Posted on 10/24/2006 2:10:51 PM PDT by PajamaTruthMafia
Third World hackers are sneaking into E*Trade and TD Ameritrade online stock-trading accounts and looting them in a massive pump, dump and run scheme.
Scammers from Eastern Europe and Asia are targeting the online traders in one of the biggest cases of identity theft to strike the U.S. securities industry.
In a conference call last week, E*Trade said it spent $18 million in the third quarter to compensate customers affected by trading fraud. TD Ameritrade said it also suffered losses because of bogus trading by unauthorized users who pried their way into customer accounts, but declined to specify an amount.
In many cases, criminals use personal information, such as Social Security numbers, to hack into users accounts. Once in control, they loot the accounts by selling securities and wiring out the proceeds far from the United States.
In one pump-and-dump scheme the Securities and Exchange Commission uncovered, thieves used customers money to drive up prices of little-traded stocks and then sold shares they bought earlier at a profit.
Its tough for online brokers to detect hackers because their activity looks as if the holder of the account is carrying out the trading, said Sunil James, head of the security engineering and response team at Arbor Networks - a Lexington-based network security provider.
Such concentrated attacks are often carried out using bot nets - networks of individual compromised computers, James said. Hackers can collect individuals personal information and then sell it to crime rings in other countries that conduct organized attacks against particular companies, he said.
Nothing happens piecemeal. Its usually large swipes that happen at one time because you want to get in and get out, James said.
James said financial traders will probably boost the layers of protection for online transactions to ensure users identities, but in the meantime brokers have a duty to teach customers how to avoid getting their data hacked.
One day people will wake up, and all of their electronic money will be gone.
I am surprised this hasn't happened before. It is certainly a logical extension of identity theft, and you can get anyone's SSN with only a minimal amount of starting data now.
I don't see any easy way to deal with this, though one starting point would be to require certificates to do any trading or transactions from a given account. This would certainly inconvenience customers who log in from remote machines, etc.
Mandatory 10 years for ID theft.
well if it is offshore hackers, this is not much of a deterrent. anyone us-based doing this would/should expect to be caught pretty quickly...
google your SS# and see if it's on the internet
"One day people will wake up, and all of their electronic money will be gone."
One day there will only be one currency and one bank worldwide to counter such theft.
And you will wear a mark on your forehead which will need to be scanned in order to make any transactions.
It's all been foretold thousands of years ago.
And the technology to do so is here.
BTTT
mine is not, but a friend tested an info service and sent me mine, along with all kinds of other historical address data.
quite depressing, I used to guard my SSN like a state secret.
holy cow!!!! thanks
Ping
Thanks for the ping- I heard about this today. The CEO of Ameritrade said that one of the major problems is with people who sign into their accounts from a public computer while they're in another country. How dumb can you get?
Sometimes, I think everyone but me uses mine.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.