Confession to SEC Hack Responsible for Bitcoin Value Surge
Eric Council recently confessed to his involvement in a sleazy scheme related to identity theft. His offense involved a complex hack of the X account, formerly belonging to Twitter, which was previously handled by the Securities and Exchange Commission (SEC). The objective was to spread false information, falsely attributing approval of Bitcoin exchange-traded funds (ETFs) to then-SEC Chairman Gary Gensler. This fraudulent claim temporarily spiked Bitcoin's price by over $1,000 before real Chairman Gensler debunked the claim, leading to a $2,000 drop in Bitcoin's price.
Incidentally, the very next day, the SEC approved 11 Bitcoin ETFs. The X account of the SEC had additional layers of protection, including dual factor authentication. Typically, dual factor authentication requires a code to be sent to the user's cell phone to confirm their identity and prevent unauthorized use. However, as demonstrated in this case, such security measures can be overcome by a technique called SIM swapping.
Simply put, SIM swapping is a crime where a criminal convinces a cell phone carrier to transfer a victim's SIM card to a device under the criminal's control. With access to SIM cards, identity thieves become equipped to intercept security codes sent via text messages for online banking, allowing them to drain victims' bank accounts and cause widespread financial chaos.
In the X account hack scenario, Council managed to steal the SIM card and hack into the account using a simple yet ingenious method. After another member of the conspiracy provided the necessary personal information, Council used it to create a fake ID card and convinced an AT&T store employee to provide him a replacement SIM card.
Council will be sentenced on May 16, 2025, and faces up to five years in prison, a $250,000 fine, and up to three years of supervised release. To prevent falling victim to SIM swapping, follow these guidelines:
- Set up a PIN or password for access to your mobile service provider's account.
- If you use AT&T, enable a separate passcode for your account. Without this passcode, AT&T will not swap your SIM card.
- If you use Verizon, create a PIN or password for authentication purposes when contacting their call center.
- If you use T-Mobile, set up a separate passcode for SIM card changes.
By following these suggestions, you can minimize the risk of SIM swapping attacks, though it is essential to recognize that these measures do not eliminate the risk entirely.
Sources:
- [https://www.creditsesame.com/identity-protection/prevent-sim-swapping]
- [https://business.verizon.com/our-enterprise/what-is-esim/]
- [https://www.t-mobile.com/support/coupon-code-password-change]
- [https://www.cybersecurityinsiders.com/news/how-to-generate-authenticator-codes-for-two-factor-authentication-2-fact92018]
- [https://arstechnica.com/information-technology/2016/05/sim-swapping-the-simple-75-smartphone-scam-that-bits-everyone/]
In the court hearing scheduled for May 16, 2025, Eric Council will likely face consequences for his role in the 'sim swap' incident that led to the hacking of the X account, resulting in the attempted spread of false information about Bitcoin ETFs approval. Despite the integrated security measures like dual factor authentication, the X account was vulnerable to SIM swapping, a method demonstrating an ironic gap in modern cybersecurity.
