Brinztech Alert: Google Confirms Fraudulent Account Created in Law Enforcement Portal

Dark Web News Analysis

Google has officially confirmed that a threat actor successfully created a fraudulent account in its Law Enforcement Request System (LERS), a sensitive portal used by police and government agencies to submit official data requests. The company stated that after identifying the fraudulent account, it was disabled and confirmed that “no requests were made with this fraudulent account, and no data was accessed.”

This confirmation comes after the notorious cybercrime syndicate “Scattered Lapsus$ Hunters” claimed on Telegram to have gained access to both Google’s LERS portal and the FBI’s eCheck background check system, posting screenshots as alleged proof. Unauthorized access to these systems is a critical threat, as it could allow criminals to impersonate law enforcement and illegitimately gain access to sensitive user data that is normally protected by legal due process. The FBI has declined to comment on the group’s claims.

Key Cybersecurity Insights

This high-profile incident provides several critical insights into modern threats:

• A Direct Threat to Lawful Data Request Processes: The primary risk is the potential for abuse of the legal data request system. LERS and similar portals are built on a foundation of trust between technology companies and law enforcement. A successful infiltration could allow criminals to submit bogus Emergency Disclosure Requests to obtain sensitive user data by circumventing legal oversight.
• The Work of a Notorious and Persistent Threat Actor: The claim comes from “Scattered Lapsus$ Hunters,” a syndicate linked to some of the most effective social engineering and extortion groups (Lapsus$, Scattered Spider). Their involvement indicates a sophisticated and brazen adversary that is actively targeting the core infrastructure of both major corporations and government agencies.
• A Retaliatory and Taunting Campaign: This action appears to be part of a retaliatory campaign by the threat actors. The group has been publicly taunting Google’s threat intelligence team (Mandiant) since Mandiant was the first to expose their widespread Salesforce-Drift data theft attacks. This indicates the actor’s motives may include reputational damage as much as financial gain.

Strategic Recommendations

The compromise of a law enforcement portal, even without a data loss, necessitates a review of security procedures for all similar platforms:

• Strengthen Identity Verification for Law Enforcement Portals: Technology companies that operate these sensitive portals must implement extremely robust, multi-layered identity verification processes for any official requesting access. Simple credential-based account creation is clearly insufficient.
• Mandate MFA and Audit All Existing Accounts: Access to these portals must be protected by the strongest possible Multi-Factor Authentication (MFA). A thorough audit of all existing accounts should be conducted to identify and disable any that are dormant, suspicious, or cannot be definitively verified.
• Establish Secure Out-of-Band Verification Channels: For all emergency data requests submitted through these portals, tech companies and law enforcement should have a pre-established, out-of-band communication channel (such as a dedicated, verified phone number) to confirm the legitimacy of the request before any data is released.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com