Hacker Pleads Guilty to SEC Account Breach: A Detailed An...

In a case that has sent shockwaves through the cybersecurity community, Eric Council Jr., a 25-year-old Alabama resident, pleaded guilty to charges of conspiracy to commit aggravated identity theft and access device fraud. Council had gained illicit access to the Securities and Exchange Commission's (SEC) X account in January 2024, using a SIM-swapping attack and a fake ID to take control of a phone number associated with the account. His actions led to a significant spike in Bitcoin's value and underscore the ongoing challenges in securing digital assets and identities.

Read more at source.

The Fraudulent Scheme

Once Council gained control of the SEC's account, he and his unnamed co-conspirators posted a doctored image and a fake quote by then SEC Chairman Gary Gensler. The message falsely stated that Bitcoin Exchange Traded Funds (ETC) had been approved, which led to a surge in the cryptocurrency's value by more than $1,000. Council was paid in Bitcoin for his role in the scheme.

The Technique: SIM-Swapping

Council's method of gaining control of the SEC account involved a SIM-swapping attack. He moved a phone number associated with the @SEC account to the SIM card in an iPhone he had purchased. After obtaining the personal information of a person with access to the account, Council used a fake ID to persuade AT&T to give him control of the number. This allowed him to receive the account's recovery codes on his own phone.

The Aftermath and Legal Consequences

Council was arrested and investigators discovered revealing searches on his device, including queries about signs of being under investigation by law enforcement or the FBI. Council is now scheduled for sentencing on May 16th and could face a maximum penalty of five years in prison.