Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Facebook Google Technology

Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors (bloomberg.com) 34

Major technology companies have been duped into providing sensitive personal information about their customers in response to fraudulent legal requests, and the data has been used to harass and even sexually extort minors, according to four federal law enforcement officials and two industry investigators. Bloomberg: The companies that have complied with the bogus requests include Meta, Apple, Alphabet's Google, Snap, Twitter and Discord, according to three of the people. All of the people requested anonymity to speak frankly about the devious new brand of online crime that involves underage victims. The fraudulently obtained data has been used to target specific women and minors, and in some cases to pressure them into creating and sharing sexually explicit material and to retaliate against them if they refuse, according to the six people.

The tactic is considered by law enforcement and other investigators to be the newest criminal tool to obtain personally identifiable information that can be used not only for financial gain but to extort and harass innocent victims. It is particularly unsettling since the attackers are successfully impersonating law enforcement officers. The tactic is impossible for victims to protect against, as the best way to avoid it would be to not have an account on the targeted service, according to the people. It's not clear how often the fraudulent data requests have been used to sexually extort minors. Law enforcement and the technology companies are still trying to assess the scope of the problem.

This discussion has been archived. No new comments can be posted.

Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors

Comments Filter:
  • The tactic is impossible for victims to protect against, as the best way to avoid it would be to not have an account on the targeted service

    It's not impossible to believe that people have gotten smarter over the years, but it's still sad.

    • Re:Flynn effect (Score:5, Insightful)

      by Pascoea ( 968200 ) on Wednesday April 27, 2022 @05:00PM (#62485266)
      I don't understand who thought it would be a good idea to provide ANY information about their clientele to law enforcement without a court order. That's the fucked up part. Email gets compromised all the time, why would any company be willing to provide any information from an e-mail request with no verifiable backup?
      • by Ocker3 ( 1232550 )
        This is a side effect of the Patriot Act I suspect, because there's no need for a warrant and you're not supposed to tell people that it's happened. Not that these kinds of things didn't happen before the Patriot Act, but it's not helping. There needs to be oversight and tracking, even if it's a special record only accessible by certain kinds of lawyers, but it needs to exist!
      • While a lawyer ought be able to detect these (particularly if they are aware of it), the average joe shmoe tech support worker probably just sees a pdf with what they think is either a court order or some sort of official looking request and think "Well the t's are crossed and the i's are dotted , better comply".

        This partly goes to fault with the company not having the right processes to weed out the bad requests.

        But I'd also argue that parents need to have a conversation with their kids about what is and i

        • by Pascoea ( 968200 )

          This partly goes to fault with the company not having the right processes to weed out the bad requests.

          For sure. Of course, according to the article, they "thoroughly vet every law enforcement request..." (not the exact quote, but I'm far too lazy to go back to the article) But obviously some things will always slip through the cracks. I'm back to my original argument, NONE of this info should be able to be shared without a warrant. Those are way easier to properly vet out.

          But I'd also argue that parents need to have a conversation with their kids about what is and is not a legitimate request...

          100% agree. Too many lives lost to kids thinking there is no way around the rando on the Internet threatening to leak their nudie pi

      • by PPH ( 736903 )

        Better yet, just don't keep logs.

      • Will no-one think of the chiiiilldren? We need backdoors! To protect the chiiiilldren. No wait, we can't have backdoors! To protect the chiiiilldren. The chiiiilldren, the chiiiilldren.
        • by Pascoea ( 968200 )
          I'm a father, of course I think of the children. Yet I also HATE the "think of the children" schtick. When the "TERRORISTS!" line doesn't work it's always the next boogieman to be trotted out.
    • Comment removed (Score:4, Insightful)

      by account_deleted ( 4530225 ) on Wednesday April 27, 2022 @05:02PM (#62485274)
      Comment removed based on user account deletion
      • by Ocker3 ( 1232550 )
        Exactly, poor training and poor leadership. These firms need to be reminded that just letting data go has real world impacts.
  • by AcidFnTonic ( 791034 ) on Wednesday April 27, 2022 @04:32PM (#62485180) Homepage

    I think we need to directly blame law enforcement for needing these capabilities in the first place.

    They protect their own systems better, I can't directly query information about officers files without a badge number and valid account within a police system.

    But our personal data has no such system or protection and even different police departments within the same state use different types of forms such that the recipient has really no way to understand if it's legit or not.

    Every woman raped is directly enabled by the police failure to create a secure system to manage a process they legally require others to follow.

    Straight up f*** the police.

    • Re: (Score:3, Interesting)

      by Pascoea ( 968200 )

      Straight up f*** the police.

      Hell yeah! Get rid of all of them. Once we have nobody chasing the criminals there will be no more criminals!

      They protect their own systems better, I can't directly query information about officers files without a badge number and valid account within a police system.

      From the article (I know, I know. This is Slashdot.) "It starts with the perpetrator compromising the email system of a foreign law enforcement agency."

      • by Pascoea ( 968200 )

        Hell yeah! Get rid of all of them...

        Yes, that was sarcasm.

      • by vbdasc ( 146051 )

        Hell yeah! Get rid of all of them. Once we have nobody chasing the criminals there will be no more criminals!

        There were no criminals in Tombstone, AZ, since certain moment. Because the decent citizens, aided by the Earp brothers, outgunned them.

        Joke, of course.

    • In a kidnapping case quick access to most recent communication/location can be important. The problem is that cops have no perspective. They don't spare a moment's thought about the cost they push on society by not weighing the externalities of not having the delay, considering the priorities of others is not their strong point.

      This happens because the cop wants the data ASAP and can't wait two minutes to have the company call the police station and ask to be connected through for some basic authentication.

  • by NicknameUnavailable ( 4134147 ) on Wednesday April 27, 2022 @04:44PM (#62485204)
    Sure they were. The same people pushing groomer shit were "duped" into sexually exploiting minors. Real believable. /s
  • Familer (Score:4, Insightful)

    by SJ ( 13711 ) on Wednesday April 27, 2022 @04:47PM (#62485218)

    So you're saying that if law enforcement has access to something, then anyone else can get access to it as well? Why does that sound familier?

  • by gurps_npc ( 621217 ) on Wednesday April 27, 2022 @04:55PM (#62485244) Homepage

    Look, if the data brokers give out information to non-police, that is THEIR LEGAL LIABILITY.

    Yes, the police want them bending over backwards to hand out info immediately. Touch crap. The police have to follow laws, and so do the brokers.

    They can NOT just accept someone's word that they are cops. They MUST verify it. If that slows down legitimate police inquires, tough crap.

    Sue the hell out of the data brokers, their 'honest belief' that it was a legitimate request is not a legal excuse. They gave out the info, they are responsible for massive lawsuits.

    One good lawyer winning a million dollar lawsuit will put an end to this crap immediately. As a side effect it will slow down the cops as they have to go through channels rather than just sending a request.

    • "The police have to follow laws, and so do the brokers. They can NOT just accept someone's word that they are cops."

      What makes you think the criminals aren't providing well-faked credentials? For that matter, they may even be providing actual police credentials "accidentally leaked" to them for money. Time and again we've seen police engage in criminal behaviour and get away clean, or with just a slap on the wrist.

    • Isn't there a problem with the police obtaining evidence by illicit means? Doesn't that mean that the defence could throw it out in court?

      I guess there might be other types of evidence, not presented in court, where the police just want some leads. Even then, if there is some misconduct in pursuit of an investigation, I guess a decent defence lawyer could weaken a prosecution case by bringing it up in court.

  • It's probably hard to tell the bad requests from all the thousands of other requests
  • Whether they wear a badge or not.
  • So...what is that ratio?

    And Bloomberg's authoritarian friendly phrasing is enraging.
    "devious new brand"? How about negligence?
  • If there is a simple easy way for law enforcement to get data, there is a good chance it will be exploited - and now it has been. You can imagine technologies that verify the identity of law enforcement, but with rapidly changing technology and processes, that would be very difficult to implement in practice.

    The problem with trading privacy for security is that you end up with neither.

After all is said and done, a hell of a lot more is said than done.

Working...