US Financial Regulator Faces Security Flaw in Bitcoin Announcement
The US financial regulator, known as the Securities and Exchange Commission (SEC), has admitted to a significant security lapse that occurred when hackers posted a fake Bitcoin announcement in January. During a six-month period, a crucial security measure on the SEC’s X account was suspended, allowing unauthorized access to the account.
The lapse in security was attributed to the absence of multi-factor authentication (MFA) when the hackers infiltrated the account. Cybersecurity experts are urging other government agencies to take this incident as a warning to review the security of their social media accounts.
The SEC clarified that although MFA had been previously enabled on the @SECGov X account, it was disabled in July 2023 due to difficulties in accessing the account, and it remained disabled until after the compromise on January 9. The SEC now ensures that MFA is enabled for all its social media accounts that offer this additional layer of protection.
The compromise of the SEC’s account involved a Sim-swapping attack, where a fraudster convinced a mobile operator to transfer an SEC employee’s phone number to a new Sim card. With MFA disabled, the hacker could reset the password, log in, and make a fake post about the SEC approving Bitcoin exchange-traded funds (ETFs). This led to a surge in Bitcoin value to $48,000 before the post was deleted.
Sim-swapping attacks typically involve hackers tricking mobile phone operators into providing a new Sim card for a targeted phone number. MFA is designed to protect against such attacks, providing an additional layer of security through methods like dedicated apps or text message verification.
This incident serves as a reminder of the potential risks associated with security lapses, even in government agencies. The SEC’s acknowledgment highlights the need for robust cybersecurity measures to safeguard against unauthorized access and potential misinformation through compromised accounts.
Source: BBC
https://www.bbc.com/news/technology-68025683