An Interest In:
Web News this Week
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
- April 11, 2024
- April 10, 2024
- April 9, 2024
Some of Our Sources
- BoingBoing
- The Logo Smith
- Fuel Your Creativity
- Inspiredology
- Naldz Graphics
- Web Design Ledger
- Reencoded
- Specky Boy
- Android Headlines
- The Verge
Help Webnuz
Referal links:
March 29, 2022 04:03 pm
Original Link: https://news.slashdot.org/story/22/03/29/162259/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests?utm_source=rss1.0mainlinkanon&utm_m
Hackers Gaining Power of Subpoena Via Fake 'Emergency Data Requests'
Krebs on Security reports: In the United States, when federal, state or local law enforcement agencies wish to obtain information about who owns an account at a social media firm, or what Internet addresses a specific cell phone account has used in the past, they must submit an official court-ordered warrant or subpoena. Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name. But in certain circumstances -- such as a case involving imminent harm or death -- an investigating authority may make what's known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents. It is now clear that some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately. In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR -- and potentially having someone's blood on their hands -- or possibly leaking a customer record to the wrong person. "We have a legal process to compel production of documents, and we have a streamlined legal process for police to get information from ISPs and other providers," said Mark Rasch, a former prosecutor with the U.S. Department of Justice. "And then we have this emergency process, almost like you see on [the television series] Law & Order, where they say they need certain information immediately," Rasch continued. "Providers have a streamlined process where they publish the fax or contact information for police to get emergency access to data. But there's no real mechanism defined by most Internet service providers or tech companies to test the validity of a search warrant or subpoena. And so as long as it looks right, they'll comply." To make matters more complicated, there are tens of thousands of police jurisdictions around the world -- including roughly 18,000 in the United States alone -- and all it takes for hackers to succeed is illicit access to a single police email account.at Slashdot.
Original Link: https://news.slashdot.org/story/22/03/29/162259/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests?utm_source=rss1.0mainlinkanon&utm_m
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot