In the context of police investigations involving imminent danger (murder, suicide, kidnapping, etc.), the police often ask digital platforms to provide them with private data. The data transmitted may include the IP, email, physical address and name of the person. This data request procedure is reserved for law enforcement agencies, but hackers are hijacking it to obtain user data. According to Bloomberg, tech giants are regularly victims of bogus legal requests, used to target women and minors.
In some cases, this involves encouraging victims to create and share sexually explicit material, in order to make them “sing” them afterwards, under the threat of reprisals or the dissemination of compromising images.
Data used to extort and harass victims
The attackers manage to impersonate law enforcement agents, which makes it extremely difficult for the platforms not to follow up on the requests. “I know emergency data requests are used every day in real life-threatening emergencies, and it is tragic that this mechanism is abused to sexually exploit children”said Alex Stamos, a former Facebook security chief who now works as a consultant.
Use of this fraudulent method is on the rise
For this computer security specialist, the police should exclusively use their dedicated portals to avoid such abuses. Since emergency requests generally do not include a court order signed by a judge, the platforms generally have no legal obligation to provide data.