A malicious actor claims they have a “KodexGlobal” account, allowing them to issue Emergency Data Requests (EDRs) to several major crypto and social media platforms.
News
An online hacker is claiming they have access to a law enforcement request account, “KodexGlobal,” allowing buyers to “subpoena” user information from the likes of Coinbase, Binance, Chainlink, and many other firms.
According to a blog updated on Feb. 4, cybercrime solutions provider Hudson Rock re[p, the hacker is selling access to the law enforcement request system account on BreachForums — selling the complete account for $5,000 or $300 per Emergency Data Request (EDR).
Services that the hacker claims to be able to make EDRs for include LinkedIn, Discord, Tinder, Binance, Coinbase, Chainlink, SendGrid, and many others.
Screenshot from post on hacker forum. Source: Hudson Rock
KodexGlobal is a platform used for secure communications between law enforcement agencies and regulators. Hackers with access to such a law enforcement account could request personal data about a platform’s users by falsely claiming legal reasons for the request.
The abuse of the system could lead to identity theft, extortion, and financial loss for users, especially those holding crypto assets, it noted.
Cointelegraph reached out to KodexGlobal for comment.
According to Hudson Rock, the hacker “very likely” gained access to law enforcement systems by exploiting credentials obtained from Infostealer Infections. These are often gained by compromised computers owned by law enforcement officers.
“Today, Hudson Rock researchers identified over 50 different sets of credentials for Google’s law enforcement system from various Infostealer infections,” said Hudson Rock.
New Blog Post:
Hacking of Google, TikTok, and Meta Law Enforcement Systems as a Result of Infostealer infectionshttps://t.co/PS2t0ZuNif
— Hudson Rock (@RockHudsonRock) January 31, 2024
In December, the firm reported that a hacker was attempting to sell access to Binance’s law enforcement portal through KodexGlobal.
It posted a screenshot showing three computers reportedly infected by global malware-spreading campaigns in 2023, resulting in compromised credentials.
The three logins shown in the image with access to Binance’s login panel appeared to belong to compromised law enforcement officers in Taiwan, Uganda, and the Philippines. However, it did not confirm any Binance system breaches, user data, or crypto thefts.
At the time, KodexGlobal dismissed it as a “scam,” though Binance reportedly confirmed they were aware of “such access,” according to the firm.
Read more: How it all went down: Web3 protocol mass phishing campaign timeline
In a separate incident, Binance has recently refuted a report claiming a “highly sensitive” cache of internal passwords and code had been exposed on GitHub for months.
On Feb. 5, the firm reiterated that there was no such leak from Binance and that user accounts remain safe.
Our security team has assessed this – as they do all potential threats – and have confirmed there is no such leak from Binance systems. User accounts remains safe.
Accounts are secured through many defenses, including MFA, biometrics, authenticators, etc.
As always, we…
— Binance Customer Support (@BinanceHelpDesk) February 4, 2024
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks