Doxers Posing as Cops Are Tricking Big Tech Firms into Sharing People's Data

https://www.wired.com/story/doxers-posing-as-cops-are-tricking-big-tech-firms-into-sharing-peoples-private-data/

32•iamnothere•2h ago

Comments

ro_bit•1h ago

> But officers can also make emergency data requests, or EDRs, in cases involving a threat of imminent harm or death. These requests typically bypass any additional verification steps by the companies who are under pressure to fulfill the request as quickly as possible.

How do companies decide which EDRs to fulfill and which ones require a judicial subpoena? Are companies ever even under the obligation to fulfill an EDR?

tdeck•1h ago

Maybe they type ASDF or donut:

https://www.texasstandard.org/stories/flock-safety-cameras-h...

> So in a lot of the searches that we reviewed, we had about 500,000 to take a look at. We found the word “investigation” – or variations of the word “investigation” – or “suspect” a lot with really no details about what the investigation pertained to or what the suspect may have done.

> A lot of searches also just listed gibberish, like “ASDF” – that’s the sequence of letters in the center row of your computer keyboard. Or just said that they were there for random checks. We even found a search that just said “donut” or that didn’t say anything at all.

OsrsNeedsf2P•1h ago

> “This was an email address that looked like the real thing,” says Exempt, explaining the mechanics of how he tricked Charter Communications. “The real domain of the Jacksonville Sheriff’s Office in Florida is jaxsheriff.org. We purchased jaxsheriff.us and then spoofed our number as the department’s, so that when we called them to verify receipt of the legal process, when they searched the number, it would come back to the sheriff’s office, giving them no reason to doubt it. We use real badge numbers and officer names as well.”

I'm honestly impressed. It's an interesting situation where the companies can only verify the same information that the hackers have access to

ghssds•1h ago

> The real domain of the Jacksonville Sheriff’s Office in Florida is jaxsheriff.org. We purchased jaxsheriff.us

This would not be an issue if RFC 1480 had been taken seriously.

mh-•1h ago

"No problem, Deputy Smith. I'll call you back at your listed number now to complete your request."

What am I missing? Not doing this is negligent. Same advice we'd give to phishing targets.

ngcc_hk•1h ago

Still not heard of people pretending ice, kidnapping then ransom. Strange?

wmf•1h ago

This same kind of hack was mentioned in Mr. Robot nine years ago and it isn't fixed. https://www.theverge.com/2016/9/7/12835320/mr-robot-hack-rep... (Back then it was fax-based.) I'm not surprised but I am annoyed that we can't fix this.

domoregood•2m ago

For everyone else who's getting "You’ve read your last free article" like me:

https://archive.is/RltXf

GitHub Is Down

ChatGPT 5.2 Tested: How Developers Rate the New Update (Another Marketing Hype?)

Catland, the Louis Wain Archive

The state of the kernel Rust experiment

Pdf-sign – Adobe-compliant PDF signing with GPG Agent

Shaping the future of AI from the history of Transformer [2024]

The state of the kernel Rust experiment

React Is Rainbow Colored

Crowd-sourced comparison of USB security tokens

AI Can Write Your Code. It Can't Do Your Job

Musk's Mars mission adds risk to red-hot SpaceX IPO

EZ File Changer – Private, client-side image converter

Ozempic Turned a 1970s Hit into an Inescapable Jingle (2024)

Firefox Version 146.0

Can't take setting up another bucket for images

Switzerland Engineered the Perfect Country [video]

The New Allowance

Show HN: Zootopia OC Maker – Create Zootopia-Style Original Characters with AI

Is Prompt Engineering Dead? Only If You're Still Prompting Like It's 2023

Ask HN: How do you manage curl commands in your workflow?

Music Algorithms Failed Us

Show HN: ADK-Rust: a Rust Implementation of Google Agent Dev Kit

There is no data-generating distribution

Satya Nadella demos an app he built [video]

Marco Rubio: No more woke fonts

Democratic states sue Trump administration over new $100k fee for H-1B visas

Writing a Type-Safe Linux Perf Interface in Zig

Google and Apple roll out emergency security updates after zero-day attacks

Unitree Debuts Robot "App Store"

Show HN: Browser4 – an open-source browser engine for agents and concurrency

Doxers Posing as Cops Are Tricking Big Tech Firms into Sharing People's Data

Comments

GitHub Is Down

ChatGPT 5.2 Tested: How Developers Rate the New Update (Another Marketing Hype?)

Catland, the Louis Wain Archive

The state of the kernel Rust experiment

Pdf-sign – Adobe-compliant PDF signing with GPG Agent

Shaping the future of AI from the history of Transformer [2024]

The state of the kernel Rust experiment

React Is Rainbow Colored

Crowd-sourced comparison of USB security tokens

AI Can Write Your Code. It Can't Do Your Job

Musk's Mars mission adds risk to red-hot SpaceX IPO

EZ File Changer – Private, client-side image converter

Ozempic Turned a 1970s Hit into an Inescapable Jingle (2024)

Firefox Version 146.0

Can't take setting up another bucket for images

Switzerland Engineered the Perfect Country [video]

The New Allowance

Show HN: Zootopia OC Maker – Create Zootopia-Style Original Characters with AI

Is Prompt Engineering Dead? Only If You're Still Prompting Like It's 2023

Ask HN: How do you manage curl commands in your workflow?

Music Algorithms Failed Us

Show HN: ADK-Rust: a Rust Implementation of Google Agent Dev Kit

There is no data-generating distribution

Satya Nadella demos an app he built [video]

Marco Rubio: No more woke fonts

Democratic states sue Trump administration over new $100k fee for H-1B visas

Writing a Type-Safe Linux Perf Interface in Zig

Google and Apple roll out emergency security updates after zero-day attacks

Unitree Debuts Robot "App Store"

Show HN: Browser4 – an open-source browser engine for agents and concurrency