Reports are indicating that both Apple and Meta provided customer data after a recent hacking attack involving phony legal requests. The report comes from three sources with knowledge of the situation.
Hackers Attacking Apple and Meta
In mid-2021, the two companies gave personal subscriber details in a response to a forged “emergency data request.” According to Bloomberg, information provided includes addresses, phone numbers and IP addresses.
Typically, a judge needs to sign a search warrant or subpoena for companies to submit information to the authorities. However, an emergency request would not require a signature.
Similarly, camera company Snap also received a phony legal request. The attack on Snap came from the same group of hackers attacking Meta and Apple. Snap has not made a statement regarding its response to the attack. At this time, it is unknown just how many requests for information the hackers submitted.
Concerning the hacking attacks on Apple and Meta, experts and researchers in cybersecurity suspect that the hackers may be a group of minors. Sources say the attacks may be coming from the U.S. or the U.K. Officials suspect that the hacking group has a member closely affiliated with Lapsus$. Additionally, this new hacking group is responsible for attacking Microsoft, Samsung and Nvidia. Recently, London police arrested seven individuals in an investigation involving the Lapsus$.
In a conversation with Bloomberg, Apple referred the publication to its section on law enforcement guidelines. The guidelines state that a supervisor for the government or law enforcement agent who submits the request may be contacted and asked to confirm the emergency request to the company. From there, emergency requests typically are submitted only if an imminent threat of danger is possible.
How Hackers use the Data
Sources say the hackers are using the information obtained illegally to carry out harassment campaigns. They go on to say the personal information obtained from the hacking attempts on Apple and Meta is likely to aid in financial fraud schemes. Additionally, it is likely that the hackers found legitimate legal requests and submitted them with forged signatures from real and fictional people.
Both Apple and Meta publish its data concerning compliance of emergency data requests. In fact, from July to December of 2020, Apple received 1,162 emergency requests spanning 29 countries. Sources say Apple provided data in response to 93% of requests. On the other hand, Meta received 21,700 global requests from January to June of 2021. Meta provided customer data in 77% of the requests.
Apple accepts legal requests through an apple.com email address. The company states that requests are only accepted from official email addresses of the requesting agency. However, many email domains for law enforcement around the world can have its login information sold by online criminal marketplaces.
Moreover, Gene Yoo, chief executive officer for cybersecurity firm Resecurity states that multiple law enforcement agencies were targets in 2021.