SEC SIM Swapper Gets 14 Months for X Account Hijack
An Alabama man has been handed a significant sentence after being caught red-handed for his role in hacking into the SEC social media account to post fake news about Bitcoin. Eric Council Jr., 26, of Huntsville, pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud back in February, following an incident that took place in January 2024.
According to court documents, Council created a fake identity card using personally identifiable information (PII) of the victim obtained from co-conspirators. He then used this to perform a SIM swap attack – whereby mobile phone carriers are tricked into porting a victim’s number to a SIM card controlled by a fraudster. This allowed him to receive two-factor authentication (2FA) codes in order to access social media, crypto, and other sensitive accounts.
With access to the SEC's account on X (formerly Twitter), Council's co-conspirators then posted in the name of the SEC chairman, falsely announcing the regulatory approval of Bitcoin Exchange Traded Funds (ETFs). This false announcement caused a significant surge in the price of Bitcoin, with prices increasing by more than $1000 per BTC, before diving more than $2000 per BTC after the announcement was corrected by the SEC.
Council received payment in BTC from co-conspirators for his role in the scheme, while they may have benefited from the surge in virtual currency prices. The Justice Department (DoJ) described the scheme as "schemes of this nature [that] threaten the health and integrity of our market system" and warned that such actions can have severe consequences.
"SIM swap schemes threaten the financial security of average citizens, financial institutions, and government agencies," said US attorney Jeanine Pirro for the District of Columbia. "Don't fool yourself into thinking you can’t be caught. You will be caught, prosecuted, and will pay the price for the damage your actions create."
The incident came amid a rash of account takeovers at X, including Mandiant, Hyundai, and Certik. The SEC, which is designed to protect investors from corporate misconduct, was heavily criticized at the time, especially as it had just brought in strict new cybersecurity reporting and transparency rules for listed firms.
The Consequences of Identity Theft and SIM Swap Schemes
Identity theft and SIM swap schemes are becoming increasingly common, with hackers using various tactics to gain access to sensitive accounts. These schemes can have devastating consequences for individuals, businesses, and financial institutions, causing significant losses and disrupting critical services.
A Call to Action: Protecting Against Identity Theft and SIM Swap Schemes
As the threat of identity theft and SIM swap schemes continues to grow, it is essential that we take steps to protect ourselves. Individuals can take simple precautions such as using strong passwords, enabling two-factor authentication, and being cautious when receiving unsolicited emails or messages.
The Importance of Cybersecurity Reporting and Transparency
The recent incident highlights the importance of cybersecurity reporting and transparency in protecting investors from corporate misconduct. As regulatory bodies continue to strengthen their rules and guidelines, it is essential that companies prioritize cybersecurity measures to prevent such incidents from occurring in the future.