The Unauthorized Takeover of the SEC’s Twitter Account: A SIM Swap Attack and the Consequences
3 min read
The U.S. Securities and Exchange Commission (SEC) is an independent federal agency responsible for enforcing the country’s securities laws and protecting investors. In January 2024, the SEC became the latest high-profile victim of a cyber attack, with an unauthorized party gaining access to the agency’s official Twitter account, @SECGov. This incident, which occurred on January 9, resulted in a fake post claiming the SEC had approved the first-ever spot bitcoin exchange-traded funds (ETFs), causing a significant stir in the cryptocurrency market.
The breach of the SEC’s Twitter account was the result of a SIM swap attack. A SIM swap is a type of phone number porting attack where an unauthorized individual obtains control of a phone number, allowing them to receive SMS messages and voice calls intended for the victim. With access to the phone number, the attacker was able to reset the account password and gain full control of the SEC’s Twitter account.
The SEC stated that multi-factor authentication (MFA) had previously been enabled on the account but was disabled by Twitter Support at the staff’s request due to issues accessing the account. Once access was reestablished, MFA remained disabled until the account was compromised on January 9. The agency had the ability to switch two-factor authentication back on for their account but were not reliant on Twitter to do so.
The consequences of the SEC’s Twitter account breach were far-reaching. The fake post, which claimed the SEC had approved the first-spot bitcoin ETF, caused a significant price movement in the cryptocurrency market. Bitcoin prices initially shot up to nearly $48,000, but after the SEC clarified that it had not yet approved the bitcoin ETF, prices fell below $46,000.
Elon Musk, the CEO of Tesla and SpaceX, and a frequent critic of the SEC, mocked the agency after the breach. Musk also retweeted a post from Twitter Safety, which stated that the compromise “was not due to any breach of Twitter’s systems.” Twitter did not immediately respond to CNBC’s questions about whether the platform had continued to cooperate with investigators or whether the company planned to change its design or any features associated with government agency accounts in response to the SEC account breach.
The SEC stated that there was no evidence the unauthorized party gained access to SEC systems, data, devices, or other social media accounts. Instead, the agency said that “access to the phone number occurred via the telecom carrier.” Law enforcement is still investigating both how the individual obtained the carrier to change the SIM for the account and how the party knew which phone number was associated with the account.
The SEC is continuing to work with multiple law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Commodity Futures Trading Commission, the Department of Justice, and the SEC’s own Division of Enforcement.
The SEC hack is a reminder of the importance of implementing robust cybersecurity measures, particularly for high-profile organizations and government agencies. The incident also highlights the need for two-factor authentication and the potential risks associated with SIM swap attacks. As the use of digital platforms continues to grow, it is essential that organizations and individuals take the necessary steps to protect themselves from cyber threats.
In conclusion, the unauthorized takeover of the SEC’s Twitter account was a significant cybersecurity incident that had far-reaching consequences. The breach was the result of a SIM swap attack, which allowed the attacker to gain full control of the account and post a fake message claiming the SEC had approved the first-ever spot bitcoin ETF. The incident caused a significant price movement in the cryptocurrency market and highlighted the need for robust cybersecurity measures and the importance of two-factor authentication. The SEC is continuing to work with law enforcement and federal oversight entities to investigate the incident and prevent similar occurrences in the future.
