[ISN] Hackers Zero In on Online Stock Accounts

From: InfoSec News (alerts@private)
Date: Tue Oct 24 2006 - 22:21:01 PDT


http://www.washingtonpost.com/wp-dyn/content/article/2006/10/23/AR2006102301257.html

By Ellen Nakashima
Washington Post Staff Writer
October 24, 2006

Hackers have been breaking into customer accounts at large online 
brokerages in the United States and making unauthorized trades worth 
millions of dollars as part of a fast-growing new form of online fraud 
under investigation by federal authorities.

E-Trade Financial Corp., the nation's fourth-largest online broker, said 
last week that "concerted rings" in Eastern Europe and Thailand caused 
their customers $18 million in losses in the third quarter alone.

Another company, TD Ameritrade, the third-largest online broker, also 
has suffered losses from customer account fraud, but a spokeswoman 
declined to quantify the amount yesterday. "It is an industry problem," 
spokeswoman Katrina Becker said. "It does continue to grow."

Federal regulators cited recent cases in which hackers gained access to 
customer accounts at several large online brokers and used the 
customers' funds to buy certain stocks. The hackers appeared to be 
trying to drive up share prices so they could sell those stocks at a 
profit, regulators said.

The Securities and Exchange Commission and the FBI are looking into 
E-Trade's cases, chief executive Mitchell H. Caplan said in an earnings 
conference call with reporters last week. Spokesmen for the SEC and FBI 
declined to discuss details of those cases.

Both E-Trade and TD Ameritrade have guaranteed that they will cover 
their clients' losses, even though they are not required to do so by 
law. But the problem is growing faster than public awareness of it, 
federal regulators said, noting that the fraud is fed by the rising use 
of the Internet for personal finance and the easy availability of 
snooping software that allows hackers to steal personal account 
information.

"Although these schemes cleverly combine aspects of securities fraud, 
identity theft and hacking, what they really boil down to is outright 
thievery," said John Reed Stark, chief of the Office of Internet 
Enforcement at the SEC. "In the last couple of months we have seen a 
marked increase in online brokerage account intrusions."

More than 10 million people have bought or sold investments online in 
the United States in the last few months, according to Avivah Litan, a 
securities analyst for the Stamford, Conn.-based Gartner Inc.

The scams typically begin with a hacker obtaining customer passwords and 
user names, experts said. One way is by placing keystroke-monitoring 
software on any public computer in a library, hotel business center or 
airport. With the software, all keystrokes entered on the computer can 
be recorded and e-mailed anywhere in the world.

Experts said all hackers have to do is wait until anyone types in the 
Web address of E-Trade, Ameritrade or another online broker, and then 
watch the next several dozen keystrokes, which are likely to include 
someone's password and login name.

These emerging Internet stock schemes appear to be new versions of the 
widely used "pump-and-dump" e-mail scams, in which spammers send out 
mass e-mails containing bogus news alerts intended to manipulate stock 
prices.

Stark said perpetrators are breaking into customer accounts and buying 
shares of thinly traded, microcap securities, also known as penny 
stocks. The hacker gains access using the customer's user name and 
password, then liquidates that person's existing stock holdings and uses 
the proceeds to buy shares in the microcap. The goal, regulators said, 
is to boost the price of a stock the hacker has already bought at a 
lower price in another account. The hacker then liquidates the stock and 
wires the money either to an offshore account or through a series of 
straw men, or dummy corporations, Stark said. The straw man may not know 
he is participating in fraud; he may have been told he is helping, say, 
an offshore business.

The entire operation can take a matter of minutes, or at most, hours.

"The unwitting victim opens the account in the morning and finds he or 
she owns thousands of shares in a microcap company that they have never 
heard of," Stark said.

Caplan said E-Trade recently made operational changes and added 
technology to thwart the criminals. "We've seen that level of fraud in 
the last three weeks or so reduced to almost zero . . . ," he said in 
the conference call.

Glen Mathison, a spokesman for Charles Schwab Corp., the largest online 
broker, said losses due to online identity theft and fraud have not 
reached "a material level" that would require disclosure to investors. 
But he added that Schwab also guarantees to reimburse clients for online 
losses caused by fraud.

Unlike banks, brokerage accounts are not protected by Federal Deposit 
Insurance Corp. and other federal banking rules that ensure consumers 
get their money back, so the consumer must rely on the company to cover 
any losses.

Ameritrade's Becker said the company advises clients to make sure they 
have good spyware detection software on their computers. Ameritrade's 
Web site also offers clients free software that helps detect or 
eliminate snooping programs.

In Canada, the Investment Dealers Association, the self-regulatory arm 
of Canada's securities industry, is looking into similar scams.

Online financial fraud has grown so serious that the Federal Financial 
Institutions Examination Council, a government entity that establishes 
standards for banks, has given U.S. financial institutions until Dec. 31 
to tighten security measures for accessing online accounts.

"This thing is so widespread and it has such a significant impact on the 
industry at large . . . that I think you're going to end up seeing 
structural changes in the industry," Caplan said.

-=-

Staff researchers Richard Drezen and Karl Evanzz contributed to this 
report.

Copyright 2006 The Washington Post Company


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Tue Oct 24 2006 - 22:25:08 PDT