FBI Sounds Alarm: Cybercriminals Hijacking Government Emails to Steal User Data
The Federal Bureau of Investigation (FBI) has issued a global alert to police departments and government agencies, urging them to bolster the security of their email systems. This warning comes in response to an increase in cyberattacks, through which malicious actors gain access to official email accounts and use them to send fraudulent requests for data from major technology companies.
Cybercriminals are increasingly compromising email accounts belonging to law enforcement and government entities, using them to issue Emergency Data Requests (EDRs). These requests bypass standard procedures, allowing access to clients’ personal information without a court order.
EDRs enable investigators to claim that any delay may pose a threat to life, pressuring companies to expedite data release. Many tech giants, such as Verizon, respond to these requests under the circumstances; in 2023 alone, Verizon processed over 36,000 EDR requests.
On cyber forums, services for creating fake EDRs are now openly advertised. A well-known hacker under the alias “Pwnstar” offers such services for $1,000 to $3,000, claiming to have access to email accounts across 25 countries, including India, Brazil, and the UAE.
Some criminals go beyond fabricating requests, selling access to hacked law enforcement and government email accounts, allowing buyers to independently issue data requests to social media platforms and other online services.
To counteract this threat, the company Kodex has developed a request verification system. Founded by former FBI agent Matt Donahue, Kodex enables tech companies to authenticate requests from law enforcement. Over the past year, the system has flagged and rejected 30% of the 1,597 EDR requests processed, identifying them as fraudulent.
According to Donahue, the issue is not confined to foreign nations. Many U.S. police departments are similarly vulnerable due to weak email security and a lack of multi-factor authentication. Hackers continue to exploit phishing attacks and malware to steal credentials.
Amid the rising tide of attacks, the FBI strongly recommends enhancing security protocols and adopting advanced email protection methods. These measures can help prevent the leakage of confidential information and the misuse of client data.
