Threat Actor Offers META Law Enforcement Portal Access For Cheap


A threat actor has emerged in the cyber underground, offering the META Law Enforcement Portal access.

This portal, a crucial tool for law enforcement, enables requests for user data such as IP addresses, phone numbers, direct messages, and device information, as well as removing or suspending posts/accounts. 

The alleged META Law Enforcement Portal access comes at a cost of €700. Additionally, all purchases are covered by a 7-day replacement guarantee by the dark web user. 

To further solidify their claims, the threat actors are offering discounts for users who purchase this META Law Enforcement Portal access in bulk. 

META Law Enforcement Portal Access Details: Who is Behind the Operation?

META Law Enforcement Portal Access
Source: Twitter

The threat actor, operating under the pseudonym “Prophet,” is facilitating the sale of the official META Law Enforcement Portal access.

This illicit gateway provides entry to the Subpoena submission portal, allowing the extraction of personal information about any Facebook or Instagram user.

According to the threat actor, this Subpoena information gathering request grants access to a wealth of data collected by Meta. This includes IP addresses, phone numbers, emails, direct messages, deleted posts, device information, and more. 

Notably, the process requires additional submission of forged documents, such as court orders or search warrants, potentially even seizure warrants that might permit account takeover.

Along with the META Law Enforcement Portal access, the dark web user is also offering data requests. This type is reserved for situations where there is a significant risk to human life.

Unlike the Subpoena, it does not necessitate falsified paperwork. However, it comes with a lower success rate and provides less comprehensive information.

As for the last of the service, the user “Prophet” is offering Post Removal/Account Suspension. This request is applicable when a user’s post violates any law. Through this, one can request the suspension of the user’s account or the removal of the offending post.

Rise of similar incidents and experts’ insights

In a conversation with TCE, Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, says that unauthorized access might be a result of either a social engineering attack on Meta or the compromise of legitimate law enforcement credentials.

“I believe it is likely that Meta was social engineered into providing access to the threat actor using their official form. Alternatively, credentials of a law enforcement official may have been obtained by threat actors, which provided them access to the portal”, says Alon.

Moreover, Illicit access to platforms like Facebook and Instagram’s Police Portal carries grave consequences, including breaching user privacy and potentially enabling stalking, identity theft, and fraud.

“This portal’s potential for abuse by threat actors is significant, including unauthorized data requests, enabling harassment and doxxing, fake law enforcement actions, and the risk of identity theft, all of which pose serious privacy and security concerns for users”, added Alon.

These unauthorized access exposes critical cybersecurity vulnerabilities, necessitating costly enhancements. This, in turn, tarnished reputations, impacting user and stakeholder confidence.

In worst-case scenarios, regulatory scrutiny and fines may follow, and cooperation with law enforcement may dwindle, hindering public safety efforts. 

This META Law Enforcement Portal access echoes a growing trend in the cyber underworld, where cybercriminals are peddling access to various corporate networks.

Once inside, malicious actors can deploy malware, steal sensitive data, and disrupt operations. Of particular concern is the potential for a domino effect, where access to one network could lead to a cascade of intrusions into partner and supplier networks.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link