$3 Million Frozen in Cyber-Fraud Case

By Ellen Nakashima
Washington Post Staff Writer
Thursday, March 8, 2007

A federal judge has frozen $3 million belonging to an Eastern European cyber-ring in an online stock manipulation case involving seven major brokerages, the largest asset freeze to date in such cases.

The ring's members lived in Russia, Latvia, Lithuania and the British Virgin Islands, and netted at least $733,000 from December 2005 to December 2006 in a complex scheme that combined hacking with traditional "pump-and-dump" market manipulation, the Securities and Exchange Commission alleged in a complaint filed Tuesday in U.S. District Court in Washington.

Using a technique growing in popularity with cyber-criminals, the hackers cloaked their electronic footprints by hijacking the Internet protocol addresses of unrelated third parties across the United States, the SEC said yesterday.

The ring's money is in 75 accounts kept by a Raleigh, N.C., securities broker, Pinnacle Capital Markets, in the name of a Latvian bank, JSC Parex Bank, the SEC said. The $3 million represents the profit the hackers allegedly made and the brokerages' loss to reimburse clients.

The freeze order, which District Judge Ricardo M. Urbina issued Tuesday evening, is the first step in a legal process to seek recovery of the money and impose civil penalties.

This is the third online financial fraud case the SEC's enforcement division has brought since December. The first involved a Russian man who allegedly stole $354,000. In the second, a Florida man allegedly took $83,000 in a similar scheme and wired it to a bank account in Latvia.

Since 2005, the SEC has been investigating breaches into dozens of online trading accounts at multiple U.S. brokers. Companies have reported losing at least $22 million because of online account fraud.

What the cases have in common is the mode of operation. First, the intruders buy shares of thinly traded companies, sometimes called penny stocks, using their own online accounts. Next, they use the Internet to gain unauthorized access to online investors' user names and passwords. With that personal information, the hackers break into the victims' online accounts, sell existing stocks and use the proceeds buy shares of the penny stocks held in their own accounts.

The purchases create the appearance of trading activity and pump up the stock price. Then, at the height of the pump, the hackers sell their stocks and turn a profit.

The hackers often steal investors' account information by using keystroke-logging programs, a type of spyware that enables one computer user to remotely monitor the keystroke activity of another, Thomas P. Conroy, an SEC market surveillance specialist, said in a declaration in support of the agency's case.

"The modern intrusion manipulation scheme is an exponentially growing problem that has resulted in large losses to investors and the brokerage industry," Conroy said.

The case began in December 2005 when NASD, the securities industry's regulator, notified the SEC of an intrusion into a Merrill Lynch customer account. The SEC inquiry spread to almost 40 U.S. customer accounts with the brokerages E-Trade Securities, Scottrade, TD Ameritrade, Vanguard Brokerage Services, Fidelity Investments, and Charles Schwab. It involved at least 15 stocks traded on the Nasdaq Stock Market, the SEC said.

The SEC expects to identify the 20 or so ring members through "expedited discovery," officials said.

The case was brought in Washington in part because it is the residence of one of the victims, whose account lost $23,500. All the victims were reimbursed by their brokerages, SEC officials said.

© 2007 The Washington Post Company