Athens man arrested by FBI in SEC hack that spiked bitcoin value

ATHENS — A man accused of hacking the Security Exchange Commission’s X page to post false and misleading information about bitcoin was arrested Thursday in Athens by federal authorities.

According to the indictment released by the U.S. Attorney’s Office for the District of Columbia, on Jan. 9, 2 Eric Council Jr., 25, of Athens conspired with other individuals to take unauthorized control of the @SECGov X account and sent out a fake post in the name of the SEC chair, announcing, “Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges.”

Shortly after the post, the price of BTC increased by more than $1,000 per bitcoin.

The SEC quickly regained control over their account and confirmed that the announcement was both unauthorized and a security breach. Following this corrective disclosure, the value of BTC decreased by more than $2,000 per bitcoin.

Principal Deputy Assistant Attorney General Nicole M. Argentieri said Council hacked the page by “using the stolen identity of a person who had access to the account to take over their cellphone number.”

“The FBI works to identify, disrupt, and investigate cyber-enabled frauds, including SIM swapping,” said FBI Acting Special Agent in Charge David Geist. “SIM swapping is a method bad actors exploit to illicitly access sensitive information of an individual or company, with the intent of perpetrating a crime. In this case, the unauthorized actor allegedly utilized SIM swapping to manipulate the global financial market.

“The FBI will continue to work tirelessly with our law enforcement partners around the country and globe to hold accountable those who break U.S. laws.”

Council made an initial appearance Thursday in the Northern District of Alabama federal court.

According to the U.S. Attorney’s Office, Council searched the web for topics including “How can I know for sure if I am being investigated by the FBI,” and “What are the signs you are under investigation by law enforcement or the FBI even if you have not been contacted by them.”

The case is being investigated by the FBI Washington Field Office Criminal and Cyber Division, the SEC-Office of Inspector General, the U.S. Attorney’s Office for the District of Columbia, and the Department of Justice’s Market Integrity and Major Frauds Unit and Computer Crime and Intellectual Property Section.

“These SIM swapping schemes, where fraudsters trick service providers into giving them control of unsuspecting victims’ phones, can result in devastating financial losses to victims and leaks of sensitive personal and private information,” said U.S. Attorney Matthew M. Graves. “Here, the conspirators allegedly used their illegal access to a phone to manipulate financial markets.

“Through indictments like this, we will hold accountable those who commit these serious crimes.”

A Subscriber Identity Module card is a chip that stores information identifying and authenticating a cell phone subscriber. When a cell phone carrier reassigns a phone number from one physical phone to another — such as when a customer purchases a new phone but wants to retain the same number — the carrier switches the assignment of the cell phone number from the SIM card in the old phone to the SIM card in the new phone, a process sometimes referred to as “porting” a number.

A SIM swap attack refers to the process of fraudulently inducing a carrier to reassign a cell phone number from the legitimate subscriber or user’s SIM card to a SIM card, and telephone, controlled by a criminal actor. A SIM swap attack allows a criminal actor to defeat multifactor authentication (MFA) and/or two-step verification process to access a victim’s account so that the criminal actor may steal money and/or data from the victim or access the victim’s online accounts.

As described in the indictment, Council, who used online monikers including “Ronin,” “Easymunny,” and “AGiantSchnauzer,” received personal identifying information (PII) and an identification card template containing a victim’s name and photo from co-conspirators. Council then used his identification card printer to create a fake ID with the information.  Council proceeded to obtain a SIM card linked to the victim’s phone line by presenting the fake ID at a cell phone provider store in Huntsville.

He then purchased a new iPhone in cash and used the two items to obtained access codes to the @SECGov X account, the indictment reads. Council shared those codes with members of the conspiracy, who then accessed the account – and issued the fraudulent tweet on the @SECGov X account in the name of the SEC Chairman, falsely announcing the SEC’s approval of BTC ETFs. Council received BTC payment for performing the successful SIM swap. Shortly after, Council drove to Birmingham to return the iPhone used in the SIM swap for cash.

The indictment said Council later conducted internet searches for “SECGOV hack,” “telegram sim swap,” “how can I know for sure if I am being investigated by the FBI,” and “What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them.”