US arrests man for SEC X account hacking

A man has been arrested on charges related to the January 2024 hack of the US Securities and Exchange Commission (SEC) account X (formerly Twitter), which led to a surge in Bitcoin prices.

The Department of Justice (DoJ) said the individual, named Eric Council Jr., 25, from Alabama, allegedly conspired with others to gain unauthorized control of the SEC’s X account, publishing a fake announcement that the agency had approved Bitcoin. Exchange-traded funds.

The fake message on January 9, written in the name of SEC Chairman Gary Gensler, caused the price of Bitcoin to rise by more than $1,000 per coin.

Shortly thereafter, the SEC took back control of his X account to confirm that the post was unauthorized and the result of a security breach. Following this corrective disclosure, the value of Bitcoin decreased by more than $2,000 per coin.

THE @SECGov Account X has been compromised and an unauthorized post has been made. The SEC has not approved the listing and trading of Bitcoin spot exchange-traded products.

– United States Securities and Exchange Commission (@SECGov) January 9, 2024

Council was charged with one count of conspiracy to commit aggravated identity theft and access device fraud. If convicted, he faces a maximum sentence of five years in prison.

Sim-Swapping hack threatens integrity of financial markets

X’s security team revealed that the takeover was due to the hijacking of a phone number associated with the @SECGov account in a SIM swap attack. The SEC later confirmed that this was the source of the hack.

Court documents allege that the Council and co-conspirators created a fraudulent identification document in the victim’s name to impersonate the victim.

They then took over the victim’s cell phone account and accessed the online social media account linked to the victim’s cell phone number in an attempt to gain access to the SEC’s X account. This allowed the hackers to generate the fraudulent message in the name of SEC Chairman Gensler.

The SEC’s X account did not have two-factor authentication (2FA) enabled at the time of the hack, leading to calls for an investigation by US lawmakers into the company’s cybersecurity practices agency.

US law enforcement officials have highlighted the seriousness of hacks aimed at manipulating financial markets, which could lead to global destabilization.

Acting Special Agent in Charge David E. Geist of the Criminal and Cyber ​​Division of the FBI’s Washington Field Office commented: “SIM card swapping is a method that bad actors exploit to illegally access sensitive information of an individual or company, with the intent to perpetrate a crime. In this case, the unauthorized actor allegedly used SIM card swapping to manipulate the global financial market. The FBI will continue to work tirelessly with its law enforcement partners across the country and around the world to hold those who violate America’s laws accountable. »

Image credit: CryptoFX / Shutterstock.com