|
 
| |
U.S. Securities and Exchange Commission
Litigation Release No. 18401 / October 9, 2003
Securities and Exchange Commission v. Van T. Dinh, Civ. Action
No. 03-CV-11964RWZ (D. Mass. filed October 9, 2003)
SEC Charges Hacker With Breaking Into Investor's Online Account, Placing
Unauthorized Buy Order
The Securities and Exchange Commission today filed a complaint in the
United States District Court for the District of Massachusetts charging Van
T. Dinh, a 19-year-old resident of Phoenixville, Pennsylvania, with
illicitly accessing through the Internet an investor's online brokerage
account and purchasing, without the account holder's knowledge, soon-to-be
worthless options held by Dinh. These bogus transactions saved Dinh
approximately $37,000 in trading losses.
While carrying out his scheme, Dinh took great pains to conceal his
identity and evade detection, including assuming various online aliases,
using multiple e-mail accounts, and employing foreign Internet service
providers and several online anonymizing websites.
In particular, the Commission's complaint alleges that:
 | Between June 18 and 27, 2003, the defendant purchased over 9,100 Cisco
Systems, Inc. put option contracts with a July 19, 2003 expiration date
for $10 per contract. These options gave Dinh the right to sell Cisco
common stock at a price of $15 per share, but would expire worthless if
the price of Cisco stock stayed above $15 per share. As July 19
approached, it became increasingly likely that the Cisco options would
expire worthless.
|
| On July 7, Dinh contacted several members of www.stockcharts.com, an
investment analysis website, in order to obtain their e-mail addresses.
Using an alias, Dinh filled out e-mail-based web forms inquiring about the
members' personal websites; those who replied revealed their e-mail
addresses to Dinh.
|
| The next day, using a second alias, Dinh e-mailed the members who had
responded to his earlier inquiry and invited them to test a new
stock-charting tool. The e-mail invitation from Dinh directed the
recipients to a website featuring a downloadable version of the purported
stock-charting tool. In reality, the program was a disguised version of
"The Beast," a keystroke-logging program that allowed Dinh to remotely
monitor the computer activity of those who downloaded it.
|
| At least one recipient of Dinh's July 8 e-mail, a TD Waterhouse online
brokerage customer, unwittingly downloaded and installed The Beast on his
home computer, thereby enabling Dinh to monitor his computer activities,
identify his online brokerage account, and steal his log-in and password
information.
|
| On the morning of July 11, eight days before their expiration, Dinh's
Cisco options were more than $3 "out of the money." Nevertheless, Dinh
accessed his personal online brokerage account and placed a series of
orders to sell his Cisco options at $5 per contract. These sell orders
went unfilled until Dinh infiltrated the TD Waterhouse account and placed
corresponding orders to buy the Cisco options at the $5 contract price.
Each of these buy orders was executed against sell orders from Dinh's own
account, until Dinh had sold 7,200 of his Cisco option contracts and
depleted virtually all of the available cash in the TD Waterhouse account.
|
| On July 19, the Cisco options expired worthless.
|
In a related action, Dinh was charged by the United States Attorney's
Office for the District of Massachusetts with securities fraud, mail and
wire fraud, and causing damage in connection with unauthorized access to a
protected computer.
The Commission's action seeks preliminary and permanent injunctive
relief, disgorgement of illegal proceeds with prejudgment interest, and
civil monetary penalties based on Dinh's alleged violations of Section 17(a)
of the Securities Act of 1933 and Section 10(b) of the Securities Exchange
Act of 1934 and Rule 10b-5 thereunder.
SEC
Complaint in this matter
|
|
