Fighting Fake EDRs With ‘Credit Ratings’ for Police
On April 20, DataBreaches reported claims that a security researcher had been scared away after threat actors allegedly obtained his details from Twitter by using a fraudulent Emergency Data Request. Twitter has yet to respond to numerous inquiries from the media as to whether that actually happened, but there is no doubt that fake law enforcement requests can pose a serious risk to privacy and security. While DataBreaches’ April 20th post focused on the risk to journalists and researchers, William Turton had a frightening report on Bloomberg this week: Hackers Have Been Sexually Extorting Kids With Data Stolen From Tech Giants.
Yesterday, Brian Krebs reported on a firm that aims to help companies evaluate emergency law enforcement requests by developing a form of reputation scores for requesters. You can read more about the firm and its approach at KrebsOnSecurity.com.
This is clearly a problem in need of a solution — a solution that doesn’t require so much extra time that lives may be lost, but that also makes it harder for criminals to obtain user data from big firms.