Hackers posing as cops pry user data out of Apple

By

Hackers using forged emergency law enforcement requests got user data from Apple and Meta.
Hackers using forged emergency law enforcement requests got user data from Apple and Meta.
Photo: Clint Patterson

In the middle of last year, Apple and Facebook parent company Meta Platforms gave customer data to hackers. They enticed the companies by pretending to be law enforcement officials, three people with knowledge of the matter said.

Apple and Meta gave user data to hackers posing as cops

Bloomberg reported Wednesday that three people familiar with the situation said Apple and Meta provided basic subscriber details — such as customer address, phone number and IP address — after receiving forged “emergency data requests.”

The publication noted that “normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, such emergency requests don’t require a court order.”

Snapchat owner Snap also reportedly received a forged legal request from the same hackers. But it’s unclear if the company provided information.

Information the hackers got through the forged requests was used to enable harassment campaigns, according to one of Bloomberg‘s sources. The three people noted such information may be used mainly for financial fraud schemes. Having the victim’s information, hackers could use it in attempts to bypass account security.

Company responses

In response to Bloomberg, an Apple representative referred to a section of its law enforcement guidelines rather than making a formal comment. As noted by the publication:

The guidelines referenced by Apple say that a supervisor for the government or law enforcement agent who submitted the request ‘may be contacted and asked to confirm to Apple that the emergency request was legitimate,’ the Apple guideline states.

And Meta issues a response as follows, per a statement from spokesman Andy Stone:

We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse. We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.

Snap offered no comment, other than to say it has safeguards in place to deal with fraudulent law enforcement requests.

Who are the hackers?

According to Bloomberg, “hackers affiliated with a cybercrime group known as ‘Recursion Team’ are believed to be behind some of the forged legal requests.”

Cybersecurity researchers indicated some of the hackers could be minors located in the U.K. and the U.S. And one of them may be the mastermind behind Lapsus$. That cybercrime group hacked Microsoft, Samsung and Nvidia.

Allison Nixon, chief research officer at Unit 221B, defended the Apple and Facebook  teams handling law enforcement contact.

“In every instance where these companies messed up, at the core of it there was a person trying to do the right thing,” she said. “I can’t tell you how many times trust and safety teams have quietly saved lives because employees had the legal flexibility to rapidly respond to a tragic situation unfolding for a user.”

Bloomberg noted both Apple and Meta publish data on their compliance with emergency data requests. From July to December 2020, Apple received 1,162 emergency requests. It provided data in response to 93% of them. Facebook got 21,700 emergency requests from January to June 2021. It provided responses to 77% of them.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.