WASHINGTON: A 19-year-old computer hacker who allegedly hijacked the brokerage account of an unsuspecting investor to make unauthorized trades was charged Thursday with criminal and civil fraud, officials said.

Officials charged Van Dinh of Phoenixville, Pennsylvania in a scheme to dispose of worthless options by hacking into the account of a Massachusetts investor. Officials said Dinh was able to carry out the scheme after providing a purported �stock charting tool� to the investor that contained a �Trojan,� or virus enabling a hacker to take control of another PC. Federal prosecutors in Massachusetts filed charges of securities fraud, mail and wire fraud, and causing damage in connection with unauthorized access to a protected computer.

Dinh could face up to 20 years� imprisonment on the fraud charges and 10 years for the computer crime counts, as well as fines of up to one million dollars. US Attorney Michael Sullivan in Boston said the case illustrated to dangers of downloading programs from strangers. �This case should be a reminder to Internet users that every time they open an e-mail from an unknown sender it is as if they are opening the front door of their house to a stranger,� said Sullivan. �Here, the defendant used a �Trojan horse� program to surreptitiously obtain the victim�s investment account information.

The Securities and Exchange Commission said it filed parallel civil charges, adding that it was the first securities fraud case that officials have prosecuted involving computer hacking and identity theft allegations. �I�ve not seen a case like this before,� said John Stark, the SEC�s Internet enforcement chief.

According to court documents, Dinh sent an e-mail in July 2003 inviting users of an online stock discussion forum to test a new stock-charting tool that was in fact a disguised version of a keystroke-logging program called �The Beast� allowing Dinh to monitor remotely the computer activity of users who had downloaded it. Dinh used this program to obtain the login and password for the victim�s TD Waterhouse online brokerage account, officials said.

Dinh had owned a large number of options to buy shares of Cisco Systems at a price far above the current price, making them worthless, according to the SEC. The options were essentially a bet that the share price of Cisco would fall below 15 dollars. Officials said that if the stock had dropped to 14 dollars, he would have made a profit of 912,000 dollars. But the options were worthless if the share price remained above 15 dollars.

The agency says Dinh hacked into another trader�s account to place a buy order for those options, so that he could then sell them � meaning he got the money and the other person was stuck with the worthless options. Dinh avoided $37,000 in trading losses under the scheme. �I�ve never seen anyone use a keystroke-logging program in terms of securities fraud. This is a very sophisticated fraud scheme,� Stark said.

Though Dinh tried to conceal his identity through the use of online aliases, multiple e-mail accounts, foreign Internet service providers and anonymizing websites, investigators were able to track him down. �Despite the use of complex anonymizer programs and other cloaking devices, our staff was able to unravel this conduct quickly. To those who attempt to use the perceived anonymity of the Internet to victimize investors, our message remains clear: we will track you down and hold you accountable,� said SEC deputy enforcement director Linda Chatman Thomsen. �AFP

source: daily times

The wise make mistakes, the fools repeat them
When you have eliminated the impossible, that which remains, however improbable, must be the truth