Teen Hacks Into Westborough Man's Online Brokerage Account, Places Unauthorized Buy Orders for Own Securities

FOR IMMEDIATE RELEASE
2003-135

Washington, D.C., October 9, 2003 — Today the United States Securities and Exchange Commission announced the filing of civil charges relating to 19-year old Phoenixville, Pa., resident Van T. Dinh's scheme to dispose of his large position in "out of the money" options by hacking into an unsuspecting victim's online brokerage account. This matter is the first SEC fraud prosecution to allege both computer hacking and identity theft as components of the fraudulent scheme.

According to documents filed in court, during July 2003, Dinh surreptitiously accessed the online brokerage account of a Westborough, Mass., investor and placed buy orders for options contracts that corresponded to the sell orders Dinh previously placed through his own brokerage account. As a result, the victim unknowingly purchased options to sell common stock of Cisco Systems, Inc. that expired worthless eight days later. Through these actions, Dinh avoided approximately $37,000 in losses.

Although Dinh took pains to conceal his identity through the use of online aliases, multiple e-mail accounts, foreign Internet service providers and anonymizing websites, investigators located him within days of being contacted about his fraud.

Linda Chatman Thomsen, Deputy Director of the Commission's Enforcement Division, said: "Despite the use of complex anonymizer programs and other cloaking devices, our staff was able to unravel this conduct quickly. To those who attempt to use the perceived anonymity of the Internet to victimize investors, our message remains clear: we will track you down and hold you accountable."

Office of Internet Enforcement Chief John Reed Stark added: "This case should remind investors using the Internet to review their brokerage statements carefully every month, to check the bona fides of any potential download and to take security measures, such as using an antivirus shield and employing a firewall, in order to avoid computer viruses, worms and other intrusion programs."

According to the pleadings, during July 2003, Dinh sent an e-mail inviting users of an online stock discussion forum to test a new stock-charting tool. The so-called stock-charting tool was, in fact, a disguised version of a keystroke-logging program called "The Beast" that would permit Dinh to monitor remotely the computer activity of users who had downloaded it. Dinh employed this program to obtain the login and password information for the victim's TD Waterhouse online brokerage account. Next, on the morning of July 11, Dinh placed through his own online brokerage account orders to sell his option contracts at $5 per contract and, through the victim's account, corresponding buy orders. As a result, Dinh caused the unsuspecting account holder to purchase 7,200 Cisco option contracts, saving himself approximately $37,000 in trading losses.

The Commission's action seeks preliminary and permanent injunctive relief, disgorgement of illegal proceeds with prejudgment interest, and civil monetary penalties based on Dinh's alleged violations of the anti-fraud provisions of the federal securities laws, Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder.

In a related action, Dinh was also charged by the United States Attorney's Office for the District of Massachusetts with securities fraud, mail and wire fraud, and causing damage in connection with unauthorized access to a protected computer.

For further information contact:

John Reed Stark, Chief, SEC Office of Internet Enforcement (202) 942-4803