Criminals are using the FBI’s emergency data requests
I’ve been writing about the problem with legitimate access backdoors in encryption for decades: Once you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too.
It turns out the same it is true for non-technical backdoors:
The advisory says cybercriminals have successfully disguised themselves as law enforcement by using hacked police accounts to send emails to companies requesting user data. In some cases, the requests made false threats, such as claims of human trafficking and, in one case, that an individual would be “severely injured or die” if the company in question did not return the requested information.
The FBI said compromised access to law enforcement accounts allowed hackers to create legal subpoenas that forced companies to release usernames, email addresses, phone numbers and other private information about their users.
Bruce Schneier sidebar photo by Joe McInnis.