The US Securities and Exchange Commission has filed civil charges against a Pennsylvania man for computer hacking and identity theft in a scheme to dump worthless options for Cisco Systems stock.
The case against 19-year-old Van Dinh is the first time computer hacking and identity theft have both played a part in a fraud prosecution by the commission.
Dinh was arrested yesterday on the campus of Drexel University, where he claimed to be studying business. He was motivated to commit the crime after being stuck with 7,200 worthless options contracts for Cisco stock.
Exercising the options would have resulted in a loss of approximately $37,000, the SEC said,.
In June, the Pennsylvania teenager paid $91,200 to buy more than 9,000 put options on Cisco stock, which gave him the right to sell the shares at or below $15 a share before 19 July..
In the weeks following his purchase, however, Cisco stock hovered around $19 per share, making Dinh's put options worthless. he then allegedly set up an elaborate scheme to unload the shares in a bogus transaction.
First, the teenager allegedly lured participants in an online stock discussion group to download a key logging program claimed to be a stock-charting tool.
After using the program to monitor the information typed on victims' machines, Dinh allegedly obtained the login and password information for an online brokerage account owned by a man in Massachusetts.
With the victim's account information in hand, Dinh used his own online brokerage account to create orders to sell the worthless options, then hacked into the victim's online account and created corresponding buy orders for the options.
The transactions removed around $46,986 from the victim's brokerage account.
The SEC learned of the crime after being contacted by the victim, and launched an investigation which grew to include the FBI and the US Attorneys Office.
Dinh was also charged by the Attorney's Office with securities fraud, mail and wire fraud resulting from the illegal sale, .
The SEC used the case to trumpet its online investigative technique, noting that the commission identified Dinh as the alleged culprit within days of the crime, despite his attempts to cover his tracks online through the use of multiple e-mail accounts and websites which enable internet users to shield their identity.
A trail of both money and digital communications led from the victim's computer back to Dinh, he said.
Key-logging software Dinh installed sent out a steady stream of e-mail messages that could be traced back to accounts under his control. Ultimately, investigators were also able to trace the origin of both the sale and purchase of the options back to an IP address at the Phoenixville home of Dinh's parents.
If found guilty, Dinh could face a maximum term of 30 years in jail and a $1m fine for the securities, mail and wire fraud charges.
The case should serve as a warning to investors who use online brokerage services. Users should be suspicious of programs they are asked to download and install and should use antivirus and firewall software to shield their computers from intrusions, the SEC advised.
Paul Roberts writes for IDG News Service