Feds Crack Hackers' Stock Manipulation Cybercrime


A U.S. federal judge this week agreed to freeze the assets of BroCo Investments and its president, Valery Maltsev, after Securities and Exchange Commission (SEC) investigators accused the firm of stealing investors' usernames and passwords to execute unauthorized trades that affected the stock price of more than three dozen companies.

In its complaint (PDF format), the SEC said the "hi-tech market manipulation scheme" took place between August 2009 and December 2009 when BroCo Investments employees or co-conspirators hacked into an unknown number of investors' online trading accounts to purchase stocks at above-market prices.

Within minutes of making the unauthorized transactions, the SEC claims BroCo then sold shares of these same stocks held in its own account at the artificially inflated prices, netting the hackers more than $250,000 in profits.

U.S. federal judge Richard Holwell granted the Commission's request to freeze the company's assets, including one account that holds assets of more than $500,000.

The SEC said the hackers will now be charged with violating Section 17(a) of the Securities Act of 1933, Section 10(b) of the Securities Exchange Act of 1934 and is looking to recover all the ill-gotten gains, as well as prejudgment interest and civil penalties.

A total of 38 companies trading on the NYSE and NASDAQ exchanged were targeted in the scam. SEC officials said the stocks were chosen because they were "thinly traded" and thus could be easily manipulated by placing just a handful of buy orders above their then-current trading price.

The SEC did not disclose which online trading companies were compromised in the scam.

The complaint also accused BroCo officials of covering short positions previously established in their account while placing unauthorized sell orders through the compromised accounts at substantially lower prices.

The popularity and convenience of online banking and stock trading services has not gone unnoticed by cyber crooks.

Last week, officials at UK-based private bank HSBC acknowledged that an employee stole more than 24,000 customer account files and then tried to sell them to other banks and international tax authorities.

In January, more than 1.2 million Lincoln Financial customers learned that their account and personal data was exposed after someone got their hands on a username and password used to access the financial services providers' portfolio management system.

UPDATE: BroCo has released a statement in response to the SEC's charges.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.