In a recent development regarding the hack of the US Securities and Exchange Commission (SEC)’s X (formerly Twitter) account in January 2024, a man named Eric Council Jr, aged 25 from Alabama, has been arrested on charges related to the incident. The Department of Justice (DoJ) announced that Council is alleged to have conspired with others to take unauthorized control of the SEC’s X account and posted a fake announcement about the approval of Bitcoin Exchange Traded Funds by the agency.
The false post made on January 9 in the name of SEC Chair Gary Gensler led to a significant surge in the price of Bitcoin, increasing by more than $1000 per coin. However, once the SEC regained control over its X account and confirmed that the post was unauthorized due to a security breach, the value of Bitcoin plummeted by over $2000 per coin.
Council has been charged with one count of conspiracy to commit aggravated identity theft and access device fraud. If convicted, he could face a maximum penalty of five years in prison for his alleged involvement in the hack. The incident highlighted the vulnerability of social media accounts to cyber attacks and the potential consequences such breaches could have on financial markets.
The cyber attack on the SEC’s X account was attributed to a SIM-swapping attack, where the hackers hijacked a phone number associated with the @SECGov account. This allowed them to assume control over the account and post the misleading announcement about Bitcoin Exchange Traded Funds. Court documents indicate that Council and his accomplices created a fake identification document to impersonate the victim and gain access to the social media account linked to the hijacked phone number.
The lack of two-factor authentication (2FA) on the SEC’s X account at the time of the hack raised concerns about the agency’s cybersecurity practices. This led to calls for a thorough investigation by US lawmakers to address any vulnerabilities in the SEC’s online security measures.
Law enforcement agencies in the US stressed the severity of hacks aimed at manipulating financial markets, as they have the potential to disrupt global stability. David E. Geist, Acting Special Agent in Charge of the FBI Washington Field Office Criminal and Cyber Division, highlighted the dangers of SIM swapping and its use in accessing sensitive information with the intent of committing crimes. The FBI, in collaboration with other law enforcement agencies, is committed to holding accountable those who engage in illegal activities that jeopardize the integrity of financial systems.
The arrest of Eric Council Jr in connection with the hack of the SEC’s X account serves as a reminder of the ongoing threats posed by cybercriminals and the importance of fortifying online security measures to protect against malicious attacks. The incident also underscores the need for enhanced vigilance and cooperation among law enforcement agencies to safeguard the integrity of financial markets and prevent similar breaches in the future.