Hackers disguised as police trick ISPs into handing over customer data

Pixabay | geralt
(Image credit: Pixabay | geralt)

Hackers are now stealing the identities of law enforcement agencies and using them to force companies into giving away sensitive customer information.

The revelation was explained in detail by researchers from KrebsOnSecurity, a cybersecurity blog.

According to the report, all crooks need is access to a single email address belonging to any law enforcement agency, and a little knowledge about something called an Emergency Data Request (EDR).

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

A race against time

Usually, when police want data from companies such as Internet Service Providers (ISP), web hosting firms and others, they need a court order or subpoena, which involves a relatively lengthy application process.

Sometimes, however, police need to act quickly to prevent possible injury or death. In such instances, they can submit an EDR and demand the data be handed over immediately.

When businesses receive such a request, especially if it comes from a legitimate email address, they have a choice: either investigate whether the request is valid and potentially risk someone’s death, or hand over the data.

Data management is a major challenge, especially for large businesses, and most of these companies have dedicated departments working exclusively on such matters. At the same time, though, there are thousands of law enforcement agencies they are constantly in touch with. In the US alone, KrebsOnSecurity reminds, there are 18,000 police jurisdictions.

Researchers have previously linked identity theft and EDR abuse with Lapsus$, a threat group that has been making headlines recently with breaches of high-profile targets such as Samsung, Nvidia and Microsoft.

Allegedly, a person who could very well be the founder of Lapsus$ recently advertised a "subpoena service" designed to help hoodwink companies into handing over data.

Via KrebsOnSecurity

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.