SEC Twitter hack: Man imprisoned for role in attack that caused Bitcoin's price to soar

A 25-year-old man from Alabama has been sentenced to 14 months in a federal prison for his part in a hack that resulted in the Bitcoin cryptocurrency to briefly soar in value.

Eric Council Jr., of Athens, Alabama, pleaded guilty to charges related to the January 2024 hack of the US Securities and Exchange Commission's (SEC) Twitter account, which saw a fake announcement about the Bitcoin cryptocurrency posted to its 660,000+ followers.

The tweet was accompanied by a very corporate image picturing SEC chairman Gary Gensler endorsing the announcement. Frankly, there wasn't much about the tweet which would have raised suspicion amongst the typical Twitter user - even those who would consider themselves cybersecurity-savvy.

Sure enough, the announcement caused an immediate and dramatic spike in the value of Bitcoin, before it slipped down again after Gensler confirmed on his personal account that the SEC's account had been compromised.

According to court documents, Council was part of an online gang that specialised in SIM-swapping and hijacking social media accounts. His role was to impersonate the person who managed the SEC's Twitter account - a goal he achieved after creating a fake ID card bearing his face and their name.

Armed with a fake identity card, Council walked into an AT&T store in Huntsville, Alabama, and convinced a retail employee to hand over a SIM card for the victim’s phone number.

He then raced to an Apple Store, bought an iPhone, plugged in the SIM, and intercepted the password for the SEC’s Twitter account. As I have previously described, Twitter unfortunately makes it possible to reset an account password just by knowing and having access to its associated cellphone number.

And Council, of course, not only knew the mobile phone number associated with the SEC's Twitter account, he was also in possession of a SIM card that meant he received any messages sent to it.

According to prosecutors, Council received US $50,000 for his part in the plot.

In June 2024, the FBI searched Council's apartment, and found the fake ID card and a portable ID card printer. Examining the Council's laptop they also found some incriminating internet searches:

• "SECGOV hack"
• "telegram sim swap"
• "how can I know for sure if I am being investigated by the FBI"
• "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them"
• "what are some signs that the FBI is after you"
• "Verizon store list"
• "federal identity theft statute"
• "how long does it take to delete telegram account"

Council, who had been facing up to five years in prison, was sentenced by Judge Amy Berman Jackson to 14 months in prison, and ordered to a pay a forfeiture of US $50,000. After completing his prison sentence, Council will have to submit to "three years of supervised release" under the condition that he does not use computers to access the dark web or commit further identity fraud.