SEC busts hacker for securities fraud, ID theft

The U.S. Securities and Exchange Commission (SEC) has filed civil charges against a Pennsylvania man for computer hacking and identity theft in a scheme last July to dump worthless options for Cisco stock.

The U.S. Securities and Exchange Commission (SEC) has filed civil charges against a Pennsylvania man for computer hacking and identity theft in a scheme last July to dump worthless options for Cisco stock.

The case against Van T. Dinh , 19, of Phoenixville, Pa., is the first time computer hacking and identity theft have both played a part in a fraud prosecution by the commission, the SEC said Thursday.

Dinh was arrested Thursday morning on the campus of Drexel University, where he claimed to be studying business, according to John Reed Stark, chief of the SEC Office of Internet Enforcement.

Dinh was motivated to commit the crime after being stuck with 7,200 worthless options contracts for Cisco stock. Exercising the options would have resulted in a loss of approximately $37,000, the SEC said, citing court documents filed in July.

In June, the Pennsylvania teenager paid $91,200 to buy more than 9,000 put options on Cisco stock, which gave him the right to sell the shares at or below $15 per share before July 19, 2003, according to a statement released by the U.S Attorney’s Office for the District of Massachusetts, which is also pursuing Dinh.

In the weeks following his purchase, however, Cisco stock hovered around $19 per share, making Dinh’s put options worthless, Stark said.

Instead, Dinh allegedly set up an elaborate scheme to unload the shares in a bogus transaction. First, the teenager allegedly lured participants in an online stock discussion group to download a key logging program that he claimed was stock-charting tool, the SEC said.

After using the program to monitor the information typed on victims’ machines, Dinh allegedly obtained the login and password information for a TD Waterhouse Investor Services online brokerage account owned by a Westborough, Mass., man.

With the victim’s account information in hand, Dinh used his own online brokerage account to create orders to sell the worthless options, then hacked into the victim’s online account and created corresponding buy orders for the options, the SEC said.

The transactions depleted around $46,986 from the victim’s brokerage account, according to the U.S. Attorney’s Office.

The SEC learned of the crime after being contacted directly by the victim, and launched an investigation which grew to include the FBI and U.S. Attorneys Office, he said.

Stark would not comment on how the 19-year-old obtained the money to buy the put options, but said that the SEC’s investigation into him was ongoing.

Dinh was also charged by the U.S. Attorney’s Office in Massachusetts with securities fraud, mail and wire fraud resulting from the illegal sale, the SEC said.

The SEC used the case to trumpet its online investigative technique, noting that the commission identified Dinh as the alleged culprit within days of the crime, despite his attempts to cover his tracks online through the use of multiple e-mail accounts and Web sites that enable Internet users to shield their identity.

A trail of both money and digital communications led from the victim’s computer back to Dinh, he said.

Unlike other kinds of transactions, those involving securities leave a detailed paper trail that is easy for investigators to track, Stark said.

In addition, key-logging software Dinh installed sent out a steady stream of e-mail messages that could be traced back to accounts under Dinh’s control. Ultimately, investigators were also able to trace the origin of both the sale and purchase of the options back to an IP address at the Phoenixville home of Dinh’s parents, Stark said.

If found guilty, Dinh could face a maximum term of 30 years in jail and a $1 million fine for the securities, mail and wire fraud charges, according to the U.S. Attorney’s Office.

The agency also said that the case should serve as a warning to investors who use online brokerage services. Users should be suspicious of programs they are asked to download and install and should use antivirus and firewall software to shield their computers from intrusions, the SEC said.