Eric Council Jr. Sentenced to 14 Months in Prison for His Role in Hacking the US Securities and Exchange Commission's X Account

A Huntsville, Alabama resident, Eric Council Jr., 26, has received a 14-month prison sentence for his involvement in a scheme to hack the US Securities and Exchange Commission's (SEC) official social media account on X, formerly Twitter.

A Huntsville, Alabama resident, Eric Council Jr., 26, has been sentenced to 14 months in prison for his involvement in a scheme to hack the US Securities and Exchange Commission’s (SEC) official social media account on X, formerly Twitter.

Council’s sentencing on Monday follows his guilty plea in February to charges including conspiracy to commit aggravated identity theft and access device fraud. The incident, which occurred in January 2024, involved the posting of false information about Bitcoin that briefly impacted the cryptocurrency’s value.

As reported by Hackread at the time, the scheme began when Council, also known as Ronin and Agiantschnauzer, created a fake identification card using the personal information (PII) of a victim, which he obtained from others involved in the conspiracy. He then used this fake ID to carry out a SIM swap attack.

This deception involved contacting mobile phone carriers and, by impersonating the victim, had the victim’s phone number transferred to a SIM card that was in the possession of one of the conspirators. This move was crucial to intercept two-factor authentication (2FA) codes intended for the SEC’s account, ultimately granting the conspirators unauthorized access. However, it was later discovered that the SEC’s X account did not have 2FA enabled, making it easier for the attackers to take over the account.

The conspirators went on to post a fabricated announcement from the SEC chairman Gary Gensler, where he approved Bitcoin Exchange Traded Funds (ETFs), a day ahead of the anticipated decision.

The unauthorized tweet from the official @SECGov handle caused significant confusion and volatility in the cryptocurrency market as it gained 1 billion views. It also raised bitcoin price to over $1000 per BTC. However, the gain was short-lived as the SEC clarified the false information 15 minutes later, causing Bitcoin’s price to decline by over $2000 per BTC.

“Schemes of this nature threaten the health and integrity of our market system. My office will continue to aggressively pursue and prosecute those who engage in such activity. Those who participate in cybercrime will be caught, prosecuted, and will pay the price for the damage your actions create,” said US Attorney Jeanine Pirro for the District of Columbia.

Further investigation revealed that Council received approximately $50,000 for his role in the SIM-swapping attack. Following a search of his residence in June 2024, the FBI discovered the fake ID card, a portable ID card printer, and a laptop containing incriminating internet searches related to the “SECGOV hack” and “telegram sim swap.”

Despite setting his chats to delete after two weeks, messages discussing SIM swap hacks with people likely living outside the US were found.

This case underscores the real-world consequences of cybercrime and the importance of employing fail-proof security measures for all organizations, including government agencies. It also highlights the collaborative efforts of federal agencies in combating sophisticated cyber threats and protecting the public interest. As the case unfolds, further updates and analysis will be provided.