Getty Images
“What are the signs the FBI is after you?” is one of the searches the suspected hacker made, according to court documents.
A man arrested in connection with the hack of the US markets regulator's X account searched “how can I know for sure if I am under investigation by the FBI”, according to court documents.
Eric Council Jr., 25, of Athens, Georgia, also allegedly looked for “signs that you are under investigation by law enforcement…even if they have not contacted”.
He is accused of being part of a group that hacked the Securities and Exchange Commission's (SEC) social media channels in January to post a fake message about Bitcoin, causing the cryptocurrency's value to rise.
The regulator previously admitted that a key security step to access its X account had been removed.
The message sent by hackers to the SEC's X account falsely claimed that the regulator had allowed Bitcoin to be part of traditional investment funds.
This caused the price of the cryptocurrency to rise by around $1,000 (£770), according to the US Department of Justice, before falling by $2,000 when it was proven to be false.
Despite the confusion caused by the hack, the SEC later approved Bitcoin as a mainstream investment, through so-called Bitcoin spot exchange-traded funds.
According to court documents, Eric Council Jr presented himself online under the aliases Ronin, Easymunny and AGiantSchnauzer and searched for “SECGOV hack” and “Telegram sim swap.”
He also allegedly searched for “federal identity theft law” and “how long does it take to delete a Telegram account.”
Telegram is a messaging app with over 950 million monthly active users.
How was the SEC hacked?
The SEC confirmed that his account was compromised by a Sim Swap attack.
This is when someone fraudulently asks a mobile operator to apply an existing phone number to a new SIM card.
In this case, the alleged perpetrator is accused of creating a fake ID with the contact information of an SEC employee that was passed to him by co-conspirators.
He then allegedly used this information to transfer the employee's cell number to a new Sim.
The co-conspirators allegedly used access codes sent to the phone to log into the SEC's X account.
This was made easier due to the lack of adequate protection on the account.
SEC staff had asked X in July 2023 to suspend multi-factor authentication (MFA), a security measure used to help verify who is logging in.
He then re-enabled MFA after the hack.
Eric Council Jr. is charged with one count of conspiracy to commit aggravated identity theft and access device fraud.
If convicted, he faces up to five years in prison.
