Jump to content

Bloomberg: tech giants (practically ALL of them) "duped" into releasing data through fraudulent legal requests which was used to sexually extort minors

Commissar SFLUFAN
 Share

Recommended Posts

Guest

Guest

Posted
Posted
28 minutes ago, Slug said:

I honestly have no idea what the numbers look like on law enforcement abuse of emergency requests.  I'm sure it happens.  Legitimate emergency requests are supposed to be followed up with a full signed order after the fact, to confirm their use.  This story is about unauthorized (non law enforcement) parties scamming that system so that's the angle I'm speaking towards.


That so many fraudulent orders were granted should give a hint at how prevalent the orders generally are. These things aren’t rare at all.

Link to comment
Share on other sites
Slug

Slug

Posted
Posted
7 minutes ago, sblfilms said:


That so many fraudulent orders were granted should give a hint at how prevalent the orders generally are. These things aren’t rare at all.

I know exactly how prevalent the orders generally are.  What I don't know is how many fraudulent orders were granted. 

 

I know that your larger companies receive in the neighborhood of 50-70k lawful requests per year.  Emergency disclosure requests are a fraction of that and presumably Johnny Badguy social engineering a fake emergency request is an even smaller portion of those.  Even one of those false ones being successful is one too many IMO, but we're not talking widespread abuse relative to the number of legitimate orders.

 

If the analysts working for these companies aren't doing verification callbacks before releasing information or doing some other kind of confirmation that the request they received is coming from a legitimate source, then they need better procedures and/or better training.

Link to comment
Share on other sites
Slug

Slug

Posted
Posted
12 minutes ago, Jwheel86 said:

I wonder if the solution would be to build a portal into the NCIC system as a security checkpoint.

It's worth exploring.  Some companies have portals that only verified law enforcement can access to submit requests.  The rub is that you still need to field requests from agents that don't have an account.  There's no legal requirement for officers to use a company's portal while there is a requirement for companies to respond to orders.  Having a central, company agnostic authorization hub that let companies know that the requestor is definitely in law enforcement would be a good thing.  The trick would be getting everyone on board and ironing out liability both in the case of system failures and rejection of requests that come from outside of that portal.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...