Man admits guilt in SIM-swapping the SEC’s X account
An Alabaman individual has entered a plea of guilty after being accused of SIM swapping the Securities and Exchange Commission’s (SEC) X account in January of the previous year. Eric Council Jr, a twenty-five-year-old, was charged with this crime in October, with allegations from the Justice Department claiming that he was part of a group seeking to manipulate cryptocurrency prices for personal gain. While the department did not disclose the specific motives behind the incident, it reiterated that the price of Bitcoin surged by over $1,000 following the SEC’s account falsely confirming the approval of BTC Exchange Traded Funds.
This decision was eagerly awaited by the markets, and the reaction was immediate when it appeared that the announcement came from then-SEC chair Gary Gensler. However, the price of Bitcoin swiftly plummeted by more than $2,000 per token after the SEC regained control of its account and corrected the false statement. The bogus confirmation was issued on January 9, 2024, and the SEC officially announced the approval of Bitcoin ETFs the next day.
Council’s specific role in the scheme involved utilizing SIM swap techniques to gain unauthorized access to the account, allegedly being compensated with Bitcoin for his actions. SIM swapping is an efficient method often employed to breach accounts protected by SMS-based two-factor authentication (2FA). Notably, this technique has been used in significant cyber-attacks, like the ransomware incident targeting MGM Resorts and associated with groups like the Scattered Spider gang.
In this scenario, Council was reported to have generated a counterfeit version of the SEC X account holder’s identity document using confidential data provided by other group members. By presenting this fraudulent ID at an AT&T store in Huntsville, he acquired a SIM card connected to the victim’s account. Council then bought a new iPhone from an Apple store to receive the victim’s 2FA codes, which were subsequently forwarded to his associates.
Ultimately, the schemers were responsible for exploiting the markets, with Council focusing on SIM swapping. However, post-incident activities indicated a level of concern regarding law enforcement investigations. Council’s Google searches included topics such as ‘SECGOV hack’ (@SECGov corresponds to the SEC’s X account), ‘Telegram SIM swap,’ and inquiries about FBI investigations, identity theft statutes, and deleting a Telegram account – suggestive of paranoia following the incident.
Council confessed to conspiracy to commit aggravated identity theft and access device fraud, awaiting sentencing on May 16.
