Seven U.S. brokerages were allegedly hacked into as part of the scheme.
A federal judge, acting on behalf of the U.S. Securities and Exchange Commission (SEC), has frozen $3 million belonging to an Eastern European cybercrime gang that allegedly hacked into seven U.S. brokerage firms, then used stolen funds to mount a stock manipulation scheme.
According to a complaint filed by the SEC (download PDF) Tuesday in U.S. District Court in Washington, D.C., the gang’s 20 members live in Russia, Latvia, Lithuania and the British Virgin Islands. The frozen assets, which include at least $733,000 in profits from the scam, are in a Latvian bank.
As with two other stock manipulation schemes the SEC has uncovered, this one relied on a multi-part scam. After buying lightly-traded “penny” stocks, the criminals hacked into accounts at a number of online brokerage houses, including Charles Schwab, E*Trade, Merrill Lynch, TD Ameritrade, Vanguard and others. Securities in those accounts were sold and the proceeds used to buy thousands — and in one case, millions — of the same shares. That, said the SEC, artificially drove up the price.
“Then, at the height of the price surge, the defendants sold in their own accounts their previously-purchased shares of the same stocks at the inflated prices,” the complaint read.
In one scam detailed in the SEC’s complaint, the criminals hacked into two TD Ameritrade accounts last March, and used the funds there to buy more than a million shares of Netguru Inc., a California company that purports to be an integrated Internet technology and services firm. Netguru share prices jumped on the buy orders. Later that day, the hackers sold 446,000 shares they purchased at lower prices the week before, netting approximately $165,000.
The hack-pump-and-dump, which went on for at least a year and ended only in December, also cost the brokerages about $2 million in losses.
“These perpetrators effectively cut out the middleman of the old fashioned pump-and-dump scheme, eliminating phony stock promotions, creating their own artificial trading demand,” John Reed Stark, the head of the SEC’s office of Internet enforcement, said in a statement. “[They would] consummate their frauds in as little time as a couple of hours.”
This week’s asset freeze order was the third since December. The first involved a Russian man, Evgeny Gashichev, and his Estonian-based company, and blocked about $354,000. In the second, Florida resident Aleksey Kamardin allegedly made off with $82,000, which he then wired to a Latvian bank account.
It may be difficult to track down the gang members involved in the most recent scam. They cloaked their identities by using hijacked PCs to hack into the brokerages, said the SEC, and have not yet been identified by name.
Source: https://www.computerworld.com/article/1647095/sec-freezes-3m-made-in-hacker-stock-scam.html