An Eastern European crime ring netted at least $733,000 in illegal profit using trading accounts at TD Ameritrade Holding Corp. and six other firms, in the biggest fraud yet uncovered by a US probe of online stock manipulation.
The ring was traced to 20 residents of Russia, Latvia, Lithuania and the British Virgin Islands, the Securities and Exchange Commission said in a lawsuit filed in US District Court in Washington. The group maintained trading accounts in the US through Riga, Latvia-based JSC Parex Bank, the SEC said. Brokerage firms lost at least $2 million in the scheme, which emerged as part of a wider investigation of Internet-savvy criminals who use other people's accounts to pump up stocks and dump them later at inflated prices.
Since December, the SEC has brought similar cases against a 41-year-old Russian man who allegedly stole €269,000 ($354,000) and a 21-year-old Florida man who got €63,000 ($83,000). „This action stems from a modern-day, technological version of the traditional pump-and-dump market-manipulation scheme,” the SEC said in the complaint.
The fraud ring also targeted customers of Charles Schwab Corp., E*Trade Financial Corp., Merrill Lynch & Co. and closely held Scottrade Inc., Vanguard Brokerage Services and Fidelity Investments, according to the lawsuit. In a separate statement today, the SEC said it obtained an order freezing $3 million of assets held in the Latvian bank's US trading account.
„It's an emergency freeze action,” John Stark, chief of the SEC's Office of Internet Enforcement, said in an interview. „We didn't want to tip off anyone to what we were seeking, because then they would take the money and get it out of the country.” The SEC, FBI, US Secret Service and NASD, the largest private regulator of brokerages, began the probe into online trading fraud in late 2005, according to court filings. So far, firms have reported at least $22 million in losses because of the illegal trading schemes. The manipulation announced today occurred from December 2005 through December 2006 and involved at least 15 stocks traded on the Nasdaq Stock Market, the SEC said.
The criminals bought thinly traded stocks, then used stolen passwords to enter the online trading accounts of unwitting brokerage customers, the SEC said. They then liquidated the stocks in the compromised accounts and used the proceeds to buy shares of the targeted stocks. The rapid buying drove up the price, enabling the criminals to sell the targeted stocks held in their own accounts for a profit.
The criminals stole the passwords using „phishing” software and other computer tools that enabled them to observe users' keystrokes from remote locations, according to the complaint. „The investigation is very much ongoing,” Stark said. „We want to find out who actually owns these accounts and who is perpetrating these violations.”
Brokerage firms including Omaha, Nebraska-based TD Ameritrade and San Francisco-based Schwab have absorbed the brunt of the losses because they offer online-security guarantees under which they reimburse fraud victims. In October, TD Ameritrade said it spent $4 million in the Q3 of last year to make whole customers whose accounts were raided. „This kind of identity theft continues to be an issue,” said Katrina Becker, a TD Ameritrade spokeswoman. „We are always going to work with regulators and our peers to create solutions that better protect our clients, but we're also going to work with regulators to pursue the criminals that perpetrate these acts.”
The fraud cost E*Trade $18 million in the third quarter and forced the company to take ownership of 1 million almost worthless shares of San Francisco strip-club operator BoysToys.com. The attacks abated in the fourth quarter, said Pam Erickson, a spokeswoman for New York-based E*Trade. „We have been able to put additional security solutions in place that enable us to increase our monitoring capabilities,” Erickson said.
Customers are becoming increasingly aware of the risks associated with personal identify theft and taking steps to safeguard their accounts by using electronic ID tokens and anti-virus software, Erickson said. Schwab has strengthened its trade-monitoring systems, Sarah Bulgatz, a spokeswoman for the company said. The case also shows the importance of „beefing up” personal computer security systems, she said.
US authorities disclosed the investigation of trading fraud in October, saying online attacks against brokerage firms, known as „account intrusions,” were growing more frequent. In December, the SEC said the Russian using an Estonian brokerage firm tapped into accounts at E*Trade, TD Ameritrade and Scottrade to manipulate at least 21 stocks. The agency brought its second case in January against the Florida man who allegedly bid up 17 stocks, transferred his illegal profits to a bank account in Latvia and is now believed to have fled the US and gone into hiding in Russia, according to the SEC. The stocks targeted in the lawsuit filed yesterday included Bluefly Inc., an Internet clothing and furnishings retailer; BriteSmile Inc., a marketer of teeth whitening processes; and Repligen Corp., a developer of drugs for autism, organ transplantation and cancer, according to the complaint.
Scottrade was used in 11 of the 15 stock-manipulation schemes described in the complaint, the most of any of the firms named. TD Ameritrade was used 10 times, Schwab seven and E*Trade six. New York-based Merrill was targeted three times in late December 2005 and early 2006, according to the complaint. „Even though no Merrill Lynch systems were breached, the defendants were able to compromise the personal computers of several clients through Trojan Horse spyware,” Merrill spokesman Mark Herr said.
„Fortunately, our internal protocols identified the irregular trading during account reviews and we notified the SEC and criminal authorities and we were able to put a stop to this.” Vanguard Group spokeswoman Rebecca Cohen said the company is continually working to improve its security. Calls to Fidelity and Scottrade weren't returned. (Bloomberg)