The Federal Bureau of Investigations (FBI) has issued a warning to police and government agencies regarding the need to enhance the security of postal systems. This warning comes in light of the increasing number of cyber attacks, where attackers are gaining access to official postal addresses and using them to send false data requests to large technological companies.
Cybercriminals are targeting postal addresses of police and government agencies to send out emergency data requests (EDR). These requests bypass official procedures and allow access to personal information without the need for a judicial order.
By claiming that delay in responding to EDR requests can pose a threat to life, investigators are pressuring companies to quickly provide data. Companies like Verizon processed over 36 thousand EDR checks in 2023 due to such pressure.
There are reports of cybercriminals offering services to create fake EDR requests for a price. “Pwnstar,” a notorious hacker, is advertising services for $1000-3000, claiming access to mail accounts from various countries including India, Brazil, and the UAE.
Some criminals are not only sending false requests but also selling access to hacked mail accounts and government agencies. This enables buyers to independently request data from social networks and other online platforms.
To address this issue, KODEX has developed a request verification system. Established by former FBI agent Matt Donahu, Kodex helps technological companies verify the authenticity of police requests. In the past year, the system rejected 30% of 1597 processed EDR queries, identifying them as fake.
According to Donah, the vulnerability to such attacks is not limited to foreign countries. Many American police departments are also at risk due to weak protection of postal accounts and lack of multi-factor authentication. Hackers are utilizing phishing attacks and malware to steal data.
Given the rise in cyber attacks, the FBI is urging agencies to strengthen security measures and implement modern methods to safeguard mail systems. This is essential to prevent the leakage of confidential information and protect customer data from being misused.