Our Daily Breach 2024/10/18

Today's breach features the organization that the Company is intimately familiar with. The Company, when publicly traded, is required to report all cybersecurity incidents to this organization. But what happens with that organization itself is hacked and starts spreading lies on the internet?

Alabama man Eric Council, age 25, uses a lot of names online. He goes by “Ronin,” “Easymunny,” and my personal favorite: “AGiantSchnauzer". In all likelihood, Eric (referred to as COUNCIL) is going to get a new moniker from his inmate # courtesy of the Alabama State correctional facilities.

Eric has been indicted for his role in the January 2024 takeover of the U.S. Securities and Exchange Commission’s (SEC) Twitter which was used to falsely announce that the SEC had approved listing Bitcoin ETFs.

While this is currently all allegations, the evidence on our wayward Ronin should be a concern to his legal team. Notably when you have to explain these internet search history results:

While AGiantSchnauzer sits & stays for his sentencing, you can read the full press release from the US Attorney General here.

One thing worth pointing out is the impact. The SEC did approve a Bitcoin ETF the next day following the hijacked post. Of all the things Eric (allegedly) could have done with control of the SEC account, American investors should be grateful it was just that one post, which turned out to be true a priori.

If antyhing should be closer examined here, it's the SEC opsec.What kind of signal does it send that the institution that is designed to protect consumers and regulate the market didn't turn on multifactor authentication (MFA)?