DOJ

Alabama man arrested in breach of SEC social media account

The FBI arrested a man in Alabama on Thursday after accusing him of being behind the takeover of the Securities and Exchange Commission (SEC)’s social media account on X, formerly known as Twitter.

The Justice Department said 25-year-old Eric Council Jr. was arrested in Athens, Alabama, after he was charged on October 10 with one count of conspiracy to commit aggravated identity theft and access device fraud. 

Council faces a maximum of five years in prison if convicted, and the indictment notes that others were involved in the incident. 

On January 9, the X account for the SEC was taken over and used to send out a tweet announcing the approval of bitcoin Exchange Traded Funds, something cryptocurrency advocates had long sought. 

The Justice Department said Council “gained control of the SEC’s X account through an unauthorized Subscriber Identity Module (SIM) swap.” SIM swaps are when hackers get phone companies to reassign a cell phone number from the legitimate subscriber to a SIM card controlled by the hacker. 

“As part of the scheme, Council and the co-conspirators allegedly created a fraudulent identification document in the victim’s name, which Council used to impersonate the victim; took over the victim’s cellular telephone account; and accessed the online social media account linked to the victim’s cellular phone number for the purpose of accessing the SEC’s X account and generating the fraudulent post in the name of SEC Chairman Gensler,” the Justice Department explained. 

The indictment says Council used an ID card template with the victim's name and his own face, printed it and traveled to an AT&T store in Huntsville, Alabama, to conduct the SIM swap. 

Council claimed he was an FBI employee "who broke his phone" and needed a new SIM card before going to an Apple store, buying a new iPhone and putting the new SIM card into it. 

This allowed him to receive two-factor security reset codes needed to take over the @SECGov account on X. The same day, Council drove to Birmingham, Alabama, and returned the iPhone at another Apple store. 

The indictment says Council Googled "SECGOV hack," and "how can I know for sure I am being investigated by the FBI," and "how long does it take to delete telegram account" as well as other queries related to whether he was being monitored by the FBI. 

The FBI said it worked with the SEC on the investigation into the case. 

At the time of the incident, X confirmed that an investigation revealed that the account compromise “was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”

The X statement, which came from the site’s safety team, claimed the account did not have two-factor authentication enabled, something disputed in the indictment. 

The incident caused alarm because it came amid a string of account takeovers that included Google-owned cybersecurity firm Mandiant, the deputy leader of the United Kingdom’s Green Party and a Canadian senator

After the social media site was purchased by Tesla CEO Elon Musk, he fired much of the security team, allowing cryptocurrency scams to run amok on the platform. Security researchers repeatedly warned that they had issues contacted X about cybersecurity problems they had discovered. 

Principal Deputy Assistant Attorney General Nicole Argentieri, head of the Justice Department’s Criminal Division, said the account takeover and tweet caused the price of bitcoin to rise by $1,000 and then fall by $2,000. 

“These SIM swapping schemes, where fraudsters trick service providers into giving them control of unsuspecting victims’ phones, can result in devastating financial losses to victims and leaks of sensitive personal and private information,” said U.S. Attorney Matthew M. Graves

“Here, the conspirators allegedly used their illegal access to a phone to manipulate financial markets.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.