US SEC hacker gets 14 months in prison

US SEC hacker gets 14 months in prison

An Alabama man was sentenced to 14 months in US prison and three years of supervised release for his role in the unauthorized takeover of the US Securities and Exchange Commission’s (SEC) social media account on X (formerly known as Twitter).

Eric Council Jr., 26, of Huntsville, pleaded guilty in February to conspiracy to commit aggravated identity theft and access device fraud, according to the US Department of Justice.

Court documents revealed that Council conspired with others to gain control of the SEC’s official X account, which was then used to falsely announce that the agency had approved Bitcoin (BTC) Exchange-Traded Funds (ETFs), a move that sent shockwaves through financial markets.

The announcement, made via a fake post purporting to be from SEC Chairman Gary Gensler, led to a spike in Bitcoin’s value, increasing by more than $1,000 per BTC. However, once the post was debunked, BTC prices plunged by more than $2,000, triggering volatility and concern among investors and regulators alike.

Federal investigators say the group gained access to the SEC’s account through a technique known as SIM swapping. Council executed the SIM swap by creating a fake identification card using a printer and personally identifiable information provided by co-conspirators. He then impersonated a victim to fraudulently gain control of the victim’s phone number. This allowed the group to bypass security measures and seize control of the SEC’s X account.

Once the account was compromised, Council’s co-conspirators posted the false information regarding Bitcoin ETF approval. Council was later paid in Bitcoin for his participation in the scheme.

In an unrelated case, David Kee Crees, a 26-year-old Australian hacker known online as “DR32” and “Abdilo,” “Notavirus,” “Surivaton”, and “Grey Hat Mafia’s Bitch,”was sentenced in a federal court in Colorado. Crees had been extradited to the US following a 22-count indictment related to cybercrimes committed between June 2020 and July 2021, including data sales and connections to a ransomware group. The case stemmed largely from an undercover operation by the US Department of Homeland Security, where agents posed as buyers and obtained incriminating evidence. Although extradited in 2022, Crees didn’t appear in US court until early 2024 and ultimately pleaded guilty in January 2025, avoiding a trial set for August. The sentence handed down was notably different from what many had anticipated.


Back to the list

Latest Posts

Cyber Security Week in Review: June 20, 2025

Cyber Security Week in Review: June 20, 2025

In brief: the Langflow, TP-Link and Zyxel flaws exploited in the wild, Russian hackers use ASPs to infiltrate victims’ email accounts, and more
20 June 2025
Russian-linked hackers exploit Google App passwords in email espionage campaign

Russian-linked hackers exploit Google App passwords in email espionage campaign

Victims were tricked into creating and sharing ASPs under the mistaken belief that they are enabling secure communication with the US Department of State.
19 June 2025
FBI-wanted member of ransomware gang arrested in Ukraine, extradited to the US

FBI-wanted member of ransomware gang arrested in Ukraine, extradited to the US

Using custom-developed malware, including ransomware such as LockerGoga, MegaCortex, HIVE and Dharma, the hackers encrypted data on corporate networks.
18 June 2025