14 Months in Prison for Securities and Exchange Commission Account Takeover and Identity Theft
Published
- Eric Council from Alabama has been sentenced to 14 months in prison for identity theft
- He took over the social media account of the U.S. Securities and Exchange Commission
- Council and his coconspirators posted false information about Bitcoin ETC
Eric Council, a man from Alabama, United States, was handed a sentence of 14 months in prison for his role in the cybersecurity breach of the U.S. Securities and Exchange Commission (SEC).
Council, 26 committed several fraudulent activities after hacking the social media account of the SEC, the agency of the federal government that watches over the stock market.
To access the social media account, he conducted a SIM swap wherein he convinced the carrier to believe that he was the rightful owner of the SEC employee’s number and had them reassign ownership of it to his SIM card.
To convince the provider, he created a fraudulent ID card with the SEC personnel’s information. After conducting a SIM swap and gaining unauthorized access to the X account, he reset its password and posted false information.
Council was accompanied by other members in this crime against the SEC. The group posted in the name of the SEC Chairman that the agency approved Bitcoin Exchange Traded Funds (ETFs). This caused a surge in its price by more than $1,000 per BTC.
However, this quickly dropped to over $2,000 per BTC when the systems were restored and the false information brought to light. Council’s cybercrimes led to the distortion of the financial markets.
On January 9, 2024, the SEC suffered a security incident. Several law enforcement agencies and federal entities investigated to find the cause of the incident. Two days later, after consulting with the SEC's telecom carrier, they found that a threat actor had gained control of a SEC cell phone number.
In this incident, SEC systems were not breached. The incident stemmed from a telecom carrier activity. Upon discovering this, the SECGov account on X had its multi-factor authentication disabled to prevent any more OTP or login attempts from being entertained.
“Don’t fool yourself into thinking you can’t be caught. You will be caught, prosecuted, and will pay the price for the damage your actions create,” the U.S. Attorney Jeanine Pirro for the District of Columbia said in a press release.
Council pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud in February. Besides the prison sentence, Council will have three years of supervised release for his cybercrimes, the press release added.
Related
Most Popular
Most Popular