<p><strong>(Reuters) –</strong>The U.S. Securities and Exchange Commission said on Monday that Wall Street’s top regulator was hacked earlier this month on the social media platform X, formerly known as Twitter and that it became a victim of “SIM swapping,” a tactic used by online scammers to take control of phone lines.</p>
<p><img decoding=”async” class=”alignnone wp-image-366929″ src=”https://www.theindiaprint.com/wp-content/uploads/2024/01/theindiaprint.com-what-it-means-when-the-us-sec-says-sim-swapping-was-used-to-hack-its-x-account-sim.jpg” alt=”theindiaprint.com what it means when the us sec says sim swapping was used to hack its x account sim” width=”1010″ height=”673″ title=”What It Means When the US SEC Says "SIM Swapping" Was Used to Hack Its X Account 9″ srcset=”https://www.theindiaprint.com/wp-content/uploads/2024/01/theindiaprint.com-what-it-means-when-the-us-sec-says-sim-swapping-was-used-to-hack-its-x-account-sim.jpg 510w, https://www.theindiaprint.com/wp-content/uploads/2024/01/theindiaprint.com-what-it-means-when-the-us-sec-says-sim-swapping-was-used-to-hack-its-x-account-sim-150×100.jpg 150w” sizes=”(max-width: 1010px) 100vw, 1010px” /></p>
<p>The SEC also said that employees had disabled multi-factor authentication (MFA) six months before the incident and had not reinstated it until after the attack on January 9.</p>
<p>An anonymous individual or people obtained access to the account, making a bogus notice claiming permission had already been given. This caused a brief spike in the price of bitcoin as expectation grew for the agency’s approval of exchange-traded instruments tracking the cryptocurrency.</p>
<p>The next day, the commission approved in a divided vote.</p>
<p>Through the process of getting a phone number transferred to a different device, an attacker may take control of a phone number through SIM swapping.</p>
<p>An SEC representative stated in a statement, “Once in control of the phone number, the unauthorized party reset the password for the @SECGov account.”</p>
<p>The SEC said, without naming the carrier, that law enforcement authorities are investigating how the hackers were able to compel the SEC’s mobile provider to make the change.</p>
<p>Congress has requested answers about how the SEC, which imposes stringent cybersecurity rules on publicly listed businesses, could have allowed itself to be vulnerable to such an assault.</p>
<p>The statement released on Monday also said that in June 2023, SEC personnel requested X Support to deactivate MFA, a further security measure against illegal access, owing to account access issues.</p>
<p>According to the statement, “MFA is enabled for all SEC social media accounts that offer it.”</p>
<p>A request for comment from X was not immediately answered by a spokesperson.</p>
<p>Officials from the U.S. National Institute of Standards and Technology (NIST) told Reuters that although individual U.S. agencies determine their own regulations regarding access to social media accounts, NIST recommendations usually advocate the use of MFA.</p>
<p>According to the statement, the Federal Bureau of Investigation, Department of Justice, Cybersecurity and Infrastructure Security Agency, Commodity Futures Trading Commission, which oversees bitcoin futures, and the SEC’s Office of Inspector General and Division of Enforcement are among the agencies looking into the incident.</p>
