Federal Officials Warn of Stock Account Hacking
STEVE INSKEEP, host:
So many people use computers to buy stocks online that it is not surprising that people exploit the system. Federal officials are investigating reports that hackers - often located in foreign countries - are using spyware to access customers' online accounts.
He's NPR's Jack Speer.
JACK SPEER: Online trading is a growth industry in the U.S. Many online-brokerage firms allow people to buy and sell stock for less than $10 a trade. Unfortunately, some of those buying and selling stocks these days maybe doing it using someone else's account.
Mr. JOHN REED STARK (Chief, Internet enforcement, SEC): It really combines securities fraud and hacking and identity theft.
SPEER: That's the chief of Internet enforcement at the SEC, John Reed Stark. Stark's office is working with the FBI to catch a group of Internet thieves who've already caused more than $20 million in losses for big online brokers, like E-trade Financial and TD Ameritrade.
Mr. STARK: The simplest scheme is just to go into your account and liquidate all your securities holdings remotely from wherever the hacker is located. And then through a series of wire transactions and almost money laundering like maneuvers, move that money offshore. That's the simplest.
SPEER: But investigators say the schemes are becoming increasingly sophisticated. In one variation, a hacker buys up shares of an extremely cheap and thinly traded stock known as a penny stock. Then using a stolen password to access an online account, the hacker sells all the stocks in the account in order to buy even more shares of the penny stock. Other investors notice the unusual activity, start buying and drive up the price. The hacker then quickly sells the shares at a profit and disappears. David Ruder is former SEC chairman who now teaches securities law at Northwestern University.
Professor DAVID RUDER (Law, Northwestern University; Former chairman, SEC): The electronic commerce is very quick and it doesn't take very long - perhaps even a day or two days - for these hackers to move the money from one account to the other and create a very difficult paper trail.
SPEER: And the fact the fraud is being done from overseas further complicates things. Officials say so far, loses has been small, but they're growing. The major online brokerage firms are covering their customers' losses. Joe Moglia is CEO of Ameritrade.
Mr. JOE MOGLIA (CEO, Ameritrade): We're in business for the benefit of our clients. That's why situations like this, we will do everything to make sure either, A, they're protected and it never happens. But if God forbid, if something does happen, we're going to cover their assets.
SPEER: But regulators say customers also need to cover own assets. According to the SEC, many of those whose accounts were compromised were signed on from a public computer - one located in a hotel business center or a library where it's relatively easy for hackers to install spy ware. The SEC has scheduled a meeting today in Washington with several online brokerage firms to discuss ways to increase customer security. Jack Speer, NPR news, Washington.