An Alabama man is pleading guilty after being charged with SIM swapping the Securities and Exchange Commission’s (SEC) X account in January last year.

Twenty-five-year-old Eric Council Jr was charged with the offense in October and the Justice Department said at the time he was part of a group who attempted to manipulate the price of cryptocurrencies to their advantage.

Announcing Council’s guilty plea on Monday, the department did not mention the motives behind the incident, but once again noted that the price of Bitcoin rose by more than $1,000 after the SEC’s account falsely confirmed the approval of BTC Exchange Traded Funds.

The approval decision was one that was being watched by the markets intently and when it seemingly came from then-SEC chair Gary Gensler, they reacted in kind. 

After the SEC regained access to its account and explained that the statement was false, the price of Bitcoin dropped by more than $2,000 per token.

The fake confirmation was issued on January 9, 2024, and the SEC announced the approval of Bitcoin ETFs for real the following day.

Council’s role in the scheme was to SIM-swap his way into the account, for which he was allegedly paid in, you guessed it, Bitcoin.

SIM-swapping can be a highly effective method of gaining access to an account of an attacker’s choosing, when the account is protected using SMS-based two-factor authentication (2FA).

It’s one adopted by the likes of the Scattered Spider gang and has led to some highly lucrative and damaging attacks being carried out, such as the ransomware hit on MGM Resorts.

As most Reg readers know, a SIM swap typically sees the attacker convincing a network carrier that they are indeed the genuine victim, after which the attacker requests that “their” phone number be reassigned to a device they control.

In this case, the orginal [PDF] indictment claims Council used an ID card printer to generate a seemingly legitimate version of the SEC X account holder’s identity document using personal data provided by other members of the scheme.

Council then took the spoofed ID card and entered one of AT&T’s retail stores in Huntsville to acquire a SIM linked to the victim’s account, says the complaint. He later strolled into an Apple store to purchase a new iPhone which was then used to receive the victim’s 2FA codes, say prosecutors. Council then forwarded the SMS-based 2FA code over to his friends, who did the rest.

The Justice Department said the other schemers were responsible for accessing and ultimately manipulating the markets. Council was just the SIM-swapper. He also returned the iPhone to a different store in Birmingham in exchange for cash, says the DoJ.

That wasn’t the end of the ordeal, however. The indictment also notes highlights from Council’s alleged search history after the incident, suggesting a degree of paranoia about his role in the scheme. 

The Athens man was said to have searched for the following terms, among others:

• ‘SECGOV hack’ (@SECGov is the handle of the SEC’s X account)

• ‘Telegram SIM swap’

• ‘How can I know for sure if I am being investigated by the FBI’

• ‘What are the signs that you are being investigated by law enforcement or the FBI even if you have not been contacted by them’

• ‘What are some signs that the FBI is after you’

• ‘Verizon store list’

• ‘Federal identity theft statute’

• ‘How long does it take to delete a Telegram account’

Council pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud and is set to be sentenced on May 16. ®