Alabama Man Sentenced to 14 Months in Prison for Hacking SEC's X Account
A shocking case of corporate espionage has come to light, as an Alabama man has been sentenced to 14 months in prison for his role in hacking the Securities and Exchange Commission's (SEC) X account in 2024. Eric Council Jr., 26, of Athens, Alabama, used a sophisticated attack known as a "SIM swap" to access the account of an SEC employee responsible for the organization's social media.
Council's plan involved tricking a mobile carrier into reassigning his SIM card number from a victim's phone. This allowed him to access accounts with multi-factor authentication enabled by sending the SMS code to his own phone. He then used this technique to impersonate the victim at an AT&T store in Huntsville, Alabama, and obtained a brand new iPhone.
With the new iPhone, Council was able to gain access to the @SECGov X password reset codes, which he shared with his co-conspirators. After the SEC regained control of the account and shot down reports that ETFs had been approved, the value of bitcoin plummeted by more than $2,000. However, Council's accomplices were able to profit from the scheme, reportedly earning around $50,000 for their role.
The SEC hack was notable not only for its ambition but also for the fact that it highlights a growing trend of social media hacking aimed at spreading crypto fake news and promoting smaller "meme coins." In recent years, numerous celebrity social media accounts have been hacked for this purpose, including those belonging to rapper 50 Cent, former President Barack Obama, and Tesla CEO Elon Musk.
Law enforcement tracked Council down after discovering numerous suspicious searches on his personal devices, including searches related to avoiding detection by law enforcement or the FBI. The SEC has taken steps to enhance its security measures in response to this incident, underscoring the ongoing threat posed by hackers seeking to exploit vulnerabilities in social media accounts.
The incident serves as a reminder of the importance of robust cybersecurity and vigilance when it comes to online activities. As the use of social media continues to grow, so too will the number of sophisticated attacks aimed at exploiting its weaknesses. It remains to be seen whether this case marks the end of major hacked social media accounts spreading crypto fake news or if it is merely the beginning of a new wave of corporate espionage.