January 23, 2024 at 02:59PM
The SEC’s X account was compromised in a SIM-swapping attack, leading to a Bitcoin ETF message and federal inquiries. The SEC admitted disabling multi-factor authentication in July 2023. SIM swapping is difficult to defend against, involving social engineering and exploiting vulnerabilities in telecom APIs. Investigations into the incident are ongoing by various agencies.
From the meeting notes, I’ve extracted the following key points:
1. The SEC’s X account was compromised due to a SIM-swapping cyberattack which allowed threat actors to take control of the phone number associated with the account.
2. Multi-factor authentication (MFA) protections on the X account were intentionally disabled by SEC staff in July 2023, and remained disabled until reenabled after the account was compromised on January 9.
3. The compromise of the SEC X account on January 9 led to the temporary spike in the value of Bitcoin.
4. Federal legislators have called for inquiries into the incident and investigations are underway by agencies including the SEC Inspector General, FBI, DoJ, and CISA.
5. SIM swapping is challenging to defend against, as it involves social engineering and exploiting publicly exposed APIs.
This summary captures the most important details from the meeting notes for further action or analysis. Let me know if you need any additional information or assistance.