Gary Gensler answers lawmakers about X breach and fake Bitcoin ETF approval

Please fol­low and like us:
Pin Share

Gary Gensler, chair of the U.S. Secu­ri­ties and Exchange Com­mis­sion (SEC), has respond­ed to law­mak­ers regard­ing a breach of the SEC’s X account.

On Jan. 9, an unknown actor per­formed a SIM swap attack on the SEC’s X account then pub­lished a false mes­sage stat­ing that the SEC had approved var­i­ous spot Bit­coin ETFs. Though the SEC ulti­mate­ly approved those funds on Jan. 10, the ear­li­est mes­sage was inauthentic.

Gensler said to law­mak­ers in a let­ter:

“I assure you that the SEC takes its cyber­se­cu­ri­ty oblig­a­tions seri­ous­ly. I under­stand that the SEC’s Office of Leg­isla­tive and Inter­gov­ern­men­tal Affairs arranged a brief­ing on Jan­u­ary 17 for your staff con­cern­ing the X inci­dent and address­ing the ques­tions raised in your letter.”

Gensler’s let­ter address­es House mem­bers Patrick McHen­ry, Bill Huizen­ga, French Hill, and Ann Wag­n­er. In addi­tion to com­ment­ing indi­vid­u­al­ly, those House mem­bers wrote a let­ter on Jan. 10 ask­ing the SEC to hold itself to the secu­ri­ty dis­clo­sure stan­dards it impos­es on companies.

The House mem­bers asked the SEC to respond to their request by Jan. 17 — a dead­line that the SEC seem­ing­ly sat­is­fied, giv­en that Gensler report­ed a brief­ing on that date.

In a sep­a­rate Jan. 11 let­ter, Sen­a­tors Ron Wyden and Cyn­thia Lum­mis asked the SEC to begin an inves­ti­ga­tion into mul­ti-fac­tor authen­ti­ca­tion and phish­ing-resis­tant hard­ware tokens (or secu­ri­ty keys) and close any secu­ri­ty gaps. Though an update on that mat­ter was due today, Feb. 12, the lat­est let­ter does not address the sen­a­tors and no oth­er response has been reported.

Gensler says the investigation is still ongoing

In the remain­der of his let­ter, Gensler described a pre­vi­ous­ly known attack time­line and pro­vid­ed an update on inves­ti­ga­tions. He said that law enforce­ment is cur­rent­ly inves­ti­gat­ing how the attack­er had the car­ri­er ser­vice change the SIM asso­ci­at­ed with the SEC’s X account, and how the attack­er iden­ti­fied the phone num­ber asso­ci­at­ed with the SEC’s account.

Gensler was the first to con­firm that the SEC’s X account was com­pro­mised on Jan. 9. He pub­lished a full state­ment on the inci­dent on Jan. 12.

Unlike those ear­li­er state­ments, Gensler’s let­ter to law­mak­ers is not pub­lic and large­ly went unno­ticed until now. The let­ter is dat­ed Feb. 6 and was pub­li­cized by Politi­co on Feb. 8. Var­i­ous sources cir­cu­lat­ed and report­ed on the let­ter more broad­ly today.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.