A 25-year-old man from Alabama has recently pleaded guilty to charges related to the hacking of the US Securities and Exchange Commission’s (SEC) social media account in January 2024. Eric Council Jr., hailing from Athens, Alabama, admitted to conspiring with others to gain unauthorized access to the SEC’s official social media account.
The hackers took control of the compromised account to falsely announce that the SEC had approved Bitcoin exchange-traded funds (ETFs). This false information caused a brief spike in the value of Bitcoin, with the price going up by over $1000. However, once the SEC regained control and refuted the claim, Bitcoin’s value dropped by more than $2000.
Council executed a technique known as SIM swapping to hack into the SEC’s account. With the help of stolen personal information provided by his co-conspirators, he created a fake identification card to impersonate a victim with access to the SEC’s X account. By visiting an AT&T store and pretending to be a federal agent, he convinced the staff to transfer the victim’s phone number to a SIM card in his possession. This allowed Council and his associates to reset the credentials on the SEC’s X account and post the fraudulent Bitcoin announcement.
Court documents reveal that Council was paid in Bitcoin and other cryptocurrencies for his role in the scheme. He has pleaded guilty to charges of conspiracy to commit aggravated identity theft and access device fraud, which carry a maximum sentence of five years in prison. His sentencing is set for May 16.
The FBI’s Washington Field Office and the SEC Office of Inspector General are investigating the case, with prosecutors from the Justice Department’s Criminal Division and Fraud Section handling the legal proceedings. The incident underscores the vulnerabilities of high-profile online accounts and the potential consequences of misinformation in financial markets.
The cybercrime also highlights the increasing threat of cyber-enabled financial crimes and emphasizes the importance of robust security measures in protecting official communications. It serves as a reminder of the need for stringent security protocols to safeguard sensitive information and prevent unauthorized access to crucial accounts.