Tuesday, December 19, 2023

Access to Binance's Law Enforcement Request Panel Is for Sale for $10K

 Binance uses a third-party service called Kodex to validate law enforcement requests.

A bad actor is selling access to Binance’s law enforcement request panel, which provides lawful access to account data, for $10,000 in bitcoin (BTC) or monero (XMR).

Binance provides access via a third-party service called Kodex, commonly used by online financial institutions or social media platforms to validate law enforcement requests and facilitate access.

InfoStealers, a publication covering the Darknet and data breaches, reported that three computers belonging to law enforcement officers from Taiwan, Uganda, and the Philippines were compromised in a global malware campaign in 2023, leading to stolen browser-stored credentials and unauthorized access to Binance’s login panel.

“The reported illicit sale of access to the Law Enforcement Request Portal does not represent a breach of Binance's system. Instead, it may involve compromised law enforcement accounts. With a thorough documentation process in place and constant monitoring for any compromised accounts, we remain committed to safeguarding our user data against any form of unauthorized access,” according to a spokesperson.

The poster that is advertising the data did not respond to a request for comment sent to their account on Breach Forums.

Third-party vulnerability

This sort of attack is becoming increasingly common, and it doesn’t mean that Binance itself has been compromised. Instead, the quality of network security at law enforcement organizations worldwide is the achilles heel.

In 2022, security consultant and journalist Brian Krebs reported on this trend where criminal hackers were targeting and compromising email accounts of police departments and government agencies.

“Some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, Krebs wrote. “The hackers will send a fake Emergency Data Request along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately."

The vulnerability of EDRs to falsification by hackers, due to inadequate verification mechanisms and the vast number of police jurisdictions highlights the urgent need for a more secure and reliable process to handle these requests and mitigate the risks of fraudulent activities, Krebs writes.

In an earlier interview with CoinDesk, Jarek Jakubcek, head of Binance Law Enforcement Training, said his team often encounters fraudulent requests, such as from private investigators posing as police, including one case where a dissatisfied private investigator used a fake domain to mimic an official request for customer data from Binance.

“We are very lucky to have a team of almost 30 ex-law enforcement people because we know how law enforcement requests should look like," he said.

Working on a fix

The Digital Authenticity for Court Orders Act seeks to prevent the illegal use of forged court orders by requiring digital signatures for court-approved surveillance, domain seizures, and content removal.

No comments:

Post a Comment

'Groundhog Day' in Crypto as Bitcoin Again Plunges Following New Record

The world's largest crypto briefly rose above $70,000 Friday, but immediately tumbled about 5% to below $67,000 It's deja vu all ove...