In an article published on March 30, Bloomberg details how Meta, Apple, Snap and Discord were probably fooled by hackers posing as law enforcement.
Hackers impersonate law enforcement to claim personal data
The facts took place in the course of the year 2021. To achieve their ends, the hackers made themselves impersonate members of law enforcement agencies from several countries. By hacking their email addresses, they managed to send requests “legal”, but falsified. Several large technology companies have been caught in the trap. This is the case of Meta, Apple, Snap and Discord. Each of these companies sent personal data relating to some of their users…
Ukrtelecom, major ISP in Ukraine, victim of a “powerful cyberattack”
The information sent concerns postal addresses, telephone numbers or IP addresses. For the moment, the companies concerned have not confirmed these accusations. In reality, it is not surprising that entities in charge of law enforcement request data from the web giants to deepen their investigations. In case of “imminent danger”, they do not require approval. The hackers of “Recursion Team”that’s their name, have therefore based their requests on this criterion.
Have the tech giants been fooled?
According to several sources, the mastermind of the operation is also the hacker behind the Lapsus$ group. A very powerful gang of cybercriminals, who recently attacked Ubisoft, Samsung, Nvidia, or more recently Microsoft. To retrieve identifiers from law enforcement authorities, the hackers did not have much difficulty. This data was available on the dark web. In some cases, the hackers were even able to recover the forged signatures of law enforcement agents.
Discord is the only group to have spoken on this matter. Peter Day, VP Communications at the social network, said that “Our verification process confirmed that the law enforcement account was legitimate, we later learned that it had been compromised by a malicious actor. We have since investigated this illegal activity and notified law enforcement of the compromised email account.”. If these accusations are confirmed, this tactic poses a significant threat for the tech industry and the companies involved are going to have to rethink their verification systems.