In a recent development in Washington, Eric Council, 25, from Athens, Alabama, admitted his guilt in a conspiracy to commit aggravated identity theft. The case unfolded in the United States District Court for the District of Columbia where Council confessed to his involvement in a scheme to hack into the @SECgov X account of the U.S. Securities and Exchange Commission (SEC). This unlawful act culminated in the publication of fraudulent posts under the guise of the then-SEC Chairman.
The guilty plea was made public by U.S. Attorney Edward R. Martin, Jr., alongside other officials such as Supervisory Official Antoinette T. Bacon from the Justice Department’s Criminal Division, SEC Inspector General Deborah Jeffrey, and FBI Special Agent in Charge Sean Ryan from the Washington Field Office, Criminal and Cyber Division.
Council’s admission took place before U.S. District Court Judge Amy Berman Jackson in the District of Columbia. The gravity of his offense could lead to a maximum sentence of five years in prison, a fine amounting to $250,000, and a probationary period of up to three years. The sentencing is scheduled for May 16, 2025.
According to court documents, Council collaborated with others starting from January 2024 to carry out Subscriber Identity Model (SIM) attacks, popularly known as “SIM swaps,” in exchange for financial gain.
In SIM swap attacks, a fraudulent maneuver is employed to persuade a mobile carrier to transfer a mobile phone number from a legitimate user’s SIM card to a SIM card controlled by criminals. This ploy is designed to breach security measures like multifactor authentication and two-step verification for online accounts, including social media and virtual currency platforms.
On January 9, 2024, Council and his associates executed a SIM swap targeting the mobile phone account linked to the @SECgov X account. The objective was to illicitly access this official government account to disseminate false information. Prior to this incident, a member of the conspiracy identified the authorized user for the phone number associated with the @SECgov X account. Council, under direction from a co-conspirator, proceeded with the SIM swap by creating a fake ID with the victim’s information but Council’s image.
Council utilized an ID card printer to forge a physical ID, which he presented at an AT&T store in Huntsville, Alabama, under false pretenses to obtain a replacement SIM card. Following this, he bought a new iPhone from an Apple store, activated it with the stolen SIM card, and captured the @SECgov X account reset code. This critical information was then shared with his co-conspirators to carry out the unauthorized post.
The aftermath of the fraudulent post was significant, with the price of Bitcoin (BTC) rising by over $1,000 and subsequently plummeting by more than $2,000 after the SEC regained control of their account and exposed the breach.
Further investigations revealed Council’s involvement in attempting additional SIM swaps in June 2024, leading to a search warrant executed at his residence in Athens, Alabama. Law enforcement agents recovered incriminating evidence, including a fake ID card, a portable ID card printer, and a laptop with traces of illicit activities.
Council confessed to receiving approximately $50,000 from the conspiracy within the past six months to carry out SIM swap attacks.
The case is being diligently investigated by various law enforcement agencies, including the FBI Washington Field Office Criminal and Cyber Division, the SEC-Office of Inspector General, and other key departments within the Justice Department.
The prosecution of this elaborate scheme is in the capable hands of Assistant United States Attorney Kevin Rosenberg, CCIPS Trial Attorney Ashley Pungello, and Fraud Section Trial Attorney Lauren Archer. Additional support was provided by Assistant United States Attorney John Hundscheid from the Northern District of Alabama.
For more information on SIM swapping and related cybercrimes, interested individuals can refer to the provided link. The authorities remain vigilant against such fraudulent activities and are dedicated to maintaining the integrity of online security measures.