Prosecutors said that Eric Council Jr., 25, of Athens, Alabama, was part of a criminal group that aimed to profit by publicizing the fake decision to drive a spike in the value of bitcoin and then sell large amounts of the currency they had acquired at a much lower price. Council’s alleged role in the conspiracy was to take control of a phone number that received text messages that received two-factor authentication codes for the SEC account.
Anatomy of a SIM swap
The indictment, filed in US District Court for the District of Columbia, lays out, step by step, how the alleged SIM swap worked:
12. COUNCIL, and others, executed a SIM swap of the cellular telephone account associated with victim C.L., among others, in order to obtain things of value.
a. On or about January 9, 2024, a co-conspirator identified victim C.L. as having authorized access over the telephone number linked to the SECGov
X account.b. On or about January 9, 2024, COUNCIL received instruction from a coconspirator to perform a SIM swap of victim C.L.’s cellular telephone account, which was maintained by AT&T.
c. On or about January 9, 2024, COUNCIL traveled to an AT&T store in Huntsville, Alabama and presented an identification card in C.L.’s name. COUNCIL claimed to be an FBI employee who broke his phone and needed a new SIM card, and thereby obtained a new SIM card tied to C.L.’s account (the “C.L. SIM card”).
d. On or about January 9, 2024, after obtaining the C.L. SIM card, COUNCIL walked to a Huntsville Apple store and purchased a new iPhone for the purpose of effectuating the SIM swap. COUNCIL then inserted the C.L. SIM card into this iPhone in order to receive two-factor security reset codes associated with the @SECGov X account.
e. On or about January 9, 2024, COUNCIL received the “X confirmation code” to reset the @SECGov X account and promptly transmitted this code to a co-conspirator.
f. On or about January 9, 2024, a co-conspirator used this fraudulently obtained security code to gain access to the @SECGov X account.
g. On or about January 9, 2024, a co-conspirator, using such access, issued a fraudulent tweet on the @SECGov X account in the name of the SEC Chairman, falsely announcing the approval by the SEC of BIC ElF’s.
h. On or about January 9, 2024, after receiving the reset codes, COUNCIL drove to Birmingham, Alabama to return the iPhone for cash.
After the SIM swap was performed, prosecutors said, Council then performed Internet searches that incriminated him in the fraud conspiracy. The searches included: “SECGOV hack,” “telegram sim swap,” “how can I know for sure if I am being investigated by the FBI,” and “What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them.”