In the January 27, 2012 issue of The Wall Street Journal, Jean Eaglesham and Andrew Ackerman wrote an article with the title “SEC Says Latvian Hacked Accounts: Commission Alleges Four Firms Helped Trader Make Unauthorized Online Stock Purchases and Sales.” The article describes the apparent unwitting complicity by four U.S.-based electronic trading firms in a pump-and-dump fraud scheme supposedly perpetrated by a Latvian hacker. According to the article, the alleged perpetrator hacked into the online brokerage accounts at large broker-dealers from mid-2009 until August 2010 resulting in $2 million in losses at those firms. The fraudster is believed to have used the hijacked accounts to affect the prices of more than 100 stocks and the hacker traded those stocks through electronic trading firms, which are the targets of an SEC enforcement action. The hacker is reported to have netted $850,000 in “illegal profits.”
What is interesting to me is the similarity of this operation to one that occurred more than five years ago. In a major 2006 fraud, detailed in an October 24, 2006 Computerworld article by Eric Lal with the title “Identity thieves hit customers at TD Ameritrade, E-Trade: Stock fraud scheme involving overseas hackers cost $22M in losses,” the perpetrators opened online brokerage accounts and bought substantial quantities of penny stocks. The article is available at http://www.computerworld.com/s/article/9004416/Identity_thieves_hit_customers_at_TD_Ameritrade_E_Trade The thieves also obtained account access information and logged into existing accounts (or created false accounts) in order to buy large amounts of the same penny stocks. When the prices rose due to their purchases into the hijacked accounts, they sold their holdings of those stocks from their previously-established accounts and pocketed the profits to the tune of at least $22 million. TD Ameritrade compensated legitimate customers, whose accounts had been hijacked, for $4 million in losses, and E-Trade paid out $18 million.