Tech firms duped into abetting underage extortion – media — Analysis
To scare minors, fake legal demands are used.
A handful of Big Tech firms have been conned into turning over user data in response to phony law enforcement requests – data that is then used to extort and sexually harass those users, several sources familiar with the matter told Bloomberg on Tuesday.
Sources claimed that companies like Google, Apple Meta, Snap, Snap and Discord were tricked into giving user data to malicious actors, who use it to extort their victims. These fake law enforcement officers are said to target women and minors by forcing them to create and share explicit sexual material with threats of retaliation.
While these scams initially appeared to focus on financially extorting their victims, sexual extortion schemes have become disturbingly popular, according to Bloomberg’s law enforcement sources. They typically begin with a hacker compromising a law enforcement agency’s email system and forging an “emergency data request”You can target a certain social media user. When the company provides the requested information, the hacker can use it to compromise the target’s social media accounts outright or befriend them over a period of time, eventually coercing or blackmailing them into providing sexually explicit photos or videos.
Victims who don’t cooperate are subject to an array of retaliation tactics including “swatting,”A potentially dangerous prank involves making a threat to local 911 dispatchers. Police sent to the target’s home may be told the individual is violent, leading to potentially deadly confrontations. Other victims may be able to have their information uploaded to doxxing sites, which allows them to abuse others at will. The offending images will then be forwarded to friends and family, as well as employers.
Because emergency requests don’t require a court order signed by a judge, they are relatively easy to manufacture, and the social media companies themselves are not required to fork over the data. Most companies will supply this information, even if they are referring to an emergency situation. “imminent danger”Such as murder, suicide, or kidnapping.
Companies willingly turn over the names, IP addresses, emails, physical addresses, and sometimes even more information in response to such requests – often responding in the same way as they would to a court-ordered subpoena. And in some cases, the fake requests do come accompanied by a judge’s forged signature, which can reportedly be purchased for as little as $10 on the dark web.
Alex Stamos was the former chief security officers at Facebook. His call for security to be increased by police agencies and tech companies included confirmation callsbacks, multi-factor authentication and multiple factor authentication. This will make it difficult to steal emails and phone calls.
Snap, Discord, Snap, and Google spokespeople insisting that they are in contact with law enforcement. “validate”Twitter and Apple have declined comment to legitimate data requests. In the majority of cases where requested, companies supply the required data even without court orders. Meta is alleged to respond to 77%, and Apple apparently respects 93% of the emergency requests.
Reports of hackers and other criminals conning Big Tech firms into supplying user information initially surfaced last year, with at least one of the culprits – a teenager – linked to British cybercrime ring Lapsus$, a group with a history of allegedly hacking Microsoft, Samsung and Nvidia. According to Allison Nixon (chief research officer, cybersecurity firm Unit 221b), although many, if not all, of these perpetrators are minors this shouldn’t stop law enforcement from prosecuting them to their full extent. “We are now witnessing their transition to organized crime, and all the real world violence and sexual abuse that comes with it,”She urged authorities to investigate and take these into consideration “serious”Adult offenders.