en
Back to the list

Binance’s Law Enforcement Request Panel: Unauthorized Access Offered at $10,000

source-logo  coinpedia.org 19 December 2023 10:12, UTC

Cybercrime is a big problem threatening our online safety. Recently, hackers linked to North Korea stole over $300 million in a breach. Also, the Ledger Connect hack shocked the crypto market’s safety harness. Now, Binance, the largest crypto exchange, is targeted. Hackers sold access to Binance’s sensitive data for $10,000 in cryptocurrencies like Bitcoin or Monero. This shows how cybercriminals exploit vulnerabilities for profit, risking people’s privacy and security.

What’s the story behind – Compromised Access and Breach Forums

The access, offered on the notorious Breach Forums ad, reportedly originates from compromised email accounts linked to law enforcement officials, illuminating a worrying vulnerability within these systems. The panel, managed by a third-party service named Kodex, is a facilitator for validating law enforcement requests, yet this unauthorized access has jeopardized its integrity.

The breach reportedly stemmed from a 2023 global malware campaign targeting computers belonging to Taiwan, Uganda, and the Philippines law enforcement officers. The compromised systems led to the unauthorized entry into Binance’s login panel, raising concerns about account data security.

Expert’s Addresses the Issue

Although Binance has yet to comment on this breach, this incident doesn’t indicate a direct compromise of Binance’s systems. Instead, it exposes vulnerabilities within law enforcement networks globally. Criminal hackers have exploited the lack of robust verification mechanisms within Emergency Data Requests (EDRs), sending fraudulent requests that mimic legitimate ones.

Security consultant Brian Krebs has highlighted how hackers can exploit this weakness easily. They manipulate police email systems, sending false Emergency Data Requests, potentially jeopardizing individuals’ safety to prompt immediate data provision. In the same way, they hacked the Ledger Connect System by sending a malicious hacking code to users.

While speaking to Coindesk, Jarek Jakubcek, head of Binance Law Enforcement Training, expressed concern over such fraudulent requests, citing an incident where a private investigator posed as law enforcement using a fake domain to request customer data from Binance.

The Call for a Global Solution

Efforts are being made to address these vulnerabilities. The Digital Authenticity for Court Orders Act, introduced in the Senate, aims to prevent the illegal use of forged court orders by mandating digital signatures. However, its jurisdiction is limited to the U.S., leaving a gap in security for numerous law enforcement agencies worldwide.

This breach highlights the critical need for a robust and standardized global system to handle law enforcement requests, ensuring the security and authenticity of sensitive data while protecting individuals’ privacy.

Tags
Binance
coinpedia.org