Herd Immunity: Protecting the Kodex Community from Fraudulent Law Enforcement Data Requests

Every day, law enforcement response teams (LERT) within corporations do their best to respond to the significant number of data requests they receive from law enforcement. But they are outnumbered by the volume of requests and the growing number of threat actors. It’s easier to steal confidential information through a fake law enforcement request than trying to hack a corporate network. 

Hiring enough staff to address the volume of requests and scrutinize all law enforcement credentials to ensure their validity isn’t sustainable. Moreover, it would not solve the fundamental problem of companies working in isolation. They don’t have visibility into compromised credentials or fake Emergency Data Requests (EDRs) that have been used to target other companies; LERTs can only see what comes into their company’s dedicated email inbox or through their in-house CRM. And for every fraud they do detect, they do so within the confines of their company–the information they uncover is not shared with other businesses that may also be a target. 

It’s like learning the plumber you hired is a total fraud who stole your copper pipes and even when you get rid of them, they will likely just go on to fool someone else–in fact, they probably already are. If you could warn others about this imposter (or be warned yourself, ahead of time), an entire community would be inoculated against their deception. 

That’s why herd immunity is critical to enabling a sustainable process for identifying fake credentials, EDRs, and other attempts to steal sensitive user data by exploiting vulnerabilities in archaic LERT systems prone to human error. Having a community and platform for exchanging information about police and government officials who submit requests makes it easier for everyone to know who can be trusted at any given moment and act accordingly. 

How herd immunity tackles social engineering at scale 

A secure platform that verifies massive volumes of law enforcement investigators and agencies is the foundation for building herd immunity. Additionally, it must be global, able to detect compromised credentials in real-time, and take action for the entire community of organizations that could be the target of an attack. Given the number of individual law enforcement investigators and agencies operating globally — each issuing local forms of legal process and emergency requests —  it quickly becomes a massive challenge for companies to verify them all.

We knew that when we started Kodex. We also knew that building such a platform was the only way to ensure companies had visibility into all of the compromised or flagged law enforcement requests across the globe - not just the ones they are dealing with. With Kodex, when a law enforcement investigator signs up every customer on our platform knows they’ve gone through rigorous verification before they can submit a request, including multiple rounds of verification to submit EDRs. Our customers don’t have to cross their fingers and hope a request is legitimate, or do their own investigation, which takes time, resources, and expertise most companies don’t have. 

Legitimate law enforcement agents want to be authenticated and verified - it helps streamline the request process and can save valuable time, particularly when an EDR is involved. That's why so many have registered on our platform. Today our global network includes more than 12,000 verified agencies, and over 60,000 verified investigators in more than 180 countries, with more being added every day.

However, herd immunity requires more than volume. It also demands vigilance. A verified government email today could be a compromised email tomorrow, demonstrating a specific type of Business Email Compromise (BEC) called Law Enforcement Email Compromise (LEEC). That’s why, in addition to detailed account verification, we use always-on suspicious account activity monitoring and global threat and signals intelligence to identify compromised law enforcement domains before requests are sent.

Joining the herd can help future-proof your LERT 

When one door closes, another opens, particularly for bad actors who want to steal sensitive data. While corporate networks continue to harden their defenses against intrusion, law enforcement networks are an easy and highly appealing attack vector. Many companies still employ a simple inbound email address accessible to anyone to handle data requests from law enforcement - hardly the most secure channel. Even large companies, who may have an in-house verification solution, are still working in a very dark silo, with limited contextual information about the investigator, agency, and legal justification for the request. This information vacuum is fertile ground for social engineering attacks, including AI-generated fraudulent warrants and identities. In short, the work for LERTs will get harder and more complex as attackers enhance and accelerate their ability to steal data by compromising law enforcement domains.

You can get an in-depth look at this rapidly evolving landscape, the types of threat actors operating within it, and read about actual case studies of bad actors penetrating corporations in our white paper.  Meanwhile, if you’re interested in joining other leading companies who want to protect their users and organizations - and in the process, protect other community members - contact us to learn about signing up for the Kodex platform.