BRIAN ROSS REPORTS
- Like Jay-Z + the Beatles, But Worse
- Update: Help for Homeless Children
- Bush Era, Revised -- and with More Barbeque
- The Tax Woman Cometh
- Paging Mr. Stanford: Antigua Called
- Who Are You Calling Partisan?
- Update: IRS Won't Use Private Debt Collectors
- But Is It Art?
- PMA Scandal a Sore Point for Dems in 2010?
- Down in Flames
- A New Mystery for RNC Chief
- PMA Clients Were Big Givers
- Raided Lobby Firm Still a Force on Capitol Hill
- Stanford Update: Another $143 Mil Found
- Cheney, Hooked on Controversy
TOP BLOTTER CATEGORIES
- Abramoff Lobbying Scandal
- American Al Qaeda
- Avian Flu
- Beirut Hospital Out of Gas
- Cheney
- CIA
- CIA Secret Prisons
- D.C. Madam Affair
- FBI
- Federal Air Marshal Service
- Homeland Security
- Hurricane Katrina
- IRS
- Mark Foley Internet Scandal
- Millionaire Sex Scandal
- Nigerian E-mail Scams
- Norman Hsu, Clinton Fundraiser
- NSA: Wiretapping
- Osama bin Laden
- Payola
- Pharmacy Investigation
- PMA
- Speaker of the House Dennis Hastert
- Stanford
- Steele
- Terror
- Troopergate
- U.K. Airline Terror Plot
- U.K. Bombing Attempts
- Wen Ho Lee
- William Jefferson
- Zarqawi
« Previous | Main | Next »
Russian Criminals Targeting U.S. 401ks and Online Traders
Email
Print
ShareMarch 20, 2007 5:00 AM
Cybercriminal rings in Russia and Eastern Europe have stolen tens of millions of dollars by breaking into and looting U.S. 401k and online stock trading accounts, FBI and SEC officials tell ABC News.
"You could wake up one morning and find all your money in your retirement account or in your trading account is gone," said John Reed Stark, Chief of Internet Enforcement at the Securities and Exchange Commission.
Read the E-mail Exchange Between a Russian Hacker and an ABC News Intern.
In addition to the Russian rings, authorities have also seen hackers in India, Hong Kong and Malaysia going after similar online accounts.
THE BLOTTER RECOMMENDS
The criminals either cash out the stocks and wire the money to their own account or sell off the stock holdings to buy shares in worthless stock they control, an Internet version of the classic "pump and dump" scheme.
In many cases, American victims have had their user IDs and passwords stolen when they use computers at hotel business centers and other Internet connection points.
Click Here for Full Blotter Coverage.
The FBI says the criminals secretly bug the computers with programs to record every key typed.
"So that when you access your financial account, you are in fact giving the bad guy your account name, your password, your account number and essentially the keys to the kingdom," explained Shawn Henry, Deputy Director of the FBI's Cybercrimes Division.
Victims have included customers of E-trade, Scott Trade, Ameritrade, Fidelity, Merrill Lynch, Charles Schwab and Vanguard.
As part of an ABCNews.com investigation, a Russian speaking ABC News intern logged on to a Moscow-based hackers forum and was offered the user IDs and passwords of six U.S. trading accounts for a cost of $350.
The six accounts had almost $100,000 in value.
The online criminal even offered ABC News a free sample, the user ID and password of an Ameritrade account owned by a man in Fremont, Calif. When contacted, the California man confirmed it was his account and agreed to quickly change his password.
The FBI's Henry offered the following advice to avoid becoming a victim of such Internet theft:
l. Always use a trusted computer when conducting financial transactions.
2. Going into a hotel or an airport or an Internet cafe, assume you may be at risk.
3. Closely scrutinize reports from your online trading firm to make sure the reported trades are ones you authorized.
4. Frequently change your password and when traveling, consider using a special program that will change your password every 10 seconds.
5. Make sure your own computer has anti-virus protection.
March 20, 2007 | Permalink | User Comments (35)
You can follow this conversation by subscribing to the comment feed for this post.
my mac just laughs at all of this stuff. someone remind me why microsoft is so popular?
Posted by: weefs | Mar 21, 2007 3:37:59 PM
One thing we don't understand - how do the theives cash out the stolen stocks and get the money into their own account? We have an Ameritrade account and the only place money can be directed is into our bank account. Do the thieves have the ability to withdraw funds from our bank account too?
Posted by: Van | Mar 22, 2007 12:31:34 AM
This is an outrage! We're forced to put money into 401K's and other investment vehicles in part to sustain us in retirement because corporations continue to minimize/eliminate pensions and now with this garbage taking place we are robbed blind. Shame on the investment firms and our government. Just another case of Americal relinquishing its standard of living either by "outsourcing" or just plain neglect. People better wake up!
Posted by: Jim | Mar 22, 2007 10:18:43 PM
Lets get George Bush impeached and these cronies of his thrown out of office. The Republican Party is against the American way of life. Wake up America! A & B in Alabama.
Posted by: angela | Mar 23, 2007 10:46:14 AM
My guess is that the crooks are only transferring money from regular accounts directly, not from IRAs/401Ks. So if they break in, they can certainly wire money from your regular account.
Do not use public computers to access your accounts. Even though the security lock may show, if the public computer has a spyware program called a keylogger, it will capture your password info as you type it into the machine (before it ever goes out on the internet). Then the keylogger will transmit it to the crooks on the web behind the scenes.
If you use your own laptop on the road on a wireless network, you still face some risk, but it is far lower. If you use your own laptop in your room via an ethernet (wired) network, your risk is reduced almost to the same level you have at home.
By the way, if you use your laptop on the road and NEVER access your online accounts, your risk is almost zero that the crooks could get any info off your laptop (after all you never transmitted your password).
Posted by: Craig | Mar 23, 2007 5:31:41 PM
Good articles and news. Now a days we are afraid of using these facilty as hacking is getting common and eat our hard earn money which we use it very judicially and after careful thought.
ASs sugeested to change your password every ten second how it is possible and secondly very difficult to remember when you will use which pass word to acesses. If we forget password than especiaaly while in travelling you are stuck. Secondly you are engage in non productive activities and it will be very difficult to focus onbusiess for which you are travelling.
Look forward to see more ways of protections. information and method of safe guarding our hard earned money. Prime responsibilty of hotel ptroviding safety to their valuable customers,
Posted by: Mahmood Hussain | Mar 24, 2007 11:47:21 AM
Does it help to have the password written in an innocuous file, then using the mouse to cut and paste it?
That would bypass any keystroke reading programs, wouldn't it?
Posted by: Kevin Rooney | Mar 25, 2007 11:34:09 PM
I have an Ameritrade acct. I am usually outside of the US, on business. I sometimes need to use wire transfers to move funds from Amerit. into or out of a US or foreign bank acct. Each time I put in a request for this type of transfer, I am required by Amerit. to submit a signed letter of authorization, and the funds can only be wired to one of my preauthorized accts, and only to accts. in my own name.
Ask your financial services providers to request of you extra authorization levels for transactions. It may add time and minor inconvenience, but I believe it's worth it.
Posted by: commissar | Mar 26, 2007 4:33:17 PM
"crush after using" is my motto..
Seriously - Do not set up your account for wire transfers!!!
Posted by: wayne | Mar 28, 2007 4:28:42 PM
To all of you who use "internet" in financial dealing, remember the "enigma machine".............
Posted by: Boris | Mar 28, 2007 8:43:48 PM
I tend to think that this is more the hubris and anarchy of the American government that is doing this and blaming it on Russians
Posted by: Vox Populae | Mar 28, 2007 10:34:20 PM
how about voice recognition matching customer data bank via phone for confirmation of trade plus password plus personal question, then callback from trader/bank for verification before processing,+++ then confirmation callback that message rec'd. etc...+++? would that work for a while?
Posted by: wmitch | Mar 29, 2007 11:07:19 PM
If you are done accessing anything that has to do by using passwords could the thieves get ahold of your password?
P.S.-If you put your computer on stand-by after your done using computer,and when you come back to use computer again,at the Welcome Screen,could thieves still get any information without your logon password?
Posted by: Matthew Way | Apr 4, 2007 9:27:19 PM
If this is happening on your own computer changing your user id
and password frequently is not going to help. Is there a scenario which describes how such a "key stroke" program could somehow get onto your home computer. Does any of the anti virus software or operating system software defend against this intrusion?..probably not.
Posted by: Alex | Apr 4, 2007 10:54:01 PM
Russian hackers are dangerous! They will crack all! BUT! We usual people. Simply we for the accessible information! We do not plunder! We do not offend! We for the truth! For availability! We not monsters!
Posted by: Masta_man | Apr 13, 2008 5:14:25 AM
Post a comment
