Out-Law News 2 min. read

Stock account hacked to buy hacker's options

A 19-year-old from Pennsylvania has been charged with hacking into an investor's on-line brokerage account and using it to purchase his own soon-to-be worthless options in Cisco stock, saving himself around $37,000 in trading losses.

Van Dinh took great pains to conceal his identity and evade detection, assuming various on-line aliases, using multiple e-mail accounts, and employing foreign ISPs and several on-line anonymising web sites, according to the SEC complaint filed against him last week.

The complaint alleges that Dinh this year purchased over 9,100 Cisco Systems 'put option contracts' with a 19th July, 2003 expiration date for $10 per contract. These options gave Dinh the right to sell Cisco common stock at a price of $15 per share, but would expire worthless if the price of Cisco stock stayed above $15 per share.

As 19th July approached, it became increasingly likely that the Cisco options would expire worthless. So, on 7th July, the SEC says that Dinh contacted several members of investment analysis site stockcharts.com, to obtain their e-mail addresses.

The next day, using a second alias, Dinh e-mailed the members who had responded to his earlier inquiry and invited them to test a new stock-charting tool.

The e-mail invitation from Dinh directed the recipients to a web site featuring a downloadable version of the purported stock-charting tool. In reality, the program was a disguised version of "The Beast," a keystroke-logging program that allowed Dinh to remotely monitor the computer activity of those who downloaded it.

At least one recipient of Dinh's 8th July e-mail, a TD Waterhouse on-line brokerage customer, unwittingly downloaded and installed The Beast on his home computer, thereby enabling Dinh to monitor his computer activities, identify his on-line brokerage account, and steal his log-in and password information.

On the morning of 11th July, eight days before their expiration, Dinh's Cisco options were more than $3 "out of the money." Nevertheless, Dinh accessed his personal on-line brokerage account and, says the SEC, placed a series of orders to sell his Cisco options at $5 per contract.

These sell orders went unfilled until Dinh infiltrated the TD Waterhouse account and placed corresponding orders to buy the Cisco options at the $5 contract price.

Each of these buy orders was executed against sell orders from Dinh's own account, until Dinh had sold 7,200 of his Cisco option contracts and depleted virtually all of the available cash in the TD Waterhouse account.

Inevitably the investor contacted the authorities when he discovered that his account had been emptied and that he was now the owner of worthless stock options. Investigators found Dinh within a few days.

The SEC has brought charges against Dinh for repayment of the money and undisclosed damages. He also faces criminal charges, brought by the Massachusetts District Attorney, for securities fraud, mail and wire fraud, and causing damage in connection with unauthorised access to a protected computer

The SEC's John Reed Stark said:

"This case should remind investors using the internet to review their brokerage statements carefully every month, to check the bona fides of any potential download and to take security measures, such as using an anti-virus shield and employing a firewall, in order to avoid computer viruses, worms and other intrusion programs."

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.