An online hacker has asserted that they successfully accessed the law enforcement request account "KodexGlobal," selling the acquired access on BreachForums for $5,000 or $300 per Emergency Data Request (EDR). Cybercrime solutions provider Hudson Rock reported the incident, indicating that hackers are offering services to create EDRs for companies such as LinkedIn, Discord, Tinder, Binance, Coinbase, Chainlink, SendGrid, and more. These services allegedly allow buyers to subpoena user information from the mentioned platforms. Binance clarified that the findings do not represent a breach of their systems and emphasized their commitment to protecting user data with robust documentation processes and ongoing account monitoring.
KodexGlobal serves as a platform for secure communications between law enforcement and regulatory agencies. Access to this platform could potentially allow hackers to request personal data about a company's users by misrepresenting the legal grounds for such requests. Misuse of the system could lead to identity theft, extortion, and financial losses, particularly for users holding cryptocurrency assets. Hudson Rock suggests that the hackers likely gained access to law enforcement systems by utilizing credentials obtained through Infostealer Infections, often acquired from infected computers owned by law enforcement officials.
Hudson Rock researchers identified over 50 sets of Google law enforcement system credentials from various Infostealer infections. The report indicates that the compromised law enforcement systems could have far-reaching consequences, and the hackers may have obtained access to these systems through infected computers owned by law enforcement officials. In a previous incident in December 2023, Hudson Rock reported a hacker attempting to sell access to Binance's law enforcement portal through KodexGlobal. While KodexGlobal dismissed it as a "scam," Binance acknowledged being aware of the access. Recently, Binance refuted a report claiming exposure of a "highly sensitive" cache of internal passwords and code on GitHub, asserting that user accounts remained secure.
