The FBI is warning about an uptick in cybercriminals offering fraudulent Emergency Data Requests (EDRs) as a service.
-
The FBI is warning about an uptick in cybercriminals offering fraudulent Emergency Data Requests (EDRs) as a service. Basically, they find police depts in the US and worldwide that have email accounts with poor password hygiene + no 2FA, and then send EDRs as police to Meta, Apple, the mobile carriers etc requesting personal info on targeted accounts. There is no subpoena or court order involved in these EDRs, and they are usually granted quickly.
https://www.ic3.gov/CSA/2024/241104.pdf
It's nice to see this advisory, however ridiculously overdue it is. I've been sounding the alarm about fake EDRs and associated services for some time now.
https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/
https://krebsonsecurity.com/2022/04/fighting-fake-edrs-with-credit-ratings-for-police/
https://krebsonsecurity.com/2022/05/dea-investigating-breach-of-law-enforcement-data-portal/
https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/
https://krebsonsecurity.com/2023/11/id-theft-service-resold-access-to-usinfosearch-data/
