PCMag editors select and review products independently . If you buy through affiliate links, we may earn commissions, which help support our testing .
How did a hacker take over the SEC’s Twitter account back in January? It turns out the culprit resorted to pretending to be an FBI employee.
On Thursday, the Justice Department announced it had arrested a 25-year-old Alabama man for hijacking the SEC’s Twitter/X account.
The suspect, Eric Council, allegedly conspired with others to gain access to the SEC’s account with the goal of causing Bitcoin’s value to jump. This occurred on Jan. 9th, when the SEC’s account was briefly compromised to post about clearing Bitcoin ETFs for listing at all national security exchanges.
It was already known that the hijacking involved a “ SIM swap ,” or when a fraudster tricks a mobile carrier into cloning the victim’s mobile phone number to a new SIM card, which can then be placed into the fraudster’s own phone. In this case, an SEC employee’s mobile phone number was taken over, paving a way to help the attacker access and control the SEC’s social media account on X.
The indictment against Council shows he pulled off the SIM swap with the help of an ID card printer, and by claiming he was an FBI employee, which managed to fool a worker at the mobile carrier AT&T.
According to the 9-page indictment, an SEC employee, simply referred to as “C.L.” was targeted in the SIM swap. Council’s unnamed co-conspirators were able to identify that C.L. had their mobile phone number linked to SEC’s account on X. In addition, Council’s hacking gang was able to steal the personal information of C.L.. The data was then used to create an ID card template of C.L., except the gang used a photo of Council for the headshot.
Using an identification card printer, Council then created the fake ID, with the plan of impersonating C.L. at a local AT&T store to trick the company in performing the SIM swap. That’s when Council allegedly went out of his way to pretend that he was working for the feds while talking to an AT&T employee.
“COUNCIL claimed to be an FBI employee who broke his phone and needed a new SIM card, and thereby obtained a new SIM card tied to C.L.'s account,” the indictment says. With the new SIM card in hand, Council then proceeded to buy a new iPhone and placed the SIM card inside, which led to him to “receive two-factor security reset codes” to access the @SECGov account on X.
The case underscores how it can be relatively easy for fraudsters to pull off a SIM swap once the target's personal information has been collected. SIM swaps have also been used to hijack accounts belonging to celebrities and cryptocurrency owners, which has led to a surge in such attacks. In response, the FCC has been working on implementing new rules at carriers to prevent SIM swaps.
As for Council, he was ironically later caught by the FBI. How federal investigators did so isn’t exactly clear. But it looks like the FBI used a warrant to seize Council’s internet browsing history. In his arrest, the Justice Department noted that Council “later conducted internet searches for ‘SECGOV hack,’ ‘telegram sim swap,’ ‘how can I know for sure if I am being investigated by the FBI,’ and ‘What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them.’”
Council has since been charged with conspiracy to commit aggravated identity theft and access device fraud. “If convicted, he faces a maximum penalty of five years in prison,” the Justice Department added.
