Buy Access to Binance's Law Enforcement Request Panel for $10K

• Access to Binance's Law Enforcement Panel Auctioned for $10,000 in Crypto
• Compromised Access to Enforcement Panel
• Third-Party Vulnerability
• Need for a More Secure Process
• Efforts to Counteract the Issue

Access to Binance's Law Enforcement Panel Auctioned for $10,000 in Crypto

A member of the Breach Forums is reportedly selling access to Binance's law enforcement request panel for a hefty sum of $10,000 in cryptocurrency. The reported access appears to originate from breached email accounts linked to law enforcement authorities, a frequent security weakness in such systems.

Compromised Access to Enforcement Panel

An unidentified individual is marketing access to the law enforcement request panel of Binance, that allows lawful access to account information, at a cost of $10,000 in either bitcoin (BTC) or monero (XMR). Binance facilitates access through a third-party service named Kodex, typically employed by online financial institutions or social media platforms to authenticate law enforcement requests and grant access.

InfoStealers, a media outlet that reports on the Darknet and data breaches, revealed that in 2023, three computers belonging to law enforcement officers in Taiwan, Uganda, and the Philippines were compromised in a global malware attack. This led to stolen browser credentials and unauthorized entry to Binance's login panel. Neither Binance nor the individual selling the data responded to requests for comments.

Third-Party Vulnerability

Such types of attacks are on the rise, but it doesn't imply that Binance has been directly compromised. Instead, the security of the networks at worldwide law enforcement organizations seems to be the weak link. In 2022, security consultant and journalist Brian Krebs shed light on this growing trend, wherein cybercriminals are actively targeting and breaching the email accounts of police departments and government agencies.

According to Krebs, some malefactors have uncovered that companies receiving these Emergency Data Requests (EDRs) have no quick and easy method to verify their legitimacy. Utilizing their illegal access to police email systems, hackers will send a phony EDR along with an attestation that the requested data should be provided immediately due to potential severe harm or death to innocent people.

Need for a More Secure Process

The potential for hackers to fabricate EDRs, owing to insufficient verification procedures and the vast number of police jurisdictions, underscores the pressing need for a more secure and reliable process to handle these requests and reduce the risk of fraud, Krebs notes.

In a previous dialogue with a source, Jarek Jakubcek, the head of Binance Law Enforcement Training, disclosed that his team frequently encounters bogus requests. These have included private investigators pretending to be police, and even an instance where an unsatisfied private investigator used a fake domain to mirror an official request for Binance customer data.

Efforts to Counteract the Issue

The Digital Authenticity for Court Orders Act aims to prevent the unlawful use of fabricated court orders by mandating digital signatures for court-approved surveillance, domain seizures, and content removal. This bill was proposed in the Senate but has remained stagnant since July 2021. It is important to note that this bill would only cover the U.S., leaving out tens of thousands of other global law enforcement agencies.

Edited by Jonathan Stoker