"Ransomware Researchers Are Being Targeted by the Criminals They Track"

Security researchers investigating ransomware gangs are being targeted by the criminals they are trying to track. A hacker, believed to be a member of the Russian cybercrime gang REvil, used a fraudulent Emergency Data Request (EDR) to get information from Twitter about cybersecurity analysts. They have used this information to threaten security researchers and their families. An EDR is a type of subpoena used by US law enforcement agencies. EDRs can be acquired with little in-depth observation or examination, which makes them an attractive component for performing social engineering attacks. Legislation has been drafted to require the requests to come with a digital signature, making them more difficult to forge. According to the former prosecutor with the US Department of Justice, Mark Rasch, many companies, such as Twitter, have a streamlined process for publishing fax or contact information for police to get emergency access to data. However, no real mechanism is defined by most Internet Service Providers (ISPs) or technology companies that tests the validity of a search warrant or subpoena. Louise Ferret, a researcher at the security platform Searchlight Security, points out that successful fraudulent EDRs are commonly sent from hacked official email accounts. Many of the nearly 18,000 police jurisdictions in the US have been breached by hackers. In the last month, three security researchers have been hit with fake EDRs attempting to obtain their contact information and send them threatening emails. One of the targeted researchers revealed she was sent a message threatening that she would face the same fate as Jamal Khashoggi, a Saudi Arabian journalist who was murdered. This article continues to discuss the concept of EDRs, how they are being used to target security researchers, the growing popularity of fake EDRs among hackers, and what is being done to tackle the fraudulent use of EDRs. 

Tech Monitor reports "Ransomware Researchers Are Being Targeted by the Criminals They Track"

Submitted by Anonymous on