The United States Securities and Exchange Commission filed suit against a 21-year-old Florida college student on Jan. 25 who is believed to be responsible for carrying out a sophisticated online “pump-and-dump” fraud scheme.
In the claim, filed in U.S. District Court of Florida, Washington-based SEC claims that Aleksey Kamardin, a resident of Tampa, masterminded a plot to break into online brokerage accounts and purchase shares of low-priced stocks to inflate the price of the shares. By purchasing the stocks shortly before driving up the their price via fraudulent trading and then selling them at premium, Kamardin was able to bilk the market for almost $83,000 in little over a month.
While many pump-and-dump operators utilize the time-honored approach of simply spamming favorable information about penny stocks, typically valued at well under $1, to large numbers of consumers in hopes that enough people will buy in, Kamardins ploy illustrates the growing ability of savvy hackers to steal money from businesses, individuals and even financial markets.
The SEC contends that after opening an account under his own name with online broker ETrade Securities on July 17 2006, Kamardin began executing his plan, buying shares in 17 different thinly traded companies and using hijacked online brokerage accounts to increase the value of the stock before selling it.
In each case, over a five-week period leading up until Aug. 25, the SEC maintains that either Kamardin or other unidentified parties broke into accounts hosted by ETrade, Scottrade, TD Ameritrade, JPMorgan Chase and Charles Schwab, among others.
While Kamardin realized a profit from his trading on all but three of the 17 stocks he manipulated, according to the SEC suit, the individual account holders and brokerage firms all suffered direct losses from the transactions. The alleged activity violated at least three SEC trading laws, according to the legal claim.
After clearing a total of $82,960 from his trades, the SEC contends, Kamardin wired his profits from his online brokerage account to a domestic bank account, and then transferred the funds to a second account owned by a Russian-born roommate. The roommate then immediately wired the money to a bank account located in Riga, Latvia.
Kamardin, who is a U.S. citizen and is identified in the claim as a student, is believed by the government to have fled to Russia to avoid prosecution.
The scheme allegedly carried out by Kamardin is almost identical to one perpetrated by another target of the SEC, operating out of Estonia, named Evgeny Gashichev. On Dec. 19, 2006, the watchdog agency froze the assets of Grand Logistic, an Estonia-based company purportedly operated by Gashichev that is accused of being involved in a similar pump-and-dump campaign.
The SEC claims that Grand Logistic targeted online brokerage accounts in the United States with the purpose of manipulating financial markets, and charged Gashichev, a Russian national, with conducting a fraudulent scheme involving the alteration of the prices of numerous stocks. The agency alleges that between Aug. 28 and Oct. 13, Grand Logistic and Gashichev made $353,609 in unlawful profits via at least 25 different account intrusions involving the trading accounts of 21 companies.
In most cases of pump-and-dump attacks, brokerage firms cover the costs of any intrusion-related losses for their customers.
In November 2006, researchers identified the proprietors of a massive network of compromised computers, or a botnet, believed responsible for generating millions of e-mails that attempted to generate interest in penny stocks. The group is believed to be made up of Russian hackers who control tens of thousands of hijacked computers worldwide.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.