A Pennsylvania teenager hacked into another person’s online brokerage account to trade options, U.S. officials charged on Thursday, raising questions about the security of online trading accounts.
THE U.S. ATTORNEY’S Office in Boston and the Securities and Exchange Commission said they filed criminal and civil securities fraud charges against Van Dinh, a 19-year-old resident of Phoenixville, Pa.
Concealing his identity to remotely capture other people’s usernames and passwords, Dinh tapped into the TD Waterhouse account of a 34-year-old Boston-area man.
Dinh then used the account and the man’s identity to buy put options — which are contracts to sell a stock — in common shares of Cisco Systems Inc. that Dinh owned and wanted to sell, officials alleged.
The case marks the first such action brought by the SEC against an Internet hacker for using another person’s account to make trades.
“I’ve not seen a case like this before,” said John Stark, head of the SEC Internet enforcement unit, which so far has brought 424 Internet-related actions since the unit opened in 1995, usually involving various stock manipulation schemes and stock touting.
Several attempts to reach Dinh, who is not yet represented by an attorney, by telephone were unsuccessful.
A spokeswoman for TD Waterhouse, a subsidiary of Canada’s No. 3 bank Toronto-Dominion Bank, said, “It is regrettable that an individual’s personal computer was hacked and information was stolen. The TD Waterhouse system was not compromised and remained safe and secure for our customers.”
The criminal and civil complaints were filed in a federal court in Boston, near where the victim resides in Westborough, Mass. The SEC said Dinh wanted to unload the options because Cisco’s share price was higher than the options’ strike price at which their owner could profitably sell Cisco shares.
Options give the holder the right to buy or sell a security, such as a stock or bond, for a preset price by a certain date.
On the morning of July 11, according to the SEC, Dinh used his own online account to place orders to sell his options contracts and then placed corresponding buy orders for 7,200 Cisco option contracts through the victim’s account.
Dinh used about $47,000 from the Boston man’s account and avoided losses of about $37,000 on his options, officials said.
From June 18 through June 27, Dinh bought 9,120 put options contracts at the strike price of $15 per share through an online trading account at Cybertrader.com, they said.
Each contract gave him the right to sell 100 shares at $15 per share until the expiration date of July 19 was reached. Dinh paid $10 per contract for a total of $91,200, they said.
Nine days before the expiration date, Cisco stock was trading at about $19 per share, making his put options potentially worthless and putting Dinh at risk of losing the entire $91,200 he paid to buy the options, the officials said.
In a warning to potential hackers, the SEC said it had tracked down Dinh “within days” of being notified by the victim because Dinh left so-called cyber “fingerprints” in a trail of e-mail accounts, foreign Internet service providers and Web sites that provide anonymity.
“To those who attempt to use the perceived anonymity of the Internet to victimize investors, our message remains clear: We will track you down and hold you accountable,” Linda Thomsen, a top SEC enforcement official, said in a statement.
To all investors who may feel complacent about the security of their online accounts, Stark warned that they should regularly read their account statements.
Prosecutors accused Dinh of mail fraud, wire fraud, securities fraud and causing damage from unauthorized access to a computer. The SEC said it is seeking to force Dinh to pay the money he avoided losing and an unspecified amount in civil penalties.
© 2003 Reuters Limited. All rights reserved. Republication or redistribution of Reuters content is expressly prohibited without the prior written consent of Reuters.