecurity researchers suspect that some of the hackers sending this forged EDR are minors in the United Kingdom and the United States. One of the suspects seems to be believed to be the mastermind of the cybercriminal group LAPSUS $, which hacked Microsoft and Samsung .

The City of London Police in the United Kingdom has arrested seven young people aged 16 to 21 who are believed to be related to LAPSUS $, but the mastermind has not been identified.

Seven young people, including a 16-year-old teenager, are arrested for being associated with the hacker group 'LAPSUS $' that attacked Microsoft and Samsung-GIGAZINE

In response to Bloomberg's inquiry, a Meta spokeswoman said, 'We have legally considered all data requirements, used advanced systems and processes to review law enforcement requirements, and abused them. We are trying to detect it. Similarly, we will block known compromised accounts from making requests and work with law enforcement agencies to address suspected fraudulent requests. ' Apple has provided its law enforcement guidelines, saying that Snap has taken precautions to detect fraudulent requests from law enforcement agencies.

Hackers belonging to a cybercrime group called 'Recursion Team' are believed to be behind the 'counterfeit EDR' sent to companies throughout 2021, according to three sources who were involved in the investigation. pattern. The Recursion Team is not active at the time of writing the article, but many of its members are in other hacking groups such as LAPSUS $.

According to a person familiar with the investigation, the information obtained by hackers using counterfeit EDRs may have been used specifically to promote financial fraud plans. According to another source, the campaign to send counterfeit EDRs is targeting tech companies and started in January 2021. The counterfeit EDR contains the signature of a fictitious law enforcement officer, who points out that 'a hacker may have obtained the EDR template by violating the law enforcement agency's mail system.' ..

From July to December 2020, Apple received requests to comply with 1162 emergency data requests from 29 countries, 93% of which. Meanwhile, Meta received requests to comply with 21,700 emergency data requests worldwide from January to June 2021, of which 77% were met.

Security expert Brian Krebs had just pointed out that hackers used counterfeit EDRs to retrieve user data.

Hackers are effectively using fake 'emergency data requests' to steal IPS and telco customer data-GIGAZINE