A man arrested in connection with a hack of the US markets regulator’s X account searched “how can I know for sure if I am being investigated by the FBI,” according to court documents.
Eric Council Jr, 25, of Athens, Georgia, is also alleged to have searched for “signs that you are under investigation by law enforcement… even if you have not been contacted by them”.
He is accused of being part of a group which hacked the Securities and Exchange Commission (SEC) social media in January to make a fake post about Bitcoin, causing the cryptocurrency to surge in value.
The regulator previously admitted a key security step to access its X account had been removed.
The post sent by hackers on the SEC’s X account made the false claim the regulator had allowed Bitcoin to be part of mainstream investment funds.
This caused the price of the cryptocurrency to rise by about $1,000 (£770), according to the US Department of Justice, before falling by $2,000 when it was found to be untrue.
Despite the confusion caused by the hack, the SEC later approved Bitcoin to be a part of mainstream investment, through what are known as spot Bitcoin exchange-traded funds.
According to court documents, Eric Council Jr went under the aliases Ronin, Easymunny, and AGiantSchnauzer online, and searched “SECGOV hack” and “Telegram sim swap”.
He is also alleged to have searched “federal identity theft statute” and “how long does it take to delete Telegram account”.
Telegram is a messaging app with more than 950 million monthly active users.
How was the SEC hacked?
The SEC has confirmed its account was compromised by a Sim swap attack.
This is when someone fraudulently gets a mobile phone carrier to apply an existing telephone number to a new Sim card.
In this case, the alleged perpetrator is accused of creating a fake ID with the details of an SEC employee which were passed on to him by co-conspirators.
He is then alleged to have used these details to get the employee’s mobile number transferred to a new Sim.
Co-conspirators are alleged to have used access codes sent to the phone to login to the SEC’s X account.
This was made easier due to a lack of adequate protection on the account.
SEC staff had asked X in July 2023 to suspend multi-factor authentication (MFA), a security measure used to help verify the person logging in.
It subsequently re-enabled MFA after the hack.
Eric Council Jr is charged with one count of conspiracy to commit aggravated identity theft and access device fraud.
If found guilty, he could face up to five years in prison.
This article was originally published at www.bbc.com