Join our subscribers
CEO on Police are Buying Access to Hacked Website Data
Thursday, July 9, 2020
Tech news site Motherboard obtained webinar slides by a company called SpyCloud presented to prospective customers. In that webinar, the company claimed to “empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice.” The slides were shared by a source who was concerned about law enforcement agencies buying access to hacked data. SpyCloud confirmed the slides were authentic to Motherboard.
Ilia Kolochenko, CEO, ImmuniWeb
The data may then be used for a wide spectrum of monitoring, preventive or investigative purposes.
As a matter of practice, some law enforcement organisations and police units indeed occasionally buy stolen data from various sources. The data may then be used for a wide spectrum of monitoring, preventive or investigative purposes. Its usage, however, rarely becomes official and mostly serves different “in-house” purposes. Therefore, I doubt that Western law enforcement agencies would buy this stolen data from commercial companies or vendors.
These sales statements sound a bit exaggerated and overhyped. In courts of many jurisdictions, the use of stolen, or otherwise unlawfully obtained data or evidence, is expressly prohibited by law.
As for police investigation purposes, normally much of this data may be easily and lawfully subpoenaed from service providers and technology companies for the purpose of an ongoing criminal investigation. Moreover, subpoenaed data will likely be more recent, relevant, and complete, and won’t pose problems for law enforcement officers later if a defendant (hacker) can afford skilled criminal defense lawyers. Read Full Article
TechRepublic: How managed service providers can pose a risk to their customers
teiss: Hackers using MSPs as staging ground to launch ransomware attacks: US Secret Service
