Google confirms hackers created their own account in sensitive law enforcement portal

News
By published

Infamous group accessed Google's Law Enforcement Request System

Malware attack virus alert , malicious software infection , cyber security awareness training to protect business
(Image credit: Shutterstock)
  • Cybercriminals created a fraudulent account on Google’s Law Enforcement Request System
  • No user data was accessed, but the breach raises concerns about flaws in Google’s approval process
  • The group behind the incident, Scattered Lapsus$ Hunters, is linked to major recent data breaches and went “dark” shortly before posting the screenshot

Cybercriminals managed to get their own account on the Google Law Enforcement Request System (LERS) platform, the search engine giant confirmed to the media earlier this week.

Recently, threat actors going by “Scattered Lapsus$ Hunters” posted a new screenshot in their Telegram channel, allegedly showing an automated confirmation email from Google.

“Google has created a new Law Enforcement Request System (LERS) account for you,” the screenshot says.

Disabled the account

LERS is a secure online portal that Google provides specifically for verified law enforcement agencies. Through it, the police can submit requests for user data, such as subpoenas, court orders, or search warrants. Through this system, authorized officers can upload documents, monitor the status of their requests, and download the sensitive data.

To gain access to LERS, one must be pre-approved by Google. Simply having an agency email address won’t suffice - they need to be added to Google’s approved list, which raises the question - how did the criminals do it? Either Google’s approval system is flawed, or crooks somehow managed to impersonate law enforcement personnel.

After news broke, BleepingComputer reached out to both Google, and the FBI, and while the latter declined to comment, Google confirmed the cybercriminals’ claims:

"We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account," Google told the publication. "No requests were made with this fraudulent account, and no data was accessed."

Scattered Lapsus$ Hunters is a threat actor created after three groups - Scattered Spider, Lapsus$, and ShinyHunters - merged into one. The group is suspected to be behind some of the biggest data breaches this year, including the Drift AI/Salesloft incident that affected dozens of large tech companies.

Mere days before posting this screenshot, the group announced it was “going dark”, which some threat actors interpreted as a sign of fear over the impending consequences of the recent attacks.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.