Binance uses a third-party service called Kodex to validate law enforcement requests.
Binance provides access via a third-party service called Kodex, commonly used by online financial institutions or social media platforms to validate law enforcement requests and facilitate access.
InfoStealers, a publication covering the Darknet and data breaches, reported that three computers belonging to law enforcement officers from Taiwan, Uganda, and the Philippines were compromised in a global malware campaign in 2023, leading to stolen browser-stored credentials and unauthorized access to Binance’s login panel.
“The reported illicit sale of access to the Law Enforcement Request Portal does not represent a breach of Binance’s system. Instead, it may involve compromised law enforcement accounts. With a thorough documentation process in place and constant monitoring for any compromised accounts, we remain committed to safeguarding our user data against any form of unauthorized access,” according to a spokesperson.
The poster that is advertising the data did not respond to a request for comment sent to their account on Breach Forums.
This sort of attack is becoming increasingly common, and it doesn’t mean that Binance itself has been compromised. Instead, the quality of network security at law enforcement organizations worldwide is the achilles heel.
In 2022, security consultant and journalist Brian Krebs reported on this trend where criminal hackers were targeting and compromising email accounts of police departments and government agencies.
“Some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, Krebs wrote. “The hackers will send a fake Emergency Data Request along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.”
The vulnerability of EDRs to falsification by hackers, due to inadequate verification mechanisms and the vast number of police jurisdictions highlights the urgent need for a more secure and reliable process to handle these requests and mitigate the risks of fraudulent activities, Krebs writes.
In an earlier interview with CoinDesk, Jarek Jakubcek, head of Binance Law Enforcement Training, said his team often encounters fraudulent requests, such as from private investigators posing as police, including one case where a dissatisfied private investigator used a fake domain to mimic an official request for customer data from Binance.
“We are very lucky to have a team of almost 30 ex-law enforcement people because we know how law enforcement requests should look like,” he said.
Working on a fix
The Digital Authenticity for Court Orders Act seeks to prevent the illegal use of forged court orders by requiring digital signatures for court-approved surveillance, domain seizures, and content removal.
This bill has been introduced in the Senate but hasn’t moved forward since July 2021. However, this bill would only cover the U.S. and not the tens of thousands of other law enforcement agencies around the world.
BY: Sam Reynolds
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.