Apple, Meta, Twitter and other tech giants have been tricked by hackers, and may have contributed to the extortion of minors and women. Criminals impersonate police officers to obtain sensitive personal data from users of these companies, and then contact them.
This tactic had previously been employed in financial fraud, but now it has also been used to sexually extort victims, who are forced to produce and send intimate photos and videos. Google, Snap and Discord are also among the companies targeted by the scam.
It is unknown how many false requests for data big techs have received, as they appear to come from legitimate law enforcement agencies. According to US officials, these incidents have become “more prevalent” in recent months.
How to protect?
This scam is especially effective as the victims didn’t even have a chance to protect themselves — simply using the platforms left them exposed. The only way to avoid it is not to use the services of the companies, which is almost impossible these days.
Hackers have been successful because tech giants typically respond to emergency appeals from authorities (cases of imminent danger, such as suicide, murder or kidnapping) by sharing a limited amount of information first, even without a court order, in good faith. , and asking questions later.
The data sent usually includes name, IP, email and physical address. It’s not much, but more than enough for criminals to carry out phishing practices (getting passwords, card number, etc.), doxing (disclosure of personal information), swatting (sending a police team to the person’s home) and other scams.
According to Bloomberg, some of the hackers hacked into victims’ social media accounts to obtain intimate photos and videos, or befriended women and minors, encouraging them to send explicit images.
They also threatened to leak this content to friends, family and school principals if they didn’t comply with some orders. In some cases, victims were pressured to cut their skin with the name of the hacker.
Many of the criminals are believed to be teenagers residing in the United States and other countries.
Is there a solution?
And now, how to differentiate the fake authorities from the real ones, without compromising the progress of justice? “No one wants technology companies to deny legitimate emergency requests when someone’s safety is at stake,” said Senator Ron Wyden. “But the current system has clear weaknesses that need to be addressed.”
“We review all data requests and use advanced systems and processes to validate law enforcement requests and detect abuses,” Meta spokesperson Andy Stone told Engadget. “We block compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests.”
Big techs may have to implement some sort of “two-factor authentication” with the police, such as a callback, or even a specific system for carrying out these requests, in which it would be easier to detect a hacker intrusion.
