https://www.404media.co/buying-and-selling-hacked-government-emails-edrs-discord-snapchat-facebook-tiktok/ Account * Log in * Subscribe Navigation * Home * About * Thanks * Podcast * Support/FAQ Follow us Twitter Instagram TikTok Facebook RSS Sign in Subscribe * About * Thanks * Podcast * Support/FAQ News Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook Joseph Cox Joseph Cox * Aug 31, 2023 at 1:00 PM Many criminals want access so they can pose as cops and make fraudulent 'emergency data requests' with TikTok, Facebook, Discord, and more top companies. One of the documents shared by the hacker. Image: 404 Media One of the documents shared by the hacker. Image: 404 Media "Howdy Joseph," the July email I got from Zdravko Krivokapic, who was the Prime Minister of Montenegro until last year, read. Obviously, this wasn't actually Krivokapic emailing me. Instead, it was a hacker who had gained access to what seemed to be Krivokapic's personal Gmail account. The hackers proceeded to send me a mass of alleged documents from the government of Montenegro, including some related to the country's Ministry of Finance. Alongside those, the hacker also sent photos of cash, flashy watches, and weapons, which appear to be from the hacker's own collection and not the former Prime Minister's. Beyond wanting to flex their access to Krivokapic's account, the hacker said they might use the compromised email to then target other services, using the former Prime Minster's identity as a cover. It's unclear how successful that attempt may have been, but the brazenness of emailing a journalist from an official's email account did highlight something gaining popularity in the digital underground. Hackers are compromising the email accounts of government and law enforcement officials, selling them on the open market, and in some cases using that access to trick social media giants and other legitimate companies to hand over their customers' data. Desired targets include TikTok, Discord, Snapchat, Facebook, and Instagram. The groups where these email accounts are often advertised include criminals who use personal information to target people for harassment, extortion, or physical violence. The hacker's initial email to me ended with "LOL." Do you know anything else about fraudulent use of EDRs? I would love to hear from you. Using a non-work device, you can message me securely on Signal at +44 20 8133 5190. Otherwise, send me an email at joseph@404media.co. Cybercriminals sell access to these compromised government accounts across a variety of forums and groups chats, especially on the messaging app Telegram. One person who is a reputable seller of personal information on Telegram also claims to be selling such email accounts. One screenshot they shared on Telegram shows an inbox allegedly belonging to a Brazilian municipality; the seller said they are offering accounts for $400 each. In another post and accompanying screenshot, they claimed to have access to an FBI email account. A second apparent seller wrote in one popular Telegram group they are "SELLING INDIAN GOV MAILS, $100 A PIECE, CAN ACCESS FB LAW PANEL/EDR IG/FB ACCS." The post adds they are selling "other third world gov mails" for $50 each. Other messages viewed by 404 Media advertise emails belonging to the governments of Thailand, the UK, Germany, Bangladesh, and Nepal. Subscribe Join the newsletter to get the latest updates. [ ] Success Great! Check your inbox and click the link. Error Please enter a valid email address. Many of the adverts explicitly say that buyers can use these email accounts to then make Emergency Data Requests, or EDRs. EDRs are a common mechanism across social media or tech companies designed to provide user data to law enforcement in high stakes situations. This, for example, might include a child kidnapping, where authorities may need data quickly in an attempt to apprehend a suspect or locate a victim. One Telegram group where government emails are being explicitly advertised as a way to gain access to sensitive user data is focused on physical violence against targets. Here, members can hire one another to perform shootings, stabbings, robberies, and more. Companies each have their own way for handling EDRs, be that a locked-off web portal or a dedicated department to contact. But they typically require anyone requesting data to contact the company from an official government or law enforcement agency email address. That's why these compromised accounts are so valuable to criminals. They allow hackers to tap into a stream of data that is usually off limits, simply by pretending to be a law enforcement officer. In March last year cybersecurity reporter Brian Krebs reported on the rise of fraudulent EDR requests among cybercriminals and pointed to a specific case involving Discord. A day later, Bloomberg reported that Apple and Meta had given up user data in response to such demands. In more recent Telegram messages, 404 Media has seen criminals specifically discuss the ability to make fraudulent EDRs with TikTok, Instagram, Facebook, and GoDaddy. Others have shown interest in targeting Discord and Snapchat. Meta told 404 Media it blocks known compromised accounts from making requests to its dedicated Law Enforcement Response Team (LERT). TikTok confirmed to 404 Media it more commonly sees fraudulent requests from people impersonating law enforcement agencies in foreign countries. TikTok said it has successfully blocked some fraudulent requests, but declined to say whether any have managed to get through. TikTok added it has additional safeguards in place to vet EDRs and tools to protect those requests. A Discord spokesperson told 404 Media in a statement that "Like any company, we are obligated to comply with law enforcement requests. To ensure the legitimacy of requests from law enforcement, we follow thorough guidelines to carefully evaluate them and ensure they come from a genuine source and that they are not overly broad or vague." Snapchat and GoDaddy did not respond to a request for comment. Krivokapic, the former Prime Minister of Montenegro who a hacker appeared to have targeted, did not respond to multiple requests for comment. Update: this piece has been updated with a statement from Discord. Latest posts Viral 'SmashorPassAI' Is Just a Guy Making Hot AI-Generated Women Sep 5, 2023 Viral 'SmashorPassAI' Is Just a Guy Making Hot AI-Generated Women Leaked Email: CBP Tells Airports Its New Facial Recognition Target is 75% of Passengers Leaving the US Sep 5, 2023 Leaked Email: CBP Tells Airports Its New Facial Recognition Target is 75% of Passengers Leaving the US They Deepfaked a Beer: Complex Feelings About a Non-Alcoholic IPA Sep 5, 2023 They Deepfaked a Beer: Complex Feelings About a Non-Alcoholic IPA Tesla, Which Has Fought Repair Constantly: 'Tesla's History of Supporting Right to Repair Is Well-Documented' Sep 5, 2023 Tesla, Which Has Fought Repair Constantly: 'Tesla's History of Supporting Right to Repair Is Well-Documented' Behind the Blog: Why We Stalked a Target Through the NYC Subway Sep 1, 2023 Behind the Blog: Why We Stalked a Target Through the NYC Subway How to Get Into Film Photography (And Why You Should) Sep 1, 2023 How to Get Into Film Photography (And Why You Should) Taiwan Claims Deepfake Audio Is Defaming a Presidential Candidate Sep 1, 2023 Taiwan Claims Deepfake Audio Is Defaming a Presidential Candidate NYC Subway Will Disable 'Feature' That Leaked Trip History After 404 Media Investigation Aug 31, 2023 NYC Subway Will Disable 'Feature' That Leaked Trip History After 404 Media Investigation Unparalleled access to hidden worlds both online and IRL. 404 Media is a new independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox. * About * Thanks * Podcast * Support/FAQ Twitter Instagram TikTok Facebook RSS Join the newsletter to get the latest updates. [ ] Success Great! Check your inbox and click the link to confirm your subscription (c) 2023 404 Media. Published with Ghost.