The US Securities and Exchange Commission (SEC) recently fell victim to a cyber attack when hackers employed a SIM swapping technique to gain control over its social media account. This article provides a comprehensive overview of the hack, including the events leading up to it, the methods employed by the hackers, the response from the SEC, and the ongoing investigation.
The Hacked Announcement
On January 9, a tweet from the @SECGov Twitter account announced the approval of a highly anticipated bitcoin exchange-traded fund (ETF). However, SEC Chairman Gary Gensler promptly responded on his personal account, confirming that the SEC’s account had been compromised and that the announcement was false.
Timeline of the Hack
The unauthorized access to the SEC’s Twitter account occurred shortly after 4:00 pm ET on January 9th. Upon identifying the incident, the SEC staff took immediate action by deleting the hackers’ post, acknowledging the breach, and contacting Twitter (formerly known as X) to terminate the unauthorized access.
SIM Swapping Method Used
In a Monday update, the SEC disclosed that the hackers employed a SIM swapping technique to gain control over the @SECGov account. The attackers manipulated the telecom carrier into transferring the phone number associated with the account to a SIM card in their possession. With the compromised phone number, the hackers were able to reset the password for the Twitter account.
Disabled Multi-Factor Authentication (MFA)
Investigations into the incident revealed that multi-factor authentication (MFA) had been disabled for the @SECGov account by X support since July 2023. It was disabled due to previous issues faced by SEC staff in accessing the account. The lack of MFA became a vulnerability exploited by the hackers during the attack.
The SEC emphasized that the hack did not occur through its own systems, and there is no evidence to suggest that the attackers gained access to SEC systems, data, devices, or any other social media accounts. This indicates that the breach was limited to the Twitter account and did not compromise the agency’s internal network.
Collaboration with Law Enforcement
Immediately following the incident, the SEC contacted law enforcement and has been fully cooperating in the ongoing investigation. The authorities are working to determine how the unauthorized party convinced the telecom carrier to change the SIM associated with the account and how they obtained knowledge of the associated phone number.
Investigation Focus
The primary focus of the investigation is to uncover the methods employed by the hackers to manipulate the telecom carrier and change the SIM card linked to the SEC’s Twitter account. Additionally, investigators are working to determine how the attackers were able to identify the specific phone number associated with the account.
The recent hacking of the SEC’s Twitter account using the SIM swapping technique highlights the growing sophistication of cybercriminals and the need for stringent cybersecurity measures. Despite the breach, the SEC has confirmed that its internal systems and data remain secure. The incident serves as a reminder for organizations to prioritize the protection of their social media accounts, even if they are not directly linked to their internal networks. By collaborating with law enforcement and taking appropriate actions, the SEC is actively working to identify and bring the hackers to justice.