FBI Arrests Hacker Behind SEC X Account Fake Bitcoin ETF Announcement

18 Oct 2024 by Javier Bastardo · Forbes

WASHINGTON - APRIL 28: Commodity Futures Trading Commission (CFTC) Gary Gensler testifies during a ... [+] hearing before the Financial Services and General Government Subcommittee of Senate Appropriations Committee April 28, 2010 on Capitol Hill in Washington, DC. The hearing was to examine the FY2011 budget estimates for CFTC. (Photo by Alex Wong/Getty Images)Getty Images

The Federal Bureau of Investigation announced that they caught Eric Council Jr., the hacker who published a fake spot bitcoin ETF approval message in January, unlawfully using the Securities and Exchange Commission X account. The post made the bitcoin price soar more than 1,000 dollars. Council is charged with conspiracy to commit aggravated identity theft and access device fraud.

"The indictment alleges that Eric Council, Jr. unlawfully accessed the SEC's account on X by using the stolen identity of a person who had access to the account to take over their cellphone number," Principal Deputy Assistant Attorney General of the Justice Department's Criminal Division Nicole M. Argentieri stated in an official press release issued on October 17.

The document states that Council conspired with others to take unauthorized control of the @SECGov X account through a SIM-swapping attack. SIM-Swappin is a fraudulent account takeover that takes advantage of weak security practices. In this case, there is two-factor authentication and two-step verification, in which the second factor is a text message or call placed to a mobile telephone. The fraud exploits a mobile phone service provider's ability to port a phone number to a different device through the SIM.

Council gained access to the SEC's account and posted a fake message on behalf of the SEC Chair. "Today the SEC grants approval for #Bitcoin ETFs for listing on all registered national securities exchanges," was a fake post that boosted bitcoin prices. When the SEC authorities regained access to the X account, they clarified the fake announcement as unauthorized and the result of a security breach, leading to a BTC price decline of more than 2,000 dollars.

The attacker, who operated under the online aliases "Ronin," "Easymunny," and "AGiantSchnauzer," obtained personal identifying details along with an identification card template that included the authorized individual's data. Using his ID card printer, he forged a fake ID, and with this counterfeit ID, he went to a mobile carrier store in Huntsville, Alabama, where he acquired a SIM card associated with the victim's phone line.

MORE FOR YOU
Today’s NYT Mini Crossword Answers For Friday, October 18
Comet Tracker Tonight: When, Where And How To Find It On Friday
Does ‘Smile 2’ Have An End Credits Scene?

Afterward, he bought a new iPhone with cash, using both the SIM card and the device to obtain access codes for the @SECGov X account. Council then shared these codes with other conspiracy members, enabling them to access the account and post a fraudulent post. For his role in the successful SIM swap, Council was paid in BTC.

Maybe Council regretted the attack because after he performed online searches for terms such as "SECGOV hack," "how can I know if I'm being investigated by the FBI," and "What are the signs that law enforcement or the FBI are investigating you even if they haven't contacted you."

"I don't know if the SIM swapper is more low IQ for these internet searches or the SEC for not using 2FA", pseudonymous security researcher ZachXBT posted on X after the arrest announcement.