Total Tests:

US SEC Hacker Receives a 14-month Prison Sentence

Read also: Major law enforcement effort brings down Lumma infostealer linked to 10M infections, 12 suspects charged for $263M crypto thefts, and more.


Thursday, May 22, 2025
Views: 1.3k Read Time: 4 min.

US SEC Hacker Receives a 14-month Prison Sentence

US SEC hacker receives a 14-month prison sentence

Eric Council Jr., 26, of Huntsville, Alabama, was sentenced to 14 months in prison and three years of supervised release for his involvement in the unauthorized takeover of the US Securities and Exchange Commission’s (SEC) X (formerly Twitter) account. Council pleaded guilty to conspiracy to commit aggravated identity theft and access device fraud.

In the scheme, Council and co-conspirators used a fraudulent SIM swap to hijack the SEC’s account and falsely announce the approval of Bitcoin Exchange Traded Funds (ETFs), causing a temporary spike of over $1,000 in Bitcoin's price. The price later dropped by more than $2,000 after the announcement was debunked. Council created a fake ID using stolen personal information to impersonate a victim and access their phone number, enabling the account breach. He was paid in Bitcoin for his role in the scheme.

In an unrelated case, David Kee Crees, a 26-year-old Australian hacker known online as “DR32” and by several aliases, including “Abdilo” and “Notavirus,” was sentenced in a US court. Despite facing a 22-count indictment related to cybercrimes committed between June 2020 and July 2021, including targeting a ransomware group and seven unnamed victims, Crees received a surprisingly lenient sentence.

After being extradited from Australia in 2022 and pleading guilty in January 2025, he was sentenced to time served, having been detained since early 2024. Additionally, he received one year of supervised release with special conditions and was ordered to pay a $1,400 special assessment fee.

Police and cybersecurity experts dismantle Lumma infostealer operation

Europol’s European Cybercrime Centre, in partnership with Microsoft, has disrupted Lumma Stealer, the world’s largest infostealer malware operation. The coordinated action targeted Lumma’s cybercriminal ecosystem, which facilitated the large-scale theft and sale of personal and financial data.

Lumma enabled cybercriminals to harvest sensitive data and operate a marketplace that facilitated identity theft and fraud.

Between March 16 and May 16, 2025, over 394,000 Windows devices infected with Lumma have been identified, Europol said. A follow-up operation disrupted Lumma’s communications with infected systems. Over 1,300 domains were seized or transferred to Microsoft, with 300 of those directly actioned by law enforcement. The domains are now redirected to Microsoft sinkholes to prevent further harm.

In parallel, the US Department of Justice took down Lumma’s control panel, while Microsoft and Japan’s Cybercrime Control Center (JC3) dismantled parts of the infrastructure based in Japan. At present, there are no reports of any arrests being made as part of the takedown.

12 suspects charged in RICO conspiracy for over $263 million crypto thefts

US authorities charged 12 individuals—both US citizens and foreign nationals—in a sophisticated cyber-enabled racketeering conspiracy that stole over $263 million in cryptocurrency. The operation ran from at least October 2023 to March 2025 and originated from friendships developed on online gaming platforms. Several suspects were arrested in California, while two remain at large in Dubai.

The group operated as a structured criminal enterprise with members taking on various roles, including database hackers, organizers, callers, money launderers, and burglars. They obtained cryptocurrency-related data via hacks or Dark Web purchases, identified high-value targets, and used social engineering tactics to trick victims into giving access to their accounts. Some members physically burglarized homes to steal hardware wallets.

The stolen cryptocurrency funded lavish lifestyles, including nightclub services costing up to $500,000 per night, luxury goods, private jets, rental homes in elite US locations, and a fleet of 28 exotic cars. Money laundering methods included peel chains, VPNs, mixers, and the use of fake identities and shell companies.

One major theft involved over 4,100 Bitcoin (worth $230 million) from a victim. In another, $14 million in crypto was stolen. Even while in pretrial detention after his 2024 arrest, ringleader Malone Lam allegedly continued coordinating criminal activity, including having luxury Hermes bags delivered to his girlfriend in Miami. Members also used stuffed animals to hide and ship bulk cash via US mail and ran unlicensed crypto-to-cash operations.

ImmuniWeb Newsletter

Get Cybercrime Weekly, invitations to our events and webinars in your inbox:


Private and Confidential Your data will stay private and confidential

US student pleads guilty to the PowerSchool data extortion scheme

Matthew D. Lane, a 19-year-old student at Assumption University in Massachusetts, has agreed to plead guilty to a series of serious cybercrimes, including cyber extortion, unauthorized access to protected computers, and aggravated identity theft. According to authorities, Lane and accomplices hacked into the networks of two US-based companies to steal and threaten to leak sensitive data unless ransom payments were made.

One of the victims was reportedly PowerSchool, a popular education software provider serving over 6,500 school districts. In late December 2024, Lane accessed PowerSchool's customer support system, compromising personal data of over 60 million students and 10 million teachers. The data included highly sensitive information such as Social Security numbers, medical records, and residential details.

Lane also targeted a telecommunications company in early 2024, demanding $200,000 in ransom, and infiltrated another software firm’s network by using stolen credentials. He allegedly transferred the stolen data to a server in Ukraine and later issued a $2.85 million Bitcoin ransom demand, threatening to leak the stolen information globally.

Lane faces up to five years in prison for each of the cyber-related charges and a mandatory two-year sentence for aggravated identity theft, along with potential fines reaching $250,000 or more.

Suspected AnonSec member arrested for launching multiple DDoS attacks on Indian websites

Indian authorities have arrested 18-year-old Jasim Shahnawaz Ansari in Nadiad, Gujarat, for allegedly being part of a hacktivist group called AnonSec, which launched Distributed Denial-of-Service (DDoS) attacks on over 20 Indian government websites.

According to authorities, Ansari, a school dropout with self-taught programming skills, and several juvenile accomplices created a Telegram group to coordinate the attacks. The targets included websites related to defence, finance, aviation, urban development, and state governments.

The investigation revealed that the group used publicly available tools and apps like TERMUX and PYDROID3, learning techniques from YouTube and GitHub.

The Gujarat Anti-Terrorism Squad (ATS) charged Ansari under Sections 66(F) (cyberterrorism) and 43 (unauthorized access) of the Information Technology Act. The juveniles involved will be handled under the Juvenile Justice Act.

What’s next:

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.
Book a Call Ask a Question