Hackers Pose as Police to Trick Tech Companies Into Sharing Private Data
By
iamnothere
Lightly browned and well buttered. A solid pick from the rack.
Summary
Hackers are successfully obtaining sensitive personal data from major tech companies by posing as law enforcement officers. Using spoofed email addresses and easily forged emergency data request documents, these doxing-as-a-service groups trick companies into handing over names, addresses, phone numbers, and email addresses. The article reveals how simple it is for malicious actors to bypass security protocols at large corporations, highlighting significant vulnerabilities in how tech companies verify law enforcement requests.
Key quotes
· 3 pulledWhen a privacy specialist at the legal response operations center of Charter Communications received an emergency data request via email on September 4 from Officer Jason Corse of the Jacksonville Sheriff's Office, it took her just minutes to respond, with the name, home address, phone numbers, and email address of the 'target.'
But the email had not in fact come from Corse or anyone else at the Jacksonville Sheriff's Office. It was sent by a member of a hacking group that provides doxing-as-a-service to customers willing to pay for highly sensitive personal data held by tech companies.
A spoofed email address and an easily faked document is all it takes for major tech companies to hand over your most personal information.
You might also wanna read
The Legal Risks of Private Sector Cyber Offense: When Hacking Back Means Federal Prison
The article explores the legal and ethical tensions facing private companies that want to launch offensive cyber operations against threat a
lawfaremedia.org·1d ago
Cybercriminals Use Stolen Hotel Reservation Data to Launch Targeted Phishing Attacks on Travelers
Security researchers have discovered that cybercriminals are stealing real hotel reservation data from at least 350 hotels across 50 countri
wired.com·1d ago