Black Hat , Events , Fraud Management & Cybercrime

How Hackers Use Emergency Data Requests to Steal User Data

CyberCX's Jacob Larsen on Email Compromise, Doxing, Violence-as-a-Service Attacks
Jacob Larsen, team lead, security testing and assurance, CyberCX

Law enforcement uses emergency data requests to obtain critical information from social media companies and service providers in situations when a subpoena cannot be obtained within time constraints. Adversaries are now manipulating that process to access sensitive data, including "user's full name, residential address, mobile number, and sometimes, message history and payment information," said Jacob Larsen, team lead of security testing and assurance at CyberCX.

See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware

Adversaries hack the request process by compromising government emails and verifying their identity "on different social media platforms, law enforcement portals, or other aggregated platforms where they can submit their own request and then receive that information," Larsen said. "Service providers might discover later on that that request was fraudulent, but by that point it's too late."

Service providers should implement robust verification processes, such as creating an allow list of authorized government employees or introducing a segregation of duties requiring additional approval for data requests, Larsen said. Individuals should take an assumed breach approach to their personal security and secure their accounts with non-SMS-based MFA methods, including authenticator apps or physical tokens, he said.

In this video interview with Information Security Media Group at Black Hat 2024, Larsen also discussed:

  • How adversaries use SIM swapping to intercept one-time passcodes;
  • Legal loopholes that allow doxing platforms to continue operating;
  • Physical threats associated with doxing, such as violence-as-a-service attacks.

Larsen leads a team of penetration testers to execute technical security assessments to secure customer applications and infrastructure. His expertise involves simulating cyberattacks to identify vulnerabilities within client systems and tracking initial access brokers, SIM swappers and doxers.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.