Alleged Bitcoin crook faces 5 years after SEC's X account pwned

An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission's X account earlier this year.

The feds arrested 25-year-old Eric Council Jr this week over the alleged conspiracy, which was said to be supported by other unnamed individuals.

When the SEC's X account was briefly compromised, it published a post falsely announcing that the regulator approved Bitcoin exchange-traded funds (ETFs), which caused the price of the digital currency to spike by more than $1,000.

The post seemingly came from SEC chair Gary Gensler. Once the regulator regained control of the account, it posted a retraction, causing Bitcoin's price to plummet by more than $2,000.

"The defendant allegedly deceived the public by impersonating the victim and making fraudulent statements on behalf of the SEC," said Chad Yarbrough, assistant director at the FBI's Criminal Investigative Division. "The FBI and our partners will continue to investigate and hold accountable those who attempt to manipulate financial markets for their own gain."

According to the Department of Justice, which announced the arrest on Thursday, Council Jr and his pals are suspected of SIM swapping an individual who had access to the SEC's X account.

Council Jr and accomplices were also said to have created a forged identity document of the individual who was targeted in the SIM swap attack to provide an additional layer of proof to the telco that it was dealing with the legitimate account holder.

The incident with the SEC's account came at a time when a spate of high-profile organizations were also having various public-facing accounts compromised. Among these was threat intel and incident response specialist Mandiant, an incident that again had a cryptocurrency nexus.

"These SIM swapping schemes, where fraudsters trick service providers into giving them control of unsuspecting victims' phones, can result in devastating financial losses to victims and leaks of sensitive personal and private information," said Matthew M Graves, US attorney for the District of Columbia. 

"Here, the conspirators allegedly used their illegal access to a phone to manipulate financial markets. Through indictments like this, we will hold accountable those who commit these serious crimes."

Graves is correct in saying that SIM-swapping crimes can lead to devastating consequences. It has typically been the attack of choice for prolific groups such as Scattered Spider, which was blamed for the costly ransomware attacks on Las Vegas hotels last year.

Mandiant CTO Charles Carmakal said earlier in the year that the company's incident responders have even witnessed events whereby scammers SIM swap the devices of business executives' children, then call the intended target in what he said amounted to psychological attacks.

• Ransomware crooks now SIM swap executives' kids to pressure their parents
• SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work
• SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring
• 'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M

SIM swaps involve cyberbaddies convincing support staff at network operators to switch phone numbers from one SIM card to another that's under the criminals' control.

A number of those support staff members recently revealed that they had received direct messages from budding criminals asking for an insider to help carry out malicious SIM swaps in exchange for a few hundred bucks.

Once a SIM swap is completed, the attackers can then intercept SMS-based 2FA codes to log into accounts if they know the credentials or to reset passwords to a string of their choosing.

If the crook knows basic information about the target, such as an email address, in many cases they can gain access to any account protected by SMS-based 2FA simply by resetting the password and following the link sent via SMS.

Council Jr was charged with one count of conspiracy to commit aggravated identity theft and access device fraud, which incurs a maximum prison sentence of five years. ®