Hackers affiliated with cyber-crime group ‘Recursion Team’ believed to be behind some forged requests
Apple and Meta, the parent company of Facebook, provided customer data to hackers who pretended to be law-enforcement officials, sources said.
Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests”.
Normally, such requests are only provided with a search warrant or subpoena signed by a judge, the sources said. But emergency requests do not require a court order.
Snap received a forged legal request from the same hackers, but it is not known whether the company provided data in response.
It is also not clear how many times the companies provided data after receiving forged legal requests.
Cyber-security researchers suspect that some of the hackers sending the forgeries are minors in the UK and the US.
One minor is also believed to be the leader of the cyber-crime group Lapsus$, which hacked Microsoft, Samsung and Nvidia, among others, the sources said.
City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group. The inquiry is continuing.
An Apple representative referred Bloomberg News to a section of its law-enforcement guidelines.
The guidelines say a supervisor for the government or law-enforcement agent who submitted the request “may be contacted and asked to confirm to Apple that the emergency request was legitimate”.
“We review every data request for legal sufficiency and use advanced systems and processes to validate law-enforcement requests and detect abuse,” Meta spokesman Andy Stone said.
“We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”
Snap had no immediate comment on the case, but a representative said the company had protection in place to detect fraudulent requests.
Law enforcement around the world routinely asks social media platforms for information about users as part of criminal investigations. In the US, such requests usually include a signed order from a judge.
The emergency requests are intended to be used in cases of imminent danger.
Hackers affiliated with a cyber-crime group known as “Recursion Team” are believed to be behind some of the forged legal requests.
The requests were sent to companies throughout 2021, the sources said.
Recursion Team is no longer active, but many of its members continue to carry out hacks under different names, including as part of Lapsus$, they said.
The information obtained by the hackers using the forged legal requests has been used to enable harassment campaigns, one source said.
The sources said it might be primarily used in financial fraud schemes. The hackers could use the victim’s information to try to bypass account security.
Comments