SEC Hacker's Desperate Search for Answers
The Securities and Exchange Commission (SEC) hacker who breached the SEC's X account last year was not just a tech-savvy individual, but also a desperate person searching for answers to his own predicament. Eric Council Jr., a SIM swap hacker with a penchant for making money by compromising others' accounts, found himself in a tight spot when he turned to Google to find out if the FBI was coming after him.
Council's search history revealed his growing anxiety and concern about being investigated by the authorities. The search queries included "How can I know for sure if I am being investigated by the FBI" and "How long does it take to delete Telegram account". US prosecutors discovered these search queries during a search warrant of Council's house, car, and devices last June.
While Council's Telegram chats were set up to be removed after two weeks, US prosecutors still found chats discussing SIM swaps with others believed to be located overseas. Council also admitted to law enforcement that he received around $50,000 for performing SIM swaps for clients between January to June 2024. He advertised himself as a SIM swapping expert on Telegram under the username easymunny, offering services for payment between $1,200 and $1,500.
The SIM Swap Hack
Council executed the SIM swap by creating fake identity documents to impersonate someone that his co-conspirators identified as having access to the SEC's X account. These fake documents were then used to trick a staff worker at telecommunications firm AT&T into reassigning the victim's phone number to Council's SIM card.
Council had to share the last four digits of the victim's Social Security number and driver's license to effectuate the SIM swap. He then bought a new iPhone from an Alabama Apple store, inserted the new SIM and shared the access codes to the SEC's X account with his co-conspirators, who later posted fake news about the spot Bitcoin ETFs on Jan. 9.
The Bitcoin products received official approval the following day. Council received payment for the SEC SIM swap in Bitcoin (BTC) and other cryptocurrencies, according to prosecutors. However, Council's luck ran out on June 12, 2024, when surveillance agents observed him attempting to execute a SIM swap at an Apple store, impersonating another victim.
The Aftermath
Law enforcement executed a search warrant six days later and recovered several pieces of circumstantial evidence, including templates for fake identification cards on his laptop. Council pleaded guilty on Feb. 10, after a federal grand jury returned an indictment charging him with Conspiracy to Commit Aggravated Identity Theft and Access Device Fraud last October.
The fake post accumulated over 1 million views before the SEC confirmed it had been hacked roughly 15 minutes later. The two announcements resulted in Bitcoin's price initially rising $1,000 before abruptly falling nearly $2,000 shortly after, wiping out tens of millions of dollars worth of market positions.
The SEC's Response
The security team at X confirmed that the SEC didn't have two-factor authentication installed on its X account at the time of the incident. The SEC claimed it initially had 2FA enabled but was erroneously removed by X Support following a request by an SEC staff member.