An Alabama man is pleading guilty after being charged with SIM swapping the Securities and Exchange Commission’s (SEC) X account in January last year.
Twenty-five-year-old Eric Council Jr was charged with the offense in October and the Justice Department said at the time he was part of a group who attempted to manipulate the price of cryptocurrencies to their advantage.
Announcing Council’s guilty plea on Monday, the department did not mention the motives behind the incident, but once again noted that the price of Bitcoin rose by more than $1,000 after the SEC’s account falsely confirmed the approval of BTC Exchange Traded Funds.
The approval decision was one that was being watched by the markets intently and when it seemingly came from then-SEC chair Gary Gensler, they reacted in kind.
After the SEC regained access to its account and explained that the statement was false, the price of Bitcoin dropped by more than $2,000 per token.
The fake confirmation was issued on January 9, 2024, and the SEC announced the approval of Bitcoin ETFs for real the following day.
Council’s role in the scheme was to SIM-swap his way into the account, for which he was allegedly paid in, you guessed it, Bitcoin.
SIM-swapping can be a highly effective method of gaining access to an account of an attacker’s choosing, when the account is protected using SMS-based two-factor authentication (2FA).
It’s one adopted by the likes of the Scattered Spider gang and has led to some highly lucrative and damaging attacks being carried out, such as the ransomware hit on MGM Resorts.
As most Reg readers know, a SIM swap typically sees the attacker convincing a network carrier that they are indeed the genuine victim, after which the attacker requests that “their” phone number be reassigned to a device they control.
In this case, the orginal [PDF] indictment claims Council used an ID card printer to generate a seemingly legitimate version of the SEC X account holder’s identity document using personal data provided by other members of the scheme.
Council then took the spoofed ID card and entered one of AT&T’s retail stores in Huntsville to acquire a SIM linked to the victim’s account, says the complaint. He later strolled into an Apple store to purchase a new iPhone which was then used to receive the victim’s 2FA codes, say prosecutors. Council then forwarded the SMS-based 2FA code over to his friends, who did the rest.