Student Charged With Hacking Stock Account
By Carrie Johnson and Mike Musgrove
Date: October 14, 2003
A college student was arrested yesterday on charges of hacking into someone else's online brokerage account and sticking him with an investment loss of more than $40,000 after the student obtained password information with surreptitiously installed software that recorded the investor's computer keystrokes.
According to federal prosecutors and the Securities and Exchange Commission, Drexel University student Van T. Dinh, 19, lured victims to a Web site with a request for help in testing software he had written that tracked stock price moves. But, officials said, the program was really a subterfuge that installed a program called the Beast, which, when downloaded onto a computer, can track every character the user types and relay them to a hacker.
Yesterday's announcement by authorities in Washington and Massachusetts -- a story that combines identity theft, computer hacking and securities fraud -- is the latest cautionary tale for consumers and investors in the electronic marketplace.
In recent years, especially as the economy boomed in the late 1990s, millions of people flocked online to buy and sell stock. There were more than 20 million online trading accounts in the United States as of Dec. 31, 2002, according to the research firm Gomez Inc.
Investigators were alerted to the situation by the Westborough, Mass., victim in July. They said they traced electronic footprints, including trading records, banking data and Internet protocol addresses, which led them to Dinh. They said that Dinh, in taking so many steps to disguise his identity, inadvertently left a detailed trail of evidence.
"The more elaborate the scheme, the easier it is to catch the bad guy," said John Reed Stark, chief of the SEC's office of Internet enforcement. The unit has brought 425 Internet-related securities cases since 1995, but most involved insider trading or falsely touting stocks, Stark said.
"In all my years here, I've never seen a case like this," he said.
Massachusetts U.S. Attorney Michael J. Sullivan said the case should warn consumers that installing programs obtained from people they do not know is like "opening the front door of their house to a stranger."
Prosecutors charged Dinh with securities fraud, mail and wire fraud, and causing damage in connection with unauthorized access to a computer. The fraud counts carry maximum penalties of 20 years in prison, and the computer counts carry a maximum penalty of 10 years. After an initial appearance in a federal court in Philadelphia early yesterday afternoon, Dinh was released on $50,000 bond and was ordered to remain at his Phoenixville, Pa., home until another court proceeding next Wednesday. His federal public defender declined to comment yesterday, and messages left at his home were not answered.
Dinh, a first-year business administration major, lived with his parents in a house with multiple computers and a high-speed Internet connection, sources familiar with the case said.
^macro[showdigestcomments;^uri;Student Charged With Hacking Stock Account]