The recent increase in cybercriminal services using hacked police email accounts to send unauthorized subpoenas and customer data requests to technology companies has prompted the Federal Bureau of Investigation (FBI) to issue a warning to police departments and governments worldwide. The FBI is urging these entities to enhance the security around their email systems to prevent fraudulent emergency data requests (EDRs) conducted by cybercriminals.
According to a recent alert published by the FBI, there has been a surge in postings on criminal forums discussing the sale of email credentials stolen from government agencies and police departments. Cybercriminals are gaining access to compromised US and foreign government email addresses to carry out fraudulent EDRs to US-based companies, exposing personal information of customers for criminal purposes.
The process of obtaining information about an account at a technology provider requires official court-ordered warrants or subpoenas from law enforcement agencies. However, cybercriminals have been using fake EDRs to request account data without proper documentation, putting companies in a dilemma of compliance or potential data leaks.
These fraudulent EDRs often bypass official review processes and do not require the submission of court-approved documents, making it challenging for companies to verify their legitimacy promptly. As a result, companies are faced with the decision of complying with the requests to prevent potential harm or risking customer data exposure to unauthorized parties.
The compliance rate with these requests has been notably high, with major technology companies like Verizon receiving a substantial number of law enforcement demands for customer data. Some cybercriminals, such as “Pwnstar,” have been selling fake EDR services on various cybercrime forums, claiming to control government emails from multiple countries and charging fees per successful request.
To combat fake EDRs, Kodex, a startup established by former FBI agent Matt Donahue, aims to help tech companies screen out unauthorized requests by assigning a credit rating to requestors based on their history of submitting valid legal requests. Kodex has reported processing a significant number of EDRs and suspending law enforcement users who fail verification checks.
Despite the efforts to tackle fake EDRs, the prevalence of hacked government email accounts and poor security practices within law enforcement agencies continue to pose risks. Donahue highlighted the need for improved cybersecurity hygiene and better enforcement of security precautions, such as multifactor authentication, to prevent unauthorized access.
In conclusion, the FBI’s warning underscores the importance of enhancing security measures around email systems to combat fraudulent EDRs and protect customer data from cybercriminal activities. Collaboration between law enforcement agencies, government entities, and technology companies is crucial to prevent unauthorized access and misuse of sensitive information.