The US Securities and Exchange Commission has filed
civil charges against a Pennsylvania man for computer hacking and
identity theft in a scheme to dump worthless options for Cisco
Systems stock.
The case against 19-year-old Van Dinh is the first time computer
hacking and identity theft have both played a part in a fraud
prosecution by the commission.
Dinh was arrested yesterday on the campus of Drexel University,
where he claimed to be studying business. He was motivated to
commit the crime after being stuck with 7,200 worthless options
contracts for Cisco stock.
Exercising the options would have resulted in a loss of
approximately $37,000, the SEC said,.
In June, the Pennsylvania teenager paid $91,200 to buy more than
9,000 put options on Cisco stock, which gave him the right to sell
the shares at or below $15 a share before 19 July..
In the weeks following his purchase, however, Cisco stock
hovered around $19 per share, making Dinh's put options worthless.
he then allegedly set up an elaborate scheme to unload the shares
in a bogus transaction.
First, the teenager allegedly lured participants in an online
stock discussion group to download a key logging program claimed to
be a stock-charting tool.
After using the program to monitor the information typed on
victims' machines, Dinh allegedly obtained the login and password
information for an online brokerage account owned by a man in
Massachusetts.
With the victim's account information in hand, Dinh used his own
online brokerage account to create orders to sell the worthless
options, then hacked into the victim's online account and created
corresponding buy orders for the options.
The transactions removed around $46,986 from the victim's
brokerage account.
The SEC learned of the crime after being contacted by the
victim, and launched an investigation which grew to include the FBI
and the US Attorneys Office.
Dinh was also charged by the Attorney's Office with securities
fraud, mail and wire fraud resulting from the illegal sale, .
The SEC used the case to trumpet its online investigative
technique, noting that the commission identified Dinh as the
alleged culprit within days of the crime, despite his attempts to
cover his tracks online through the use of multiple e-mail accounts
and websites which enable internet users to shield their
identity.
A trail of both money and digital communications led from the
victim's computer back to Dinh, he said.
Key-logging software Dinh installed sent out a steady stream of
e-mail messages that could be traced back to accounts under his
control. Ultimately, investigators were also able to trace the
origin of both the sale and purchase of the options back to an IP
address at the Phoenixville home of Dinh's parents.
If found guilty, Dinh could face a maximum term of 30 years in
jail and a $1m fine for the securities, mail and wire fraud
charges.
The case should serve as a warning to investors who use online
brokerage services. Users should be suspicious of programs they are
asked to download and install and should use antivirus and firewall
software to shield their computers from intrusions, the SEC
advised.
Paul Roberts writes for IDG News Service