East European Hackers Invade Online Brokerage Accounts

Using spyware loaded on public computers in internet cafes or hotels or attached to email messages to potential victims, hi-tech crooks, operating from remote locations, have been able to enter online brokerage accounts in the U.S. and either sell off the contents and take the proceeds or manipulate stock prices, according to regulators at the Securities and Exchange Commission (SEC), Reuters reports. “We’re seeing these frauds in offshore entities and persons, including those located in Eastern Europe,” said the agency’s chief of internal enforcement, John Stark, and the SEC is engaged in far-flung investigations.

Stark said that the recent surge in complaints to the SEC could be explained in part because “It’s easier and with all the spyware, and keystroke logging programs have become easier to use and more ubiquitous. More and more people are doing things online as well.”

The SEC is investigating both the online transactions and associated money-laundering activities of the hackers. In one scheme, Stark said, according to the Australian, spyware loaded on a victim’s computer, or a public computer, will email a brokerage account holder’s user name and password back to the hacker who will log on to the account and sell all the securities in it. The money is then wired out to various individuals, recruited by the hacker, who open bank accounts through which the money is laundered.

Another scheme, called “pump and dump,” according to Walter Ricciardi, deputy enforcement director for the SEC, involves the hacker purchasing stock in small companies held in the brokerage account, entering the brokerage account and liquidating these holdings, then using the proceeds to buy them for the hacker’s account, hoping to drive the price up. The proceeds from this scheme are wired to offshore accounts, Stark said.

European IT security professionals said they were more afraid of hackers than their mothers-in-law, with 70 percent identifying identity management as their biggest concern, according to a survey of delegates to the RSA Conference Europe, to be held this month in Nice. Web viruses were considered a greater threat than email viruses by 68 percent of the survey’s respondents. Mobile phone viruses were considered the least significant threat.

Online investors make about 25 percent of retail stock trades in the U.S. from approximately 10 million accounts, according to brokerage regulator NASD, Reuters says.

The SEC is working to track down the hackers and to educate online investors, Stark says,. Investors should never use an unfamiliar computer to access an account and should change passwords frequently.