PARIS, April 27 (Benin News / EP) –
Tech giants such as Apple, Meta, Alphabet (the parent company of Google), Snap, Twitter and Discord. were tricked by a group of hackers into providing personal information about their consumers, which was then used to harass and extort women and minors.
Cybercriminals have a new tool to obtain personal information that can be used for harassment and extortion, as well as financial gain through social engineering.
This new tactic allows attackers to impersonate law enforcement officers, Bloomberg reports, citing sources involved in the investigation. This method, which has become popular in recent months, involves tricking companies into sending an emergency data request to access the personal information of their user base by posing as law enforcement agencies. .
An emergency data request is a procedure used by law enforcement agencies in the United States to collect information from companies that provide services claiming that it is a situation emergency, such as the prevention of suicide, murder or kidnapping.and don’t have time to file a summons.
Deceived companies, including Apple, Meta, Alphabet, Snap, Twitter and Discord, generally have no legal obligation to provide the data requested, as emergency requests generally do not include a signed order from a judge. However, they generally agree to do so as a sign of “good faith”.
The method employed by cybercriminals varies, but generally follows a pattern that begins with the hacker. attack the email system of a foreign law enforcement agency.
Next, the attacker forges an emergency data request, which he sends to a technology company to request personal information about a user’s account. The data provided varies from company to company. Typically, it includes the user’s name, IP address, email address, and home address.
The main targets of these cybercriminals are women and children. In some cases, the abuser goes so far as to pressure them to create and share sexually explicit content by threatening them with reprisals if they do not comply with their wishes..
Facebook’s former chief security officer and now consultant, Alex Stamostold US media that law enforcement will need to focus on preventing user accounts from being compromised. It does this by offering multi-factor authentication and “better analysis of user behavior”.
Technologies should, for their part, “implement a confirmation policy” through phone calls, in addition to asking law enforcement to use their dedicated portals to better detect possible account theft.