惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
IT之家
IT之家
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Y
Y Combinator Blog
博客园 - 【当耐特】
The Cloudflare Blog
宝玉的分享
宝玉的分享
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Visual Studio Blog
小众软件
小众软件
博客园_首页
Last Week in AI
Last Week in AI
J
Java Code Geeks
V
V2EX
雷峰网
雷峰网
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
博客园 - 司徒正美
Engineering at Meta
Engineering at Meta
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
云风的 BLOG
云风的 BLOG
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
T
The Blog of Author Tim Ferriss
N
Netflix TechBlog - Medium
F
Full Disclosure
B
Blog
H
Help Net Security
C
Check Point Blog
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
L
LangChain Blog
P
Proofpoint News Feed
D
Docker
Microsoft Security Blog
Microsoft Security Blog

The Register - Security

Are we human? MyPillow must decide whether to be firm or soft as ransomware crims demand pay Experts pour cold borscht on Farage's Russian hack claim AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Techie claims Trump Mobile website was leaking thousands of people's data Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Microsoft open-sources agentic AI safety tools Are we human? America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shai-Hulud copycat worm infects yet another npm package MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data To gain root access, intruder just had to ask AWS patched Quick auth bypass, says customers weren't using control Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files US bank reports itself after slinging customer data at 'unauthorized AI app' Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime 'CopyFail' attackers start cashing in on Linux flaw ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Singapore boffins get diverse SIEMs singing in harmony Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots Home Office adds £216M to travel doc contract before bids FBI: China's hacker-for-hire ecosystem 'out of control' UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Critical cPanel, WHM flaw probs exploited as 0-day, pros say ORNL builds more sensitive GPS interference detector Microsoft patch fell short. New Windows flaw exploited Fooling large language models just keeps getting simpler Wiz hands GitHub AI-aided bug report that isn Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Cybersecurity professional getting more work and less pay Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning Intel expects AI inference to drive demand for its CPUs Open source models can find bugs as well as Mythos Researchers find sabotage malware that may predate Stuxnet Attackers could disable all of a city's public EV chargers Age checks could turn internet into an ID checkpoint, complains Proton CEO If malware via monitor cables is a matter of national security, this might be the gadget for you France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Scot becomes second Scattered Spider-linked crook to plead guilty in US Just like phishing for gullible humans, prompt injecting AIs is here to stay Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Server-room lock was nothing but a crock Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Autovista blames ransomware for service disruption French cops free mother and son after crypto kidnapping UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents No honor among thieves as 0APT threatens rival ransomware gang Krybit Fake Linux leader using Slack to con devs into giving up their secrets Booking.com warns of possible reservation data exposure NHS pays £46K to prep next Microsoft licensing round China wants AI to prepare school lessons and mark homework Anthropic's Mythos has The Kettle crew curious, skeptical Two different attackers poisoned popular open source tools Hungary officials used weak passwords exposed in breach dump CPUID hijacked to serve malware as HWMonitor downloads Unpacking AI security 2026 from experimentation agentic era Microsoft locks out top open source devs, blames process NHS Scotland-linked domains push pr0n and illegal streams Iran cyber actors disrupting US water, energy facilities, FBI warns Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns AI agents found vulns in this Linux and Unix print server Don't glamorize cybercrims, roast them instead Trump wants to take a battle axe to CISA again and slash $707M from budget
London's police asked Big Tech for comms data over 700,000 times last year
Amaar Chowdhury Amaar Chowdhury · 2026-05-20 · via The Register - Security

London’s Metropolitan Police – the UK’s largest police force – asked tech companies to give officers access to private communications data over 700,000 times in 2025 alone, according to figures obtained by The Register under the Freedom of Information Act.

These statistics expose the monitoring of everyday platforms like takeaway delivery services, and also show a massive surge in the force's surveillance of the users of low cost MVNO LycaMobile. Additionally, our FoI exposed the acquisition of data from encrypted messaging services designed to offer privacy.

Since 2024, the Met says that it has obtained communications data (CD) from Proton’s privacy-focused mail service users 139 times. CD is not messaging content, but metadata. In Proton’s case, this could include account payment details and, in some instances, IP addresses.

Although Proton did not dispute these figures, a spokesperson told us: "Proton does not transmit data directly to any foreign law enforcement agencies," adding that it operates under a “strict legal framework” so all requests must go through the Swiss authorities.

Requests for data that don’t meet Proton’s legal and human rights requirements are refused, which it has an "established practice" of doing, according to the spokesperson.

The Met also claims that it has acquired data results from ProtonVPN, although the non-profit says this is "highly dubious and inconsistent with our technical reality [...] because Proton VPN does not log user activity, there is no data to provide," referring El Reg to its transparency report.

“We engage with every request in good faith, but we simply cannot hand over what we do not collect,” Proton said.

The Met’s data also suggests encrypted messenger Signal has provided data once since 2024. But this is also, apparently, contrary to records that the non-profit holds.

A spokesperson told us: “Signal collects very little data about its users to begin with and publishes the requests we respond to at signal.org/bigbrother. We have not shared any user data in response to a legal request originating from the United Kingdom.”

If data was shared by Signal it could only include phone numbers, when the account was created, and when the user last accessed the platform.

When queried about the denials by both Proton and Signal, the police force said it couldn’t comment on the specifics of how it acquired the data.

The Met Police says that all companies “have a legal obligation” to cooperate with officials thanks to the powers of the Office for Communications Data Authorizations (OCDA). The OCDA is now a part of the Investigatory Powers Commissioner’s Office (IPCO), which monitors the select public authorities, law enforcement agencies, and government departments with the power to acquire comms data.

But there’s some fog around authorizations for the police, according to Dr Bernard Keenan, a law lecturer and surveillance researcher at University College London: “When it comes to communications data and metadata, it’s seen as a less severe intrusion than intercepting or accessing the content of a message, and so while the police need an authorization to get it, the decision is delegated to designated senior officers. So it’s something that the police can do operationally, more-or-less autonomously.”

Sources compromised

In 2024, the year of the most recent IPCO annual report, it was found that these authorizations to all law enforcement agencies affected lawyers 219 times and journalists on 157 occasions. This came with a caveat: “Most [CD] applications relating to sensitive professionals were submitted because the individual had been a victim of a crime.”

While CD does not contain message content itself, there remains a risk that contacts such as a journalist’s sources could be disclosed.

Also in the report is the revelation that in 2024, 106 warrant applications were issued to specifically identify journalists’ sources, and under these separate powers, the request could also include the communications content itself.

There’s no requirement to inform sensitive professionals they have been targeted in this way, and while ordinary law enforcement agencies need to seek a judge’s approval, intelligence and security spies are exempt from this.

Tim Dawson, freelance organizer at the National Union of Journalists - who also convenes the International Federation of Journalists’ working group on surveillance - said: “UK legislation lays down clear guardrails for law enforcement agencies obtaining communications data, and includes protections specifically for journalists.”

But he continued: “The NUJ does not consider these are sufficiently robust. More disturbingly, however, it is clear that they are sometimes ignored – just look at the cases around the attempted prosecution of Barry McCaffrey and Trevor Birney.”

These two journalists were unlawfully spied on by the Met and Police Service Northern Ireland to identify the source of allegedly stolen police documents used in a documentary about paramilitary killings during the Troubles. 

The police had claimed that information revealed in the film had breached the Official Secrets Act. 

McCaffrey and Birney used judicial review [PDF] to challenge the police action and the court ruled that the searches were unlawful.

'The digital border is expanding through policing'

In 2025, the number of requests sent by the Met to MVNO LycaMobile increased by almost 500 percent year-on-year, rising from 15,702 to 93,527. This drastic spike was totally absent for other British network providers such as Vodafone, O2, Three, and Lebara.

Considering LycaMobile’s focus on cheap overseas calling, and the likelihood of foreign nationals using its service, concerns have been raised that this data could be used for a crackdown on immigration.

Fizza Qureshi, chief executive of Migrants’ Rights Network, a charity that researches the digital hostile environment, said: “A 500 percent surge in data requests from the Metropolitan Police to a network used largely by migrants and racialized people makes clear that the digital border is expanding through policing.”

This checks out, considering the Home Office recently said immigration enforcement officers can now, under the Border Security, Asylum, and Immigration Act 2025, rifle through the mouths of undocumented migrants to search for hidden SIM-cards — as part of new powers granted to seize phones and gather digital intelligence.

The new powers came into force last year in December, despite legal reviews finding procedural unfairness of such searches. In 2022, a High Court ruling found the Home Office’s controversial seizure and retention of over 2,000 migrants’ mobile phones was unlawful.

“Migrants and racialized people are singled out for surveillance that would never be tolerated elsewhere,” according to Qureshi. “They are treated as acceptable subjects for intrusive monitoring, from phone records to delivery routes. This marks part of a wider trend of pre-emptive criminalization of migrants and racialized people and is an enormous infringement of our right to privacy.”

While a Met spokesperson denied any indication that the increase was specifically related to immigration crime, they offered a pretty milquetoast example that an increase in requests to a specific mobile operator could have been due to its increased popularity. 

If this were the case, Lycamobile would have needed to have grown its users from an estimated 2 million to 10 million for the surge to be consistent.

LycaMobile did not respond to The Register’s queries.

Additionally, Counter Terrorism Policing (CTP) – a part of the Met – started a procurement process for software for a Communication Exploitation Data Tool last year. Some of the requirements listed on the procurement notice were to process data from Uber rides and deliveries to be used for “intelligence analysis.”

At the time of publication, it read:

The solution must support importing and process data from multiple file formats, including but not limited to; CSV, ANPR data, Drone Data, Zipcar records, Uber Ride Data, Uber Eats delivery Data.The supplier's solution should be zero deployment and accessible via a browser to be suitable.

It’s understood the requirements for the project have now changed. When asked for further details, including if a supplier has been found, a CTP spokesperson told The Register: “We previously confirmed a routine tender process to procure software, however further details on systems and their use will not be made publicly available.”

This is not surprising given the operational secrecy around national security tech; or, in this case, takeaway delivery surveillance.

Dr Keenan explained: “It’s what the government wants the police to be doing: bringing in these capacities to synthesize multiple different data points to use them effectively and to have these powerful surveillance technologies.”

The Met Police requested data from ride and food delivery services Uber, Bolt, JustEat, Deliveroo, and Dominos Pizza a sum total of 768 times in 2025.

Hundreds of delivery drivers were arrested last year in a spate of immigration enforcement operations, not long after gig economy firms pledged to use facial recognition checks and fraud detection tech to clamp down on illegal working.

In response to all of the findings and questions posed by El Reg, a Met spokesperson said: “Every year the Met makes thousands of requests for communications data from a wide range of companies and telephone providers. The information provided helps our officers gather intelligence, solve crimes and find missing people.” ®