Linked: Data From Fake Legal Requests Used to Sexually Extort Minors
This is an interesting hack, for a few reasons.
“The exact method of the attacks varies, but they tend to follow a general pattern, according to the law enforcement officers. It starts with the perpetrator compromising the email system of a foreign law enforcement agency.
Then, the attacker will forge an “emergency data request” to a technology company, seeking information about a user’s account, the officers said. Such requests are used by law enforcement to obtain information amount online accounts in cases involving imminent danger such as suicide, murder or abductions.
In return, the companies provide the attacker with basic subscriber information — the same data provided to law enforcement in response to a court-ordered subpoena, said law enforcement officials and people familiar with the legal processes.”
This is for all of the “If you’re not doing anything wrong” crowd. Law enforcement agencies get hacked. Allowing law enforcement agencies to collect and monitor all kinds of data, like location tracking, facial recognition, etc. is an invitation for someone to try and get that information and use it against an individual.
In this case, we have an emergency process. There are good reasons to have that process, if someone is threatening violence to themselves on social media, it’s useful for the tech company to share some information with law enforcement so they can be reached. But, having the ability to get that kind of response from tech companies is also an invitation to hackers. If they can create a fake emergency request they can collect personal information about any user. They can then use that information to target that individual.
When you create that kind of system, the request needs to be coming from a safe, verified, source. When the source is compromised, and the receiver doesn’t have an excellent validation process, bad things are going to happen.
Because when you have that kind of data, people will try and do bad things with it.
Think about that the next time you tell us not to worry about what data law enforcement and corporations have about us.
