| Why are tech giants so defensive against hacker attacks?
The world's top technology companies, even will be deceived? On Wednesday, local time, Bloomberg broke the news that in mid-2021, Meta and Apple had been deceived by hackers to obtain user data, including home address, phone number and IP address and other information.
Andy Stone, a Meta spokesperson, said: "We reviewed every data request and used advanced systems and processes to verify the authenticity of the law enforcement request. Discord, a social media platform that was also deceived this time, also said that they had checked the request and did not expect that the real mailbox was a dummy behind it.
It is reported that the giants were deceived because hackers put on the vests of law enforcement officers. The hackers first attacked the emails of law enforcement departments, issued emergency data requests to Apple, Meta, Snap and other companies, and then paired with the words "can't wait for the judge's order, because they encountered a life-and-death emergency problem" that people could not refuse, and successfully cheated the user data.
Generally, it is routine for law enforcement to ask tech companies for data for criminal investigations, which requires a court subpoena and search warrant, but can be exempted from emergencies involving serious personal injury or death. The "emergency" has thus become a major loophole for hackers to break through technology giants.
It is worth mentioning that hackers have a mature underground chain of intrusion into the mailbox of law enforcement departments, and it is not easy to solve. Gene Yoo, CEO of cybersecurity firm Resecurity, said: "In dark web stores, law enforcement email accounts can be sold along with accompanying cookies and metadata for prices ranging from $10 to $50. "If this part of the problem cannot be solved, no matter how hard Apple and other companies work, they may be invincible in the face of hacker attacks."
Attacks on tech giants such as Apple began last January, and now the leaked data has been used to launch harassment actions, and information could be used for financial fraud and so on. Unfortunately, similar scams are often only known after the fact, "and this behavior poses a significant threat to the entire tech industry." Discord Group Manager Peter Day said.
At present, Apple and Meta have reported the situation to the relevant authorities.
Surprisingly, the investigation found that the 7 members of the hacking group Lapsus$ that broke apple and Meta were all minors, and the leader was a 16-year-old teenager in the United Kingdom, code-named White, who suffered from autism. According to the BBC, the teenager has amassed $14 million in property through hacking operations.
Source: Ten wheel net
Before Apple and Meta, the hacking group had also attacked Microsoft, Samsung, Nvidia, and often sought access to the internal systems of some large companies on Telegram, and sometimes voted on fans to ask which company to attack next. Because of its high profile and repeated successes, Lapsus$ became famous. As of March 30, Lapsus$ had nearly 50,000 Telegram subscriptions.
The group's leader, White, was reportedly recently arrested in Oxford, England. White's father said in an interview: "I didn't hear about it until recently, he never mentioned it, I always thought he was playing games by fiddling with his computer. ”
A
As tech companies that hold massive amounts of user data, Apple and Meta have a proven approach to emergency data requests.
Apple said that after receiving an urgent data request, they may contact the law enforcement officer who made the request and ask them to prove that the request is legitimate, "provided it is sent from the official email of the requesting agency." ”
Meta also wrote on its website: "Depending on the circumstances, we may voluntarily disclose information to law enforcement if we have good faith reasons to believe that the matter involves an imminent risk of serious personal injury or death." ”
Jared Der-Yeghiayan, former head of cyber programs at the Department of Homeland Security, said: "Companies like Meta and Snap operate their own portals for law enforcement to send legal requests, plus email addresses that can receive requests 24 hours a day. ”
"In most cases, any formal review can be bypassed and no court supporting documents are required. Moreover, there are tens of thousands of police jurisdictions around the world, of which about 18,000 are in the United States alone, and all that a hacker needs to succeed in succeeding is illegal access to a police email account. Cybersecurity expert Brian Krebs said.
In the second half of last year, Apple received a total of 1162 urgent requests from 29 countries, meeting 93% of them. In the first half of last year, Meta received a total of 21,000 urgent requests, of which 77% were answered.
The hacking group Lapsus$'s forged emergency request looks fairly compliant. According to Bloomberg, hackers may have found some legitimate request documents by disrupting the email system of law enforcement, and forged fake documents and fake signatures according to the pattern.
Standardized documents, sent from the official mailbox, with an urgent tone, this time Apple and Meta are so recruited, according to the current foreign media reports, it is not clear how much data they have leaked.
Allison Nixon, chief research officer at cybersecurity investigative firm Unit 221B, said: "It is currently difficult to find a potential solution to a bogus legal request sent from a hacked law enforcement email system. ”
In response to the matter, Meta responded: "At present, we have blocked known stolen accounts, prevented them from making requests, and cooperated with law enforcement agencies to deal with incidents involving fraud. According to Krebs on Security, a spokesperson for Snap, another affected company, said the company has taken precautions to step up detection of fraudulent requests from law enforcement.
In the face of hacking attacks, the giants also seem to be helpless.
B
Lapsus$ was spotted last December for attacking the computer systems of brazil's health ministry when they stole 50tb of data, including vaccination information for Brazilian citizens. Soon, they attacked a Portuguese media outlet, becoming one of the biggest cybersecurity incidents in Portuguese history.
The infamous Lapsus$, through Telegram to publish statements and recruit companions, often issued trailers saying that it would "make a big news", and even hung up which company to attack next for fans to vote, Vodafone (Vodafone), T-Mobile and other companies are prominently listed.
But not much is known about this organization. According to Wired, it's a loose team. Brett Callow, a threat intelligence analyst at security software firm Emsisoft, said: "They don't behave like experienced cybercriminals. "Others speculate that the group is based in South America because their first few activities were aimed at Brazil.
They usually get access credentials from employees through recruitment, etc., obtain data or source code through remote control, and then post messages on Telegram and threaten to extort companies.
After White's fallen peers exposed their names, addresses and social media photos and revealed that his net worth exceeded 300 bitcoins (nearly $14 million), Bloomberg followed those clues to find White's home, a modest house 5 miles from Oxford University, where reporters chatted with his mother for about 10 minutes through a doorbell intercom system. During the conversation, his mother said she was unaware of the allegations against her son, but she mentioned that the family had suffered a lot of harassment as a result of the information being leaked.
As the mastermind of Lapsus$, White is a 16-year-old who attends a special school in Oxford, UK, due to autism. Interestingly, in Latin, Lapsus refers to inadvertent mistakes in speaking and writing.
According to Bloomberg, cybersecurity researchers have been tracking White for nearly a year and regularly inform law enforcement of crimes. "In the middle of last year, before he was fleshed, we confirmed his identity." Nixon said.
Shortly before being arrested, Lapsus$ also announced on Telegram: "We may take a break for a while, we may take a holiday until March 30, 2022, thanks for understanding, we will come up with some strong materials as soon as possible." ”
C
Although Lapsus$ was not established for a long time, it did a lot of things. Nvidia was the first tech giant they successfully attacked.
On Feb. 23, Nvidia admitted to a hack that paralyzed Nvidia's mail system and development tools for nearly two days.
Lapsus$ proudly claimed what they were doing, claiming to have 1TB of NVIDIA's vital stats, as well as the email addresses and passwords of 71,000 NVIDIA employees.
Lapsus$ carries the data, asking NVIDIA to "remove the restrictions on mining functions in all 30 series graphics card drivers", asking Nvidia to "open source graphics drivers", and then saying that they will package and sell this information for $1 million. Lapsus$ gave Nvidia an ultimatum to open source GPU drivers for Windows, MacOS, and Linux systems.
NVIDIA tried to encrypt data remotely, cut off the Lapsus$ intranet and other self-help methods, but in the end because Lapsus$ had a backup, it was not successful.
A few days later, Lapsus$ shifted his position and said to fans, "Don't look at NVIDIA, come in and see Samsung." They hacked Samsung's source code, and even Qualcomm, which cooperated with Samsung, could not hide from it.
After Samsung, Lapsus$ attacked Microsoft, game maker Ubisoft, online commerce platform Mercado Libre, technology company Okta and others.
In fact, the relationship between tech giants and hackers is quite delicate: tech giants want to prevent hackers from sneaking attacks, and at the same time hope that they can use them for their own use.
It is worth mentioning that hackers also have a distinction between evil and non-evil. In 2020, hackers were rewarded with $75,000 for finding iPhone vulnerabilities, which are white hat hackers who protect network security, and black hat hackers on the contrary.
White hat hackers are important allies for tech companies. Some employees of Tencent Security Joint Lab have been nominated for Pwine Awards equivalent to white hat hacking, and Ma Jie, general manager of Baidu security, has introduced def CON, a world-famous hacking conference, to China.
Usually, black hat hackers earn more than white hat hackers. According to the first financial report, the three hackers who created the "panda burning incense" virus earned 30 million yuan in three months, while the annual salary of security researchers at bat three Internet companies was about one million. This is one of the reasons why many black hat hackers are desperate to take risks.
From the perspective of the giants, recruiting them under their wing is a better solution, but what else can Apple and Meta do for a group of underage and difficult children?
Resources:
1. Apple and Meta provide user data to hackers who falsify legal requests, Bloomberg
2. Cyber researchers suspect that the hacking organization mastermind is a minor, Bloomberg
3. Oxford minor accused of being a cybercriminal, BBC
4. Apple and Meta share data with hackers masquerading as law enforcement officials, The Verge
5. Apple has also become a victim of cybersecurity, hackers disguised as law enforcement agencies to obtain user data, the Financial Associated Press
6. [Revealed] Chinese hackers: The income of white hats and black hats is very different, FIRST Finance
7. The hacker who punched Nvidia and kicked Samsung, ready to start making trouble again, bad reviews