A New York federal court last week agreed with the SEC's request to freeze accounts held by the hacker Gashichev and his Estonian company. The court also ordered him to return funds withdrawn from the United States.
The Securities and Exchange Commission has frozen the assets of a Russian man charged with hacking into other people's online brokerage accounts as part of a stock price manipulation scam.
A New York federal court last week agreed with the SEC's request to freeze accounts held by Evgeny Gashichev and his Estonian company, Grand Logistic S.A.; the court also ordered Gashichev to return funds withdrawn from the United States.
Calling the scam "a high-tech version of a 'pump and dump' scheme," the SEC laid out Gashichev's actions in court filings. After buying low-priced shares of small, lightly traded companies, Gashichev used stolen brokerage account user names and passwords to access others' accounts. Without the real owner's knowledge, he used the victim's funds to place orders for large blocks of the same stock at artificially inflated prices. Those buys gave the illusion of increased legitimate trading, which raised the stock's price. Gashichev then sold the shares he had purchased earlier; the account holder saw the prices of the manipulated stocks fall sharply.
In a traditional pump-and-dump scheme, the fraudster touts a company's stock through large-scale spam campaigns that pump up the price by duping recipients into buying. The scammer than sells his shares at a profit.
"Gashichev used a modern variation on the scheme," the SEC filing read. "Instead of sending false and misleading statements to the marketplace, he was more direct. He intruded into victims' online brokerage accounts and, by causing the intruded accounts to place large purchase orders with the innocent accountholders' own funds, created the buying frenzy himself."
During a seven-week run between late August and mid-October, Gashichev made $353,609 in illegal profits through at least 25 separate scams, the SEC charged. The SEC did not disclose the number of victims.
In its filing, the SEC admitted that although the evidence against Gashichev was largely circumstantial, it was damning all the same. "There is no innocent explanation for the pattern and timing of Gashichev's trading, and the way in which they match up to trades in the intruded accounts. His trades on 25 occasions always win. The intruded accountholders always lose."
Although the SEC has prosecuted account hackers in the past -- charges against Van Dinh in 2003 for using a keylogging Trojan to steal brokerage account user names and passwords resulted in a 2004 conviction and a 13-month jail term -- the agency was not optimistic about shutting down this latest scam.
"Although Gashichev's trading through the Grand Logistic account has been stopped," the SEC said, "it is highly likely that the fraud continues."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?