The FBI says hackers have compromised government and law enforcement email addresses to submit “urgent” data requests and obtained personal user information, including emails and phone numbers, from U.S.-based technology companies. warns.
The FBI's public notice filed this week is a rare acknowledgment by the federal government of the threat posed by fraudulent emergency data requests. This is a legal process designed to help law enforcement and federal authorities obtain information from businesses in response to an imminent threat affecting someone's life or property. Abuse of emergency data requests is not new and has been widely reported in recent years. Currently, the FBI is warning that it has confirmed an “increase” in criminal postings online around August promoting fraudulent emergency data access and fraudulent requests, and is publishing them for public awareness. I am doing it.
“Cybercriminals gained access to compromised U.S. and foreign government email addresses and used them to execute fraudulent emergency data requests to U.S.-based companies, allowing customers' personal information to be used for further criminal purposes. may be used in,” the FBI advisory states.
Police and law enforcement agencies in the United States typically require some legal justification to seek and obtain access to personal data that companies store on their servers. Typically, for an individual's private content, such as files, emails, and messages, police must have sufficient evidence of a possible crime before a U.S. court can issue a search warrant that allows police to request that information from a private company. must be provided. Police can issue subpoenas without going to court and access basic account information such as username, account login information, email address and phone number, and in some cases a limited amount of information about the user. You can request companies to do so. Approximate location.
There are also emergency requests, which allow law enforcement to request personal information from businesses on an urgent basis when there is imminent danger and there is no time to seek a court order.
Federal authorities claim that some cybercriminals are taking advantage of this emergency request.
The FBI said in its advisory that it has identified multiple public posts from 2023 to 2024 by known cybercriminals claiming access to email addresses used by U.S. law enforcement agencies and some foreign governments. said. The FBI says this access was ultimately used to send fraudulent subpoenas and other legal requests to U.S. companies seeking personal user data stored on the system.
According to the advisory, cybercriminals were able to impersonate law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests refer to false threats, such as human trafficking allegations, and in some cases, individuals will “suffer severely or die” if the company in question does not return the requested information. It was assumed that it would become.
The FBI says that compromised access to law enforcement accounts could allow hackers to create legitimate-looking subpoenas, allowing companies to collect usernames, emails, phone numbers, and other user information. He said he had to hand over his personal information. However, not all fraudulent attempts to file emergency data requests were successful, the FBI said.
According to a 2022 Bloomberg report, cybercriminals frequently use requested data to harass, identify personal information, and target individuals with financial fraud schemes, and at the time, hackers hacked Apple, Facebook, and more. It was revealed that the company had obtained user information from customers of Meta, the owner of Book and Instagram. , by submitting fraudulent emergency data requests. Snap, the maker of Snapchat, and Discord were also reportedly targeted.
Apple, Google, Meta, and Snap store vast amounts of their customers' personal data and collectively receive tens of thousands of emergency data requests each year.
Bloomberg reported in 2022 that some of the fraudulent emergency data requests date back to early 2021 and were carried out by groups primarily made up of teenagers and young adults, including Recursion Team and Lapsus$, which later carried out the hack. Some of the world's biggest companies, including Uber.
In its recommendations, the FBI said law enforcement agencies should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said private companies should “apply critical thinking to any urgent data requests they receive,” given that cybercriminals “understand the need for urgency.”