Eric Council Jr. did the SIM swap that made the hack possible, according to the DOJ.

Eric Council Jr. from Alabama has pleaded guilty to being a co-conspirator in the unauthorized takeover of the US Securities and Exchange Commission's Twitter account last year. In early January 2024, SEC's official X account tweeted that bitcoin ETFs had been approved "for listing on all registered national securities exchanges," but SEC Chair Gary Gensler quickly announced that the agency's account was compromised. The commission later revealed that it was the victim of a SIM swapping attack, though it also admitted that it account wasn't protected by multi-factor authentication. Council was the one who carried out the SIM swap, according to the Department of Justice.

Council used an ID card printer to create a fake ID that he then used to gain access to a phone number associated with the SEC's account. In a SIM swap, the perpetrator typically gets a user's carrier to reassign a phone number to a new SIM card that they control. His co-conspirators, who paid Council in bitcoin, then changed the SEC account's password to control it before posting the false news along with a fake quote from Gensler. As for why the SEC's account was protected by MFA, the agency previously said that it asked X's support staff to disable it last July, because it was having issues with account access. But it remained disabled until after the account was compromised.

Council, who was arrested in October, has pleaded guilty to aggravated identity theft and access device fraud. He will be sentenced on May 16 and could face up to five years in prison. The Justice Department said Bitcoin rose by $1,000 after the fake announcement went up and then fell by $2,000 when the SEC issued a correction.

Source:
courtesy of ENGADGET

by Mariella Moon

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]