East European Hackers Invade Online Brokerage Accounts
Stark said that the recent surge in complaints to the SEC could be explained in part because “It’s easier and with all the spyware, and keystroke logging programs have become easier to use and more ubiquitous. More and more people are doing things online as well.”
The SEC is investigating both the online transactions and associated money-laundering activities of the hackers. In one scheme, Stark said, according to the Australian, spyware loaded on a victim’s computer, or a public computer, will email a brokerage account holder’s user name and password back to the hacker who will log on to the account and sell all the securities in it. The money is then wired out to various individuals, recruited by the hacker, who open bank accounts through which the money is laundered.
Another scheme, called “pump and dump,” according to Walter Ricciardi, deputy enforcement director for the SEC, involves the hacker purchasing stock in small companies held in the brokerage account, entering the brokerage account and liquidating these holdings, then using the proceeds to buy them for the hacker’s account, hoping to drive the price up. The proceeds from this scheme are wired to offshore accounts, Stark said.
European IT security professionals said they were more afraid of hackers than their mothers-in-law, with 70 percent identifying identity management as their biggest concern, according to a survey of delegates to the RSA Conference Europe, to be held this month in Nice. Web viruses were considered a greater threat than email viruses by 68 percent of the survey’s respondents. Mobile phone viruses were considered the least significant threat.
Online investors make about 25 percent of retail stock trades in the U.S. from approximately 10 million accounts, according to brokerage regulator NASD, Reuters says.
The SEC is working to track down the hackers and to educate online investors, Stark says,. Investors should never use an unfamiliar computer to access an account and should change passwords frequently.