Although at first glance it seems that we are talking about the script of a spy comedy, unfortunately it is reality. And it is that large companies like Apple, Facebook, Snap and Discord would have shared some personal data of their users, by mistakeafter a group of hackers simply asked them.
Although in reality this is nothing more than a great synthesis. In reality, as explained by Bloomberg, the perpetrators used some emailspreviously pirated, linked to legitimate law enforcement personnelthus being able to successfully trick companies into handing over the data without further suspicion.
And it is not uncommon for companies like Apple and Facebook to receive requests of this type from law enforcement, even having teams entirely dedicated to responding to these requests. Some petitions that, although as a rule are usually accompanied by a court order, are also usually presented under cases of “emergency” in which law enforcement forces request some data without the need to provide any documents.
In fact, part of the problem comes, as explained by Jared Der-Yeghiayan, director of the cyber security firm Recorded Future Inc. and former cyber program leader at the Department of Homeland Security that “there is no system or a centralized system to send these things […] Each agency handles them differently”.
Tactic that hackers took advantage of, who would have posed as different law enforcement forces to request personal information about some specific users with the aim of “facilitating financial fraud schemes”.
Meta spokesman Andy Stone said the company has security measures in place to verify legal requests and detect abuse. “We block known compromised accounts from making requests and we work with law enforcement to respond to incidents involving suspected fraudulent applications, as we have done in this caseStone said.
For their part, Apple and Snap also pointed to the company’s guidelines, saying they have policies to verify the legitimacy of user data requests. But these safeguards can fail if the requests appear to come from emails associated with legitimate law enforcement agencies.
Additionally, a Discord spokesperson claimed that “We can confirm that Discord received requests from a legitimate law enforcement domain and complied with the requests in accordance with our policies. We verify these requests by verifying that they come from a genuine source, and we did so in this case. While our verification process confirmed that the law enforcement account was legitimate, we later learned that she had been compromised by a malicious actor. We have since conducted an investigation into this illegal activity and notified law enforcement of the compromised email account.”.
Thus, although at the moment it has not been possible to confirm, security researchers seem to be pointing out that some of the people involved in this attack would be components of the well-known Lapsus$ groupprotagonist of some of the last great episodes.