Hacking Incident and Arrest
The FBI has arrested a 25-year-old Alabama man, Eric Council Jr., for his alleged involvement in hacking the Securities and Exchange Commission’s SEC’s X account earlier this year. The hack was part of a scheme to manipulate the market and promote bitcoin. Council was charged with conspiracy to commit aggravated identity theft and access device fraud. Federal prosecutors claim that Council, alongside other conspirators, conducted a SIM swap to fraudulently obtain control of the SEC’s X account, which allowed them to impersonate someone with authorized access.
The hacking incident, which occurred on January 9, targeted the SEC’s official X account (@SECGov). Once the hackers took control, they posted a message falsely claiming that the SEC had approved bitcoin exchange-traded funds (ETFs) for listing on national exchanges. The post gained widespread attention, accumulating millions of views, and it caused the price of bitcoin to rise by more than $1,000. However, the SEC quickly regained control of the account and clarified that the statement was untrue, leading to a sharp drop in bitcoin prices by $2,000.
Details of the Hacking Scheme
Prosecutors have provided further details of the hacking operation. According to the charges, Council obtained the personal information of a person with access to the SEC’s X account. He then allegedly used this information to create a fake ID and gain access to the person’s cellphone account. This allowed him to execute a SIM swap, which linked the person’s phone number to a new SIM card. Council is accused of purchasing a new iPhone in Huntsville, Alabama, to complete the SIM swap, and afterward, he shared access to the SEC’s X account with his co-conspirators.
The conspirators then posted the false message about bitcoin ETFs, which caused the market disruption. Council, who operated under online aliases like “Ronin,” “Easymunny,” and “AGiantSchnauzer,” was allegedly paid in bitcoin for his role in the hack. After completing the attack, he reportedly traveled to Birmingham, Alabama, where he returned the iPhone for cash. Investigators discovered that Council conducted several internet searches related to the hack, including how to detect if he was being investigated by the FBI.
Security Concerns on X and SIM Swaps
This hacking incident has raised concerns about security measures on X, a platform that has previously faced several high-profile breaches. SIM swaps, a technique used by hackers to bypass two-factor authentication, were central to this attack. Prosecutors pointed out that the SEC’s X account lacked two-factor authentication when it was compromised. In response, X’s safety account posted a warning about the importance of multifactor authentication shortly after the hack.
The breach once again highlighted the vulnerabilities of online platforms and the importance of stronger security protocols to prevent unauthorized access, especially for high-profile accounts that can significantly influence markets and public opinion.
