Teenager Hacks into Brokerage Account


Aug 17, 2000
WASHINGTON, Oct 9 (Reuters) - A Pennsylvania teenager hacked into another person's online brokerage account to trade
options, U.S. officials charged on Thursday, raising questions about the security of online trading accounts.

The U.S. Attorney's Office in Boston and the Securities and Exchange Commission said they filed criminal and civil
securities fraud charges against Van Dinh, a 19-year-old resident of Phoenixville, Pennsylvania.

Concealing his identity to remotely capture other people's usernames and passwords, Dinh tapped into the TD Waterhouse
account of a 34-year-old Boston-area man. Dinh then used the account and the man's identity to buy put options -- which are
contracts to sell a stock -- in common shares of Cisco Systems Inc. CSCO that Dinh owned and wanted to sell, officials alleged.

The case marks the first such action brought by the SEC against an Internet hacker for using another person's account
to make trades. "I've not seen a case like this before," said John Stark, head of the SEC Internet enforcement unit, which so far has
brought 424 Internet-related actions and 1,300 individuals since the unit opened in 1995, usually involving various stock
manipulation schemes and stock touting.

Several attempts to reach Dinh, who is not yet represented by an attorney, by telephone were unsuccessful. Officials at TD
Waterhouse, a subsidiary of Canada's No. 3 bank Toronto-Dominion Bank TD.TO, were not immediately available for comment.

The criminal and civil complaints were filed in a federal court in Boston, near where the victim resides in Westborough,
Massachusetts. The SEC said Dinh wanted to get rid of the options because Cisco's share price was higher than the
options' strike price at which their owner could sell Cisco shares.

Options give the holder the right to buy or sell a security, such as a stock or bond, for a preset price before a certain date.

On the morning of July 11, according to the SEC, Dinh used his own online account to place orders to sell his options
contracts and then placed corresponding buy orders for 7,200 Cisco option contracts through the victim's account.

Dinh used about $47,000 from the Boston man's account and avoided losses of about $37,000 on his options, officials
said. From June 18 through June 27, Dinh bought 9,120 put options contracts at the strike price of $15 per share through an
online trading account at Cybertrader.com, they said.

Each contract gave him the right to sell 100 shares at $15 per share until the expiration date of July 19 was reached.
Dinh paid $10 per contract for a total of $91,200, they said. Nine days before the expiration date, Cisco stock was
trading at about $19 per share, making his put options potentially worthless and putting Dinh at risk of losing the
entire $91,200 he paid to buy the options, the officials said.

In a warning to potential hackers, the SEC said it had tracked down Dinh "within days" of being told by the victim
because Dinh left so-called cyber "fingerprints" in a trail of e-mail accounts, foreign Internet service providers and Web
sites that provide anonymity.

"To those who attempt to use the perceived anonymity of the Internet to victimize investors, our message remains clear: We
will track you down and hold you accountable," Linda Thomsen, a top SEC enforcement official, said in a statement.

To all investors who may feel complacent about the security of their online accounts, Stark warned that they should
regularly read their account statements.

Prosecutors accused Dinh of mail fraud, wire fraud, securities fraud and causing damage from unauthorized access to
a computer. The SEC said it is seeking to force Dinh to pay the money he avoided losing and an unspecified amount in civil