AdGuard Blog: When power meets lack of oversight: bad cop uses data-combing software in sextortion scheme

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Indiscriminate data collection and rampant surveillance are bad, but they are the only way to catch the scum of the earth, such as terrorists and sexual predators — that’s what every government tells its people, more or less. We learn to accept this as a compromise and become complacent enough to entrust our data to social media, which in turn can share these data with law enforcement. In any case, as good citizens, we have nothing to worry about, nothing to hide — no skeletons in the closet, no suspicious search history, right?

Cop gone rogue

Unfortunately, history has shown time and again that if the opportunity for mass surveillance and data collection exists, it can be abused in a multitude of ways, and the most innocent can find themselves in the crosshairs. A case that saw a US police officer, armed with a potent data-gathering tool, gaining access to multiple womens’ Snapchat accounts and blackmailing them is another illustration of that.

Former US police detective Andrew Wilson pleaded guilty this summer to one count of conspiracy to cyberstalk women. This week he was sentenced to 30 months in prison and 120 hours of community service for this and another unrelated offense. Now details have emerged about how exactly he committed the crime. Wilson used his law enforcement access to a tool called Accurint to dig up information about the victims. Accurint is a data aggregation platform by LexisNexis that offers detailed profiles on millions of Americans by pulling in data from both public and non-public sources. This information may include names, addresses, emails, phone numbers, employment history, license plates, real property records, criminal records and social media information. LexisNexis’s Social Media Locator tool, available to Accurint users, claims to “scan millions of websites — including hundreds of social networking sites — and the deep Web to uncover information on individuals and any businesses or organizations with which they may be associated.”
Keeping the guard up

Governments and corporations alike justify mass data collection by saying that it is for the greater good. They argue that it helps them uncover leads, thwart crimes, and punish violators much faster. They also argue that there are checks and balances in place that prevent those with bad intentions from tapping into this giant pool of personal data. However, in reality, not all cogs in that massive surveillance machine will have the public’s best interest at heart. Some of them will be corrupt and willing to abuse their position out of self interest.

And the more power tech giants and government agencies that collect data will amass, the harder it will become to check it. Some can argue that rogue individuals are not representative of the whole system. But one bad apple spoils the whole barrel. Besides, when there’s one, there are many.

Considering the state of things as they are, lulling yourself into a false sense of security is a bad idea. You may not be a digital or a real life outlaw, a billionaire or an A-list celebrity and think that you’re of no interest to the police or hackers. Such an assumption is comforting, but wrong. In reality, everyone is at risk. And the problem is not limited to social media. Big corporations that store massive amounts of client data can leak it as a result of a breach. And it apparently does not take a rocket scientist to cause one, as the story of Lapsus$ group hacking exploits has shown.

We may blame third parties for mishandling our data, but it’s also our responsibility to keep our data safe. There are a few cardinal rules to follow, such as creating a strong password, enabling multi-factor authentication, and taking advantage of known security tools, including anti-virus software and VPNs. You may also want to install an ad blocker and use DNS filtering software to limit the amount of data collected about you.

However, even if you follow every digital hygiene rule down to a T, learn how to dodge phishing traps etc, there is no guarantee that a person you’re messaging with will be as vigilant as you are and as protective of their own and your data. So, it’s pruddent to make sure your family and friends are also aware of the risks.

Still, perhaps the most important rule is to think twice before sharing something on social media — the internet rarely forgets (and forgives). Someone can dig up your old social media post and try to ruin your career 10 years later, who knows? At least we have seen it happen before. It does not mean you should log off for good, but it’s always better to keep your guard up.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top