Robin’s Newsletter #291

14 January 2024. Volume 7, Issue 2
SEC Twitter account compromised; used to swing Bitcoin price. Pro-Ukraine group launches retaliatory attack on Russian ISP.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

SEC’s Twitter account was compromised, posted ‘approval’ of Bitcoin EFTs

  • The US Securities and Exchange Commission (SEC) suffered an embarrassing incident this week when the regulator’s X/Twitter account was compromised. The attackers used their access to make legitimate-sounding posts about the regulator approving the used of BitCoin exchange-traded funds (EFTs). The unauthorised post caused the value of the cryptocurrency to rise.
  • An X spokesperson said the social network’s investigation concluded that the cause of the incident was an “unidentified individual” gaining control over a phone number associated with the @SECGov account, which “did not have two-factor authentication enabled at the time”. The disclosure surprised some analysts, though there is no love lost between Musk and the SEC
  • SEC chair Gary Gensler, who has made cyber security a key priority for the SEC, disavowed the post and confirmed the compromise about 10 minutes later.
  • Market manipulation like this is a potential way for criminals to make returns that may significantly outstrip scamming an individual or ransoming an organisation.
  • POP QUIZ: How much did the BitCoin price swing by? A) 0.5%, B) 2.5%, C) 17% (answer below)

Pro-Ukraine group launches retaliatory attack against Russian ISP

  • A pro-Ukraine group called Blackjack has claimed responsibility for an attack against Russian ISP M9com. The group says that it is a direct response for the December attack by Russia against Ukraine telco Kyivstar (vol. 6, iss. 51). In a message to Telegram, Blackjack claimed to have disrupted M9com’s services, stolen confidential data, and defaced the company’s website.
  • Screenshots posted by the hacktivist group show deleting file servers and backup devices, wiping configurations, and M9com’s public key infrastructure dashboard.
  • Blackjack may be related to the Security Service of Ukraine (SBU).

Interesting stats

30% reduction in global trust and safety staff at X/Twitter, with  80% reduction in engineers dedicated to trust and safety issues, since Elon Musk’s takeover of the social media company, according to Australia’s eSafety Commissioner, who is fining X for failing to report how it is meeting rules concerning child sexual exploitation and abuse material.

1 million virtual servers were spun up by a 29-year-old Ukrainian man to mine $2 million in cryptocurrency. The cryptojacking individual was arrested following a Europol operation.

Other newsy bits / in brief

And finally

  • The price of BitCoin swung by 2.5% following the unauthorised announcement that the SEC had approved BitCoin EFTs. (return). 

  Robin's Newsletter - Volume 7

  Securities and Exchange Commission (SEC) Twitter Bitcoin Cryptocurrency Cryptojacking Market Manipulation M9com Ukraine Russia Sandworm Kyivstar eSafety AirDrop China Censorship Critical Infrastructure Supply Chain Ivanti Juniper Pulse Secure Internet of Things (IoT)