SEC Confirms Their Social Media Account Hacked In SIM Swapping Attack
JAKARTA - The leading financial regulatory authority Wall Street became a victim of "SIM swapping," a technique used by internet fraudsters to take control of the phone, when their account on social media platform X, was hacked earlier this month. This was announced by the United States Securities and Exchange Commission (SEC) on Monday, January 22.
The SEC also revealed that six months before the attack took place, staff had removed an additional layer of protection known as multi-factor authentication (MFA), and did not return it until after the January 9 attacks.
As anticipation increases against the approval of bitcoin-based products traded on the exchange, an unknown person or person has successfully accessed the SEC account, posting a false announcement that approval has been granted, causing the cryptocurrency price spike for a moment. In a split vote, the commission gave approval the next day.
SIM swapping is a technique in which attackers take control of phone numbers by switching them to new devices. "After controlling the phone number, unauthorized parties reset passwords for the @SECGov account," a SEC spokesman said in a statement.
Law enforcement agencies are trying to find out how hackers managed to persuade SEC mobile operators to move numbers, without identifying the operator. Legislators demand an explanation of how the SEC can leave their defenses open against such attacks, whereas they impose strict cybersecurity requirements on publicly traded companies.
SEE ALSO:
Last Monday's statement also stated that due to difficulty accessing accounts, SEC staff had asked for support from X in June 2023 to deactivate MFA, which could provide additional protection against unauthorized access. "MFA is currently enabled for all SEC social media accounts offering it," the statement read.
A representative from X did not immediately respond to a request for comment. US agencies set their own policy on access to social media accounts, but guidelines from the US National Institute of Standards and Technology (NIST) generally encourage the use of MFA, the NIST said.
The incident is being investigated by various agencies, including the SEC Inspector General's Office and its Law Enforcement Division; Commodity Futures Trading Commission, which regulates bitcoin futures; Federal Bureau of Investigation; Department of Justice; and Cybersecurity and Infrastructure Security Agency, the statement said.