Apple Inc reportedly submitted user data to hackers after they pretended to be law enforcement officials in mid-2021. Entities familiar with the situation gave their statement regarding the occurrence. They stated that the tech giant gave in basic subscriber details owing to fake “emergency data requests.”
Reports on the matter specify how such data requests generally require a search warrant or subpoena which is signed by a judge. The people familiar stated how without a warrant, these requests are normally not provided. However, ’emergency requests’ of this sort do not necessarily come with a court order.
Facebook-parent, Meta, along with Apple, was also involved in providing user data to hackers. In fact, even Snapchat reportedly received a similar request from the hackers which were also forged. However, it is not still clear if the social media company gave in the requested information.
Details from the report:
When approached for a comment of the situation, the spokesperson from Apple referred to one of the sections from their law enforcement guidelines. It states that Apple may contact the supervisor or legal agent for confirmation. They would require to confirm that the ’emergency request’ was indeed ‘legitimate.’
Additionally, the report also stated how the cybercrime organisation ‘Recursion Team’ could possibly be responsible for the forged legal requests. Moreover, some of them could be minors possibly from the US and the UK. Cybersecurity researchers also believed that one of them could be the mastermind for the LAPSUS$ hacking group. This extortion group was responsible for hacking Samsung, Nvidia and Microsoft recently.
Chief research officer, Allison Nixon, of the cyber firm Unit 221B defended the two companies. She spoke in favour of Apple’s and Facebook’s teams handling law enforcement. Nixon mentioned how the teams handling the situation, though incorrectly, tried their best. These employees, according to her, have often “saved lives.” This was owing to the legal flexibility they have to quickly address a “tragic situation” approaching a user.
Generally, Facebook and Apple publish data on their compliance with emergency requests seeking data. Apple reportedly received as much as 1,162 of these requests in the second half of 2020, having responded to 93%. Similarly, Facebook got 21,700 requests in the first half of 2021. The social media company submitted the requested data to about 77% of the received requests. Tech and social media companies clearly need to keep check of such requests owing to the increased number of hacking instances.