American Sentenced to 14 Months in Prison for SEC Account Hack

By Netvora Tech News

---

A 26-year-old American man has been sentenced to 14 months in prison for executing a sim-swap attack that allowed him to take control of the X-account of the US Securities and Exchange Commission (SEC).

SEC Account Compromised

The incident occurred when the SEC announced on X that it had approved the trading of bitcoin ETFs, causing the price of bitcoin to temporarily surge by $1,000. However, once the SEC revealed that the announcement was false due to a compromised account, the price of bitcoin plummeted by $2,000.

Sim-Swap Attack Exposed

The SEC confirmed that its account was compromised by an unknown individual who gained access to a linked phone number through a third-party service. The microblogging platform also revealed that the SEC had not enabled two-factor authentication (2FA) at the time of the breach.

Sim-Swap Methodology

The attacker used a sim-swap technique to gain control of the SEC phone number. This involved swapping the target's phone number with a new SIM card that the attacker controlled, allowing them to receive multifactor authentication (MFA) codes and reset the account password.

Identity Theft and Malicious Activity

Once the attacker gained control of the SEC account, they received personal information and an identity template with the owner's name and photo from accomplices. They then used an "identity printer" to create a fake ID and used it to obtain a new SIM card in a phone store. The attacker then sent the account reset code to accomplices, who posted the malicious message.

Punishment for Sim-Swap Attack

The attacker received a payment in bitcoin for carrying out the sim-swap attack. The sentence is a significant reminder of the consequences of engaging in such malicious activities, and it highlights the importance of enabling robust security measures to prevent similar breaches in the future.