Security Watch

Keeping Track of patches and hacks in the IT security world.

SEC Freezes High-Tech Pump and Dump Scheme

The Securities and Exchange Commission announced March 7 it has won an emergency court order to freeze assets in a Latvian-based bank's trading account that was being used in a high-tech market manipulation scheme.

The SEC is charging that account has been used to launch a "pump-and-dump" scheme involving stocks of 15 public companies. Part of the scheme was that an unknown amount of traders—sub-account holders of the Latvian account—hacked into investors' online brokerage accounts at seven brokerage firms, selling off investors' holdings and using the proceeds to pump up stocks.

The SEC claims that the unknown traders made at least $732,941 in illicit profits. The cost to U.S. brokerages is estimated at $2 million in losses.

The SEC had filed an emergency federal court action, in the United States District Court for the District of Columbia, against relief defendant JSC Parex Bank, based in Riga, Latvia. In response, the court issued a temporary restraining order freezing the defendants' profits, held in JSC Parex's omnibus trading account.

In a release, SEC Enforcement Deputy Director Peter Bresnan said, "In today's global economy, where con artists can misuse computer technology to defraud innocent U.S. investors from far beyond our borders, freezing the unlawful profits of those behind these intrusion schemes is especially important. Working to prevent injury to U.S. investors from intrusions into online brokerage accounts is a top priority of the Enforcement Division."

SEC Office of Internet Enforcement Chief John Reed Stark said that the thieves used sophisticated hacking and identity theft techniques to break into the accounts of the brokerage customers. "These perpetrators effectively cut out the middleman of the old-fashioned pump-and-dump scheme, eliminating phony stock promotions, creating their own artificial trading demand, and consummating their fraud in as little time as a couple of hours."

The SEC's complaint describes a complex scheme combining electronic intrusions into online brokerage accounts with tradition market manipulation. The SEC claims that from at least December 2005 through December 2006, one or more foreign-based traders purchased shares in 15 U.S. based Nasdaq-traded accounts.

They used four sub-accounts of an omnibus trading account titled in the name of Relief Defendant JSC Parex Bank and held at Pinnacle Capital Markets LLC of North Carolina. The traders then hacked into investors' online brokerage accounts at seven major online broker-dealers and sold off investors' securities holdings.

The trades then used the proceeds to buy shares on the open market of the shares they had previously purchased in their own sub-accounts. The activity pumped up share price and trading volume and enabled the traders to make a substantial profit when they sold their shares.

The SEC's Office of Investor Education and Assistance has issued an investor alert, available here, for tips on avoiding such victimization.