A poster on Breach Forums is advertising access to Binance’s law enforcement request panel for $10,000 in crypto.
Access to this panel seems to be from compromised email accounts belonging to law enforcement officials, a common vulnerability in these systems.
A bad actor is selling access to Binance’s law enforcement request panel, which provides lawful access to account data, for $10,000 in bitcoin (BTC) or monero (XMR).
Binance provides access via a third-party service called Kodex, commonly used by online financial institutions or social media platforms to validate law enforcement requests and facilitate access.
InfoStealers, a publication covering the Darknet and data breaches, reported that three computers belonging to law enforcement officers from Taiwan, Uganda, and the Philippines were compromised in a global malware campaign in 2023, leading to stolen browser-stored credentials and unauthorized access to Binance’s login panel.
Binance did not immediately respond to a request for comment.
The poster that is advertising the data did not respond to a request for comment sent to their account on Breach Forums.
Third-party vulnerability
This sort of attack is becoming increasingly common, and it doesn’t mean that Binance itself has been compromised. Instead, the quality of network security at law enforcement organizations worldwide is the achilles heel.
In 2022, security consultant and journalist Brian Krebs reported on this trend where criminal hackers were targeting and compromising email accounts of police departments and government agencies.
“Some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, Krebs wrote. “The hackers will send a fake Emergency Data Request along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately."
The vulnerability of EDRs to falsification by hackers, due to inadequate verification mechanisms and the vast number of police jurisdictions highlights the urgent need for a more secure and reliable process to handle these requests and mitigate the risks of fraudulent activities, Krebs writes.
In an earlier interview with CoinDesk, Jarek Jakubcek, head of Binance Law Enforcement Training, said his team often encounters fraudulent requests, such as from private investigators posing as police, including one case where a dissatisfied private investigator used a fake domain to mimic an official request for customer data from Binance.
“We are very lucky to have a team of almost 30 ex-law enforcement people because we know how law enforcement requests should look like," he said.
Working on a fix
The Digital Authenticity for Court Orders Act seeks to prevent the illegal use of forged court orders by requiring digital signatures for court-approved surveillance, domain seizures, and content removal.
This bill has been introduced in the Senate but hasn’t moved forward since July 2021. However, this bill would only cover the U.S. and not the tens of thousands of other law enforcement agencies around the world.