Criminals Exploiting FBI Emergency Information Requests
I’ve been writing about the issue with lawful-access backdoors in encryption for many years now: that as quickly as you create a mechanism for legislation enforcement to bypass encryption, the dangerous guys will use it too.
Seems the identical factor is true for non-technical backdoors:
The advisory mentioned that the cybercriminals had been profitable in masquerading as legislation enforcement by utilizing compromised police accounts to ship emails to firms requesting consumer knowledge. In some circumstances, the requests cited false threats, like claims of human trafficking and, in a single case, that a person would “endure tremendously or die” until the corporate in query returns the requested data.
The FBI mentioned the compromised entry to legislation enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in firms turning over usernames, emails, cellphone numbers, and different non-public details about their customers.
Sidebar picture of Bruce Schneier by Joe MacInnis.