Curated Content | Thought Leadership | Technology News

Search
Close this search box.

Sign In

Curated Content | Thought Leadership | Technology News

Hackers Play SIM Card Shuffle with the SEC

No MFA for you.
Emory Odom
Emory Odom
Contributing Writer

The Securities and Exchange Commission (SEC) recently fell victim to a cybercrime incident involving the takeover of their social media account on X. The technique used in this attack was SIM swapping, a persistent and sophisticated cybercrime tactic. This method involves the transfer of a victim’s phone number to another device that the attacker controls.

The incident unfolded when SEC staff discovered that their telecom carrier had transferred control of the cell phone number associated with their social media account to an unknown party. The attacker then reset the account’s password and posted misleading information.

The SEC has clarified that the breach occurred through the telecom carrier and not through a compromise of systems or data. Law enforcement, including the FBI and Justice Department, is currently investigating the case.

Why it matters: This incident highlights the growing sophistication of cybercrime tactics like SIM swapping and underscores the vulnerabilities that even high-profile government agencies face. It also brings into focus the challenges of securing digital communications and the critical importance of robust cybersecurity measures, especially for organizations handling sensitive information.

  • The unauthorized party executed a SIM swap attack to gain control of the SEC’s social media account. This tactic involves transferring a victim’s phone number to a device controlled by the attacker, allowing them to intercept communications and reset passwords.
  • Despite having multifactor authentication enabled on the account, the security was compromised. Intriguingly, the multifactor authentication had been disabled by request of the SEC staff due to access issues, and was only reinstated after the account recovery.
  • The SEC has emphasized that the breach occurred via the telecom carrier and did not involve any unauthorized access to SEC’s internal systems, data, or other social media accounts.
  • The incident has prompted a comprehensive investigation by multiple law enforcement agencies, including the FBI and the Justice Department, to understand the intricacies of the attack and prevent future incidents.
  • The takeover led to the posting of false information regarding the SEC’s stance on bitcoin exchange-traded funds (ETFs) on social media platform X. The incident has caused concern among lawmakers and has raised questions about the SEC’s cybersecurity practices.

Go Deeper -> SEC says X account hack was due to SIM swapping – The Record

Save

Save

Sign in to comment

×
You have free article(s) left this month courtesy of CIO Partners.

About TNCR

Manage My Account

Sign In

Profile

Saved Articles

Explore TNCR

STAY IN TOUCH

NationalCIOReview.com Copyright (c) 2024 All Rights Reserved.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Unlimited Access

Digital Annual

$10.00/ month

Billed Annually

Unlimited Access

Learn More

How Are Leaders Battling the Tech Talent War?
How Are Leaders Battling the Tech Talent War?
In today’s world, companies are facing unprecedented challenges when it comes to retaining employees for the long term.

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters