Federal Officials Warn of Stock Account Hacking

Copyright © 2009 National Public Radio®. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

STEVE INSKEEP, host:

So many people use computers to buy stocks online that it is not surprising that people exploit the system. Federal officials are investigating reports that hackers - often located in foreign countries - are using spyware to access customers' online accounts.

He's NPR's Jack Speer.

JACK SPEER: Online trading is a growth industry in the U.S. Many online-brokerage firms allow people to buy and sell stock for less than $10 a trade. Unfortunately, some of those buying and selling stocks these days maybe doing it using someone else's account.

Mr. JOHN REED STARK (Chief, Internet enforcement, SEC): It really combines securities fraud and hacking and identity theft.

SPEER: That's the chief of Internet enforcement at the SEC, John Reed Stark. Stark's office is working with the FBI to catch a group of Internet thieves who've already caused more than $20 million in losses for big online brokers, like E-trade Financial and TD Ameritrade.

Mr. STARK: The simplest scheme is just to go into your account and liquidate all your securities holdings remotely from wherever the hacker is located. And then through a series of wire transactions and almost money laundering like maneuvers, move that money offshore. That's the simplest.

SPEER: But investigators say the schemes are becoming increasingly sophisticated. In one variation, a hacker buys up shares of an extremely cheap and thinly traded stock known as a penny stock. Then using a stolen password to access an online account, the hacker sells all the stocks in the account in order to buy even more shares of the penny stock. Other investors notice the unusual activity, start buying and drive up the price. The hacker then quickly sells the shares at a profit and disappears. David Ruder is former SEC chairman who now teaches securities law at Northwestern University.

Professor DAVID RUDER (Law, Northwestern University; Former chairman, SEC): The electronic commerce is very quick and it doesn't take very long - perhaps even a day or two days - for these hackers to move the money from one account to the other and create a very difficult paper trail.

SPEER: And the fact the fraud is being done from overseas further complicates things. Officials say so far, loses has been small, but they're growing. The major online brokerage firms are covering their customers' losses. Joe Moglia is CEO of Ameritrade.

Mr. JOE MOGLIA (CEO, Ameritrade): We're in business for the benefit of our clients. That's why situations like this, we will do everything to make sure either, A, they're protected and it never happens. But if God forbid, if something does happen, we're going to cover their assets.

SPEER: But regulators say customers also need to cover own assets. According to the SEC, many of those whose accounts were compromised were signed on from a public computer - one located in a hotel business center or a library where it's relatively easy for hackers to install spy ware. The SEC has scheduled a meeting today in Washington with several online brokerage firms to discuss ways to increase customer security. Jack Speer, NPR news, Washington.

Copyright ©2009 National Public Radio®. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to National Public Radio. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.