FB pixel

US’ SEC disables MFA, falls to fraud attack

Categories Access Control  |  Biometrics News
US’ SEC disables MFA, falls to fraud attack
 

A pair of events, one nefarious and the other seemingly innocuous, allegedly combined to allow the takeover of a U.S. government regulator’s X account.

Someone reportedly was able to perform a SIM swap on a Securities and Exchange Commission phone account January 9.

Complicating the situation, SEC staff in July decided to temporarily disable multi-factor authentication on the agency’s X account to deal with problems staff were having accessing the account.

MFA was not restored until after the January 9 SIM swap attack.

That means the X account was unprotected for whoever swapped the SIM card and changed the access password.

It is not known who pulled off the attack, but there was at least one fraudulent post on @SECGov: the bogus announcement that the SEC signed off on spot bitcoin exchange-traded funds.

The government is still collecting information on both incidents, but as of January 22, investigators could find no evidence that someone “gained access to SEC systems, data, devices, or other social media accounts,” according to an agency statement.

The SIM swap occurred using the SEC’s telecommunication carrier systems and not SEC systems. The carrier has not been named.

It is not known how someone persuaded the telco to alter the card or how the person knew which phone number was on the account.

The American government’s top cybersecurity bodies urged IAM developers and vendors to strengthen MFA implementations to protect against hacks late last year.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

EU watchdog rules airport biometrics must be passenger-controlled to comply with GDPR

The use of facial recognition to streamline air passenger’s travel journeys only complies with Europe’s data protection regulations in certain…

 

NZ’s biometric code of practice could worsen privacy: Business group

New Zealand is working on creating a biometrics Code of Practice as the country introduces more facial recognition applications. A…

 

Demonstrating value, integrated payments among key digital ID building blocks

Estonia has achieved an enviable level of user-centricity with its national digital identity system through careful legislation and fostering collaboration…

 

Strata Identity launches uninterrupted identity services product

There are a few things that can be more annoying than your office computer logging you out of applications because…

 

Digital identities shaking up identity verification industry: Regula

The arrival of digital identities is shaking up how companies operate and verify identities. Regula has published a survey with…

 

Digital ID for air travel is DPI that could lift Africa’s economy, HID argues

As the African continent experiences economic growth and increasing global integration, the potential for enhancing air travel through improved digital…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events