- Are your Venmo transactions still public? Here's why - and how - to change that ASAP
- LG's Gram Pro has record-breaking portability, but that's not my favorite feature (and it's on sale)
- This HP Chromebook made living without Windows easier than I expected (and it's on sale)
- macOS Vulnerability Could Expose User Data, Microsoft Warns
- Buy 3 months of Xbox Game Pass Ultimate for 28% off with this deal
US Arrest Man for SEC X Account Hack
A man has been arrested on charges related to the hack of the US Securities and Exchange Commission (SEC)’s X (formerly Twitter) account in January 2024, which resulted in a Bitcoin price spike.
The Department of Justice (DoJ) said the individual, named as Eric Council Jr, aged 25 from Alabama, is alleged to have conspired to with others to take unauthorized control of the SEC’s X account, posting a fake announcement that the agency has approved Bitcoin Exchange Traded Funds.
The false post on January 9, made in the name of SEC Chair Gary Gensler, resulted in the price of Bitcoin surging by more than $1000 per coin.
Shortly after, the SEC regained control over its X account to confirm that the post was unauthorized and the result of a security breach. Following this corrective disclosure, the value of Bitcoin decreased by more than $2000 per coin.
The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— U.S. Securities and Exchange Commission (@SECGov) January 9, 2024
Council has been charged with one count of conspiracy to commit aggravated identity theft and access device fraud. If convicted, he faces a maximum penalty of five years in prison.
Sim-Swapping Hack Threatened Integrity of Financial Markets
X’s safety team revealed the takeover was due to the hijack of a phone number associated with the @SECGov account in a SIM-swapping attack. The SEC later confirmed this was the source of the hack.
Court documents allege that Council and the co-conspirators created a fraudulent identification document in the victim’s name to impersonate the victim.
They then took over the victim’s cell phone account and accessed the online social media account linked to the victim’s cell phone number for the purpose of accessing the SEC’s X account. This enabled the hackers to generate the fraudulent post in the name of SEC Chairman Gensler.
The SEC’s X account did not have two-factor authentication (2FA) enabled at the time of the hack, resulting in calls for an investigation by US lawmakers into the agency’s cybersecurity practices.
US law enforcement agencies emphasized the seriousness of hacks that attempt to manipulate financial markets, potentially leading to destabilization globally.
Acting Special Agent in Charge David E. Geist of the FBI Washington Field Office Criminal and Cyber Division, commented: “SIM swapping is a method bad actors exploit to illicitly access sensitive information of an individual or company, with the intent of perpetrating a crime. In this case, the unauthorized actor allegedly utilized SIM swapping to manipulate the global financial market. The FBI will continue to work tirelessly with our law enforcement partners around the country and globe to hold accountable those who break US laws.”
Image credit: CryptoFX / Shutterstock.com
