Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Help You Just Don’t Need

According to a survey by Google, 15% of malware can be traced back to phony pop-ups that tell you that your computer has been infected by a virus and that you need to download their software to remedy the problem by linking to their antivirus software. Sometimes these phony pop-ups just steal your money and provide you with no solution to a problem that you do not have. Other times they prompt you to provide personal information that is used to make you a victim of identity theft.

Just When You Thought It Was Safe to Go Back to Your Computer

People are always interested in firsts. Charles Lindbergh was the first man to fly solo across the Atlantic Ocean. Neil Armstrong was the first man to set foot on the moon. And 19-year-old Drexel College student Van Dinh was the first person to be charged by the Securities and Exchange Commission with fraud involving both computer hacking and identity theft. I am sure his parents are quite proud.

Dinh’s story began in late June of 2003 when he bought 9,120 put option contracts on Cisco stock at a strike price of $15 per share. The cost to Dinh for each option contract was $10 per contract, for a total of $91,200. Each put option gave him the right to sell 100 shares of Cisco stock at $15 per share if the value of the Cisco stock fell to that price or below before the date of the put option contracts, which expired on July 19, 2003. For example, if the stock price fell to $14 per share, Dinh’s ability to sell the shares at $15 per share according to the put option contracts would have resulted in a profit of $912,000. And if the stock fell even further, this highly speculative investment would have paid off even more handsomely. There was only one problem: With nine days to go before the expiration date of his Cisco put option contracts, the stock was trading at $19 per share, which meant that if that price level was maintained, his put option contracts would be worthless at their expiration.

According to the FBI, instead of just taking the potential loss, Dinh concocted an elaborate computer-hacking and identity theft scheme to bail himself out. What Dinh needed were victims upon whom he could unload his soon-to-be-worthless put option contracts. The first step was to find those victims. Dinh did this by going online to the investment analysis Web site StockCharts.com’s stock-charting forum. Using the name Stanley Hirsch, Dinh e-mailed a message to at least 50 StockCharts.com members asking whether any of them maintained their own Web sites. When a Massachusetts investor responded to the e-mail, the first step in the fraud had been completed. By replying to Dinh’s seemingly innocuous e-mail inquiry, the Massachusetts investor provided Dinh with the investor’s personal e-mail address. The next day, Dinh, now using the name Tony T. Riechert, contacted the unwary investor by e-mail and invited him to participate in a beta test of a new stock-charting tool. Beta testing is a common practice in the software development world in which individuals are solicited by companies to try out new versions of computer programs being developed as the companies try to get the “bugs” out of them. Continuing to swallow the bait, the Massachusetts investor accepted the invitation and downloaded the purported stock-charting software through a link in the e-mail message.

Unfortunately, the program was actually just a ruse known in the computer world as a “Trojan horse.” A Trojan horse is a computer program containing harmful codes hidden within an apparently harmless program. In this instance, a number of keystroke-logging spyware programs were contained within the Trojan horse. Keystroke-logging spyware programs, as I described earlier, permit an Internet user at one location to monitor all the keystrokes of another unsuspecting Internet user at a different location. Talk about food for paranoids! When the keystroke-logging program known as “The Beast” was lodged in the Massachusetts investor’s computer, Dinh simply had to wait and monitor his victim’s computer use. From there, he found the last pieces of critical information necessary for his scam—the victim’s password and login information for his online brokerage account with TD Waterhouse.

On July 11, 2003, with only eight days left before the expiration of his Cisco put option contracts, Dinh hacked into his victim’s TD Waterhouse account and made a series of Cisco option buy orders using up almost all the available cash in the victim’s account. These buy orders were, in turn, executed on the Chicago Board Options Exchange and filled with options sold from Dinh’s account, thereby avoiding a significant loss by Dinh. Four days later, the Massachusetts investor, shocked to see that his brokerage account had been raided, notified the Securities and Exchange Commission.

FBI and SEC investigators did not take long to trace the relevant e-mails. The e-mail from Tony Riechert was found to have come from Lock-down Corporation, a company that provides, in the words of the FBI, an “anonymizing” service to its customers that permits the true identity of the original sender of the e-mail to be hidden. Lockdown Corporation cooperated with the investigators and provided information which showed that the initiator of the Tony Riechert e-mail also had gone to the TD Waterhouse Web site and a hacker Web site that provided access to keystroke-logging spyware programs. The noose was tightening. Further investigation led to an Australian Internet service provider, as well as e-mail servers in Ireland and Germany. Ultimately, the electronic trail led to Van Dinh, who cooperated with investigators and provided SEC attorneys with information and documentation connecting him to the crimes.

The Lesson

The lesson could be the old one that crime does not pay. In Van Dinh’s case, he was promptly caught; plus, his scheme only served, at best, to reduce the extent of his losses. However, for the rest of us, the lesson is first to be aware that Trojan horses and keystroke-logging spyware programs exist. These invasions of your personal information cannot harm you unless you invite them in. Keep your virus software constantly updated. It is a good practice to be wary of downloadable programs offered from e-mail, forums, or advertisements if you are not absolutely positive that they are legitimate. The lesson for brokerage houses is to maintain better security. Software is available that is able to detect changes in patterns of account holders or a sudden, large liquidation of funds. The Patriot Act, enacted in the wake of the attacks of September 11, 2001, also serves to help investors by requiring cross-referencing of personal information by financial service providers.

  • + Share This
  • 🔖 Save To Your Account