-
A dark web actor on a popular cybercrime forum is selling access to government and law enforcement email accounts from nine countries, including Malaysia, Argentina, Brazil, Pakistan, and Thailand.
-
Buyers can use compromised gov accounts to submit fraudulent emergency data requests to tech companies, social media platforms, and telecom providers for user information.
-
Security researchers have documented similar offerings of US police department emails for $1,000 each, while Google previously shut down a fake account accessing its Law Enforcement Request System.
An attacker on the dark net has advertised that they can give direct access to government and law enforcement email accounts of various countries for anyone who wants to buy a set of these compromised inboxes.
The seller is claiming that buyers can use these compromised inboxes as a means to send fraudulent requests for official data to various agencies via alternative official channels or private communications.
The criminal posted the advertisement on BreachForums, an established dark net site focused on selling various types of stolen data and hacking tools. The seller has provided a list of the various countries whose accounts are in the advertisement, including Malaysia, Argentina, Brazil, Pakistan, Vietnam, Bosnia, Nigeria, East Timor, and Thailand.
Criminals Can Abuse Trusted Email Domains for Malicious Purposes
Compromised government email accounts carry significant value; usually, many have a lot of trust in such official domains. When a message comes from a .gov address, recipients are far more likely to comply with requests without questioning their legitimacy.
Security researchers have documented similar offerings on dark web markets in recent months. A threat actor using the name “Lucy” previously advertised US police department email accounts for $1,000 each on BreachForums, claiming they could be used to send official-looking communications and submit formal requests to online platforms.
The seller offered a premium service where buyers could pay an extra $500 for a forged identification document to complete the impersonation. The transaction terms required potential buyers to provide proof of funds before seeing any samples, suggesting the operation deals with serious criminals rather than casual browsers.
Fake Legal Requests Pose Serious Risks to Privacy and Security
Attackers can use compromised government email accounts to submit fraudulent emergency data requests to technology companies. These fake demands target telecom providers and social media platforms; notably, these organizations have legal obligations to respond to official law enforcement inquiries.
In a security report, Abnormal Security detailed how compromised .gov and .police accounts enable criminals to request sensitive user data, including IP addresses, phone numbers, and email records.
The report noted that some dark web advertisements specifically instruct buyers to use compromised accounts for submitting “emergency data requests” rather than going through standard legal processes.
In a separate incident, Google confirmed that malicious actors got a fake account to get into Google’s Law Enforcement Request System (LERS), where law enforcement can request user data. Google revealed that they immediately disabled the fraudulent account and confirmed that no data requests were completed via the unauthorized access.
Normally, these systems require legitimate law enforcement credentials to obtain user data. However, when an attacker gets an active government email account, they can take advantage of the urgency of emergency request procedures that allow them to bypass normal verification procedures.
Law Enforcement Agencies Face Growing Threat from Compromised Credentials
The dark web economy for stolen government credentials has expanded significantly. Researchers identified compromised law enforcement accounts for sale from several countries, such as the United States, United Kingdom, Germany, India, and Brazil, showing the global scale of this threat.
Criminals typically obtain these accounts through several methods. Credential stuffing attacks test stolen passwords against government email addresses. Infostealer malware harvests saved login credentials from infected devices, and spear-phishing campaigns trick officials into entering their passwords on fake portals.
Once attackers control these accounts, they gain more than just email access. They can submit fraudulent subpoenas, request social media account data, and even file legal takedown requests for online content. Some dark web listings advertise law enforcement platforms as a means to obtain additional data and a specific selling point.
The authorities indicate concerns about this situation, as the Department of Justice continues to investigate the sale of police databases accessed via dark websites. They reported that the theft of these types of records can endanger both personal privacy and national safety.
INTERPOL has added to these concerns by reporting an increase in the targeting of government facilities through cybercrime. This agency has coordinated the efforts of several different countries to disrupt these criminal enterprises and apprehend the individuals selling unauthorized access to governmental databases.
The threat extends beyond government systems; hackers have also been offering corporate network access and airport system entry for sale, showing that critical infrastructure across multiple sectors is being targeted and monetized on dark web forums.
