SEC Hacker’s Google Search Reveals FBI Investigation Fears

Eric Council Jr., the mastermind behind the SIM swap attack that compromised the Securities and Exchange Commission’s X account, is facing a two-year prison sentence. Court documents reveal a fascinating detail: Council’s online searches revealed a desperate attempt to determine if he was under FBI investigation.

The prosecution’s sentencing recommendation stems from Council’s role in the hack, which involved a false announcement about a Bitcoin ETF approval, causing significant market turmoil. Newly unearthed evidence shows Council Googled phrases such as “How can I know for sure if I am being investigated by the FBI?” and “How long does it take to delete a Telegram account?” These searches were discovered during a June 2024 search warrant of his property.

Despite efforts to purge his Telegram chats, investigators found evidence of SIM swap discussions with international collaborators. Council admitted to earning approximately $50,000 between January and June 2024 for providing SIM swap services under the alias ‘easymunny’ on Telegram, charging $1,200 to $1,500 per job.

Unraveling the SEC Hack: Method and Capture

Council’s SIM swap involved creating fraudulent identification documents to impersonate an SEC employee with X account access. He successfully tricked an AT&T employee into transferring the victim’s phone number to his SIM card, leveraging the victim’s partial Social Security number and driver’s license information.

A new iPhone, purchased using the swapped SIM card, granted Council access to the SEC’s X account. He then shared this access with his co-conspirators, who published the false Bitcoin ETF news on January 9th, one day before the official approval.

The illicit payment for this attack was received in Bitcoin and other cryptocurrencies. Council’s activities came to an end on June 12th, 2024, when authorities observed him attempting another SIM swap at an Apple Store. A subsequent search warrant yielded crucial evidence, including fake ID templates.

Council’s guilty plea on February 10th followed an October indictment for Conspiracy to Commit Aggravated Identity Theft and Access Device Fraud. The fake announcement garnered over 1 million views before being debunked by the SEC.

The incident exposed the absence of two-factor authentication on the SEC’s X account. Initial reports of 2FA being enabled were later disputed, suggesting an accidental removal by X Support following a request from an SEC employee. The incident resulted in significant short-term Bitcoin price volatility.