Google Confirms Fraudulent Account Created in Law Enforcement Portal
Summary:
The cybercriminal group, "Scattered Lapsus$ Hunters," recently claimed on Telegram to have gained access to both the FBI's eCheck background check system and Google's Law Enforcement Request System (LERS) platform, which is used by law enforcement agencies to submit legal requests for user data. Google has responded to the claims, noting that the hackers were able to create a fraudulent account in the LERS portal. On a good note, Google states that no requests were made with the fraudulent account, nor was data accessed. The account has since been disabled by Google.
Security Officer Comments:
Google’s LERS and the FBI's eCheck system are used by law enforcement agencies to submit subpoenas, court orders, and emergency disclosure requests. Although the FBI has yet to comment on the claims, access to the FBI’s eCheck system could lead to the manipulation of background checks and enable the theft of personal and criminal records, allowing actors to conduct identity fraud. In the case of Google’s LERs, if the attackers had been successful in their attempt to make requests, it could have led to the exposure of private user data, the compromise of ongoing law enforcement investigations, and the potential for malicious data requests.
Link(s):
https://www.bleepingcomputer.com/ne...nt-account-created-in-law-enforcement-portal/
The cybercriminal group, "Scattered Lapsus$ Hunters," recently claimed on Telegram to have gained access to both the FBI's eCheck background check system and Google's Law Enforcement Request System (LERS) platform, which is used by law enforcement agencies to submit legal requests for user data. Google has responded to the claims, noting that the hackers were able to create a fraudulent account in the LERS portal. On a good note, Google states that no requests were made with the fraudulent account, nor was data accessed. The account has since been disabled by Google.
Security Officer Comments:
Google’s LERS and the FBI's eCheck system are used by law enforcement agencies to submit subpoenas, court orders, and emergency disclosure requests. Although the FBI has yet to comment on the claims, access to the FBI’s eCheck system could lead to the manipulation of background checks and enable the theft of personal and criminal records, allowing actors to conduct identity fraud. In the case of Google’s LERs, if the attackers had been successful in their attempt to make requests, it could have led to the exposure of private user data, the compromise of ongoing law enforcement investigations, and the potential for malicious data requests.
Link(s):
https://www.bleepingcomputer.com/ne...nt-account-created-in-law-enforcement-portal/