14 DAY TRIAL // A 31-year-old Russian has been charged by US authorities on suspicion of running a scheme that involved breaching retail brokerage accounts and sham trades. The illegal activities caused damages of around $1 million (700,000 EUR).
Petr Murmylyuk, also known as Dmitry Tokar, from New York, demonstrated that hacking and securities fraud go well together.
According to the FBI, starting in late 2010, the suspect collaborated with others to hack into and steal from online trading accounts, causing losses to brokerage firms such as E*Trade, Fidelity, Scottrade and others.
Because online trading accounts have alarm mechanisms that notify their owners in case unauthorized transactions are detected, Murmylyuk and his accomplices changed the associated phone numbers and email addresses.
That way, each time an alarm would go off, the account owner would be unaware of the illegal activities that took place.
Once the crooks gained access to the accounts, they would open other ones at brokerage houses by relying on the stolen identities. They would use these so-called “profit accounts” to purchase contracts from the victims’ accounts and then resell them for up to nine times the initial sales price.
The profits would be deposited in bank accounts owned by foreign recruits that were visiting, studying or living in the US. These accomplices have already been convicted of conspiracy to commit wire fraud.
At the time of his arrest, back in November 2011, Murmylyuk was in the possession of a laptop that contained evidence of the illegal activities he performed. If found guilty, the suspect could be sentenced to a maximum of 5 years in prison, and be forced to pay a $250,000 (187,000 EUR) fine.
“Hackers continue to find new and advanced ways to steal from the financial sector. Through the illusion of legitimacy, these alleged hackers controlled both sides of securities transactions to game the market and drain their victims’ accounts,” said First Assistant U.S. Attorney J. Gilmore Childers.
“Those who use their computer skills for fraud underestimate the combined resolve of law enforcement and the financial services industry to detect and stop these crimes.”
Update. Since in this case the suspects committed the crimes by breaking into the accounts of the victims, we've asked the opinion of an expert on what companies should do to offer better protection to their customers.
Lynne Courts, CMO of FoxT, an access management software provider, said:
In this case, it seems as if an ounce of prevention could have been worth a pound of cure.
Banks need to do more than just monitor and identify suspicious behaviors, they need to have effective access, authentication and authorization technologies in place that can stop insiders and outsiders from getting to restricted and regulated areas of the network that are behind the firewall,
Had the culprit in this breach been stopped at the front door or even after he gained initial access, then this story could have had a very different conclusion.