In January 2024, the then Chairman of the Securities and Exchange Commission (SEC) had his X account hacked. The individual who commandeered the account used his access to announce the approval of Bitcoin ETFs, impersonating Chair Gary Gensler – one day before the SEC intended to announce it publicly. The perpetrator was eventually arrested in October 2024.
The individual in question, Eric Council, 25, of Athens, Georgia, entered a guilty plea earlier this month in the US District Court in the District of Columbia regarding his infraction.
Conspiring with others, Council apparently utilized a SIM Swap hack to gain access to the account.
The DOJ shared that Council used a portable ID card printer to create a physical ID, which he then used to impersonate an individual who had access to the SEC’s X account at an AT&T store in Huntsville, Alabama.
Council told an AT&T store employee he needed a replacement SIM card and then obtained the SIM card linked to the victim’s phone line. He then walked to a nearby Apple store, where he purchased a new iPhone to take over the X account.
It was previously revealed that the account did not have two-factor identification enabled. Two-factor steps may, or may not have made the account more secure.
According to the US Department of Justice, Council may face a maximum sentence of up to 5 years in prison and a $250,000 fine.
The DOJ states that when Council’s laptop was searched, they discovered templates for more fake ID cards, online searches for “how can I know for sure if the FBI is investigating me,” and similar queries.
Additionally, Council reportedly earned approximately $50,000 for performing SIM swap hacks in the six months before his arrest.