Key Loggers Strike Online Brokerage Houses

from the costly-security dept

Wed, Oct 25th 2006 12:48am — Mike Masnick

One of the more popular identity theft scams these days is to use keyloggers to get someone's bank account info and then take their money. However, it looks like some organized crime groups have taken this up another level with some online brokerage houses. Apparently, both TD Ameritrade and E-Trade were recently victims of multimillion dollar frauds when identity thieves used all of the accounts they had collected up to stage a huge pump-and-dump scam. Basically, they collected a large number of logins to various accounts. But rather than directly going in and stealing the money, they used all of these accounts in a short period of time to buy certain stocks, pushing the value up, and allowing themselves to sell large quantities of the stock. Both brokerage houses said they had to cover their customers losses out of pocket, with E-Trade paying $18 million and TD Ameritrade spending $4 million. Both claim they're trying to make sure this doesn't happen again, mainly by being able to spot such frauds faster. Still, it is interesting to see how these identity theft scams continue to evolve -- and how they're clearly getting increasingly sophisticated.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

christoph, 25 Oct 2006 @ 5:01am

this is very sad...
the commen thief is pshing the market, i feel for the AOL PSHERS world wide...i feel for you
[ link to this | view in chronology ]
Steve, 25 Oct 2006 @ 5:22am

IE7 FF2
With IE7 and Firefox 2 the phissing filters will help clear up a big problem.
[ link to this | view in chronology ]
- Corey, 25 Oct 2006 @ 6:55am
  
  Re: IE7 FF2
  It is foolish to think that new versions of software will compensate for a users lack of common sense and general stupidity.
  [ link to this | view in chronology ]
Nunya, 25 Oct 2006 @ 6:28am

funny
Its very easy to install a keylogger when you got click happy people in this world, when will people learn...
[ link to this | view in chronology ]
abross, 25 Oct 2006 @ 6:54am

Other countries require some type of chip or second form of identity besides a password. American companies have argued that such systems are not feasible, even though they are widely adopted outside the US.

I am guessing that better security will suddenly become feasible in the US if a few more companies get hit with big fraud claims.
[ link to this | view in chronology ]
Trouble Maker, 25 Oct 2006 @ 7:29am

two cents worth
The Army spends $450.00 on a rifle and requires soldiers to have at least 84 hours of training with it a quarter.

The Army spends $3000.00 on a computer and lets soldiers use it without any training.

It is like climbing into the cockpit of a airplane without flight school.
[ link to this | view in chronology ]
- Oliver Wendell Jones, 25 Oct 2006 @ 8:55am
  
  Re: two cents worth
  I'm curious as to where you got these numbers?
  
  I find it highly unlikely that the government obtains M-16A1 rifles that cheaply, especially the way they overpay for everything else.
  
  Also, as a 3 year Army veteran, I can personally state that after completing 3 months of basic training, I never again saw or handled a rifle for the rest of my term of service. There wasn't much need for them in the hospital where I was stationed.
  [ link to this | view in chronology ]
no no no, 25 Oct 2006 @ 8:20am

UNREAL
A common theif huh! LOL A song i once heard said you got to give credit where credit is do, and it is amazing at how these scams have evolved.

TO PUSH THE MARKET! UNREAL! and BRILLIANT in its own way!
[ link to this | view in chronology ]
Matthew, 25 Oct 2006 @ 8:26am

What are these companies and
why aren't they (more?) responsible towards these actions?

A teenager sent out one of the first emails regarding "the next great stock" and that company was fined even after they alerted the Stock Exchange that something weird was going on. Even if the culprits are overseas, this money is hardly untraceable is ut?
[ link to this | view in chronology ]
joseguia, 25 Oct 2006 @ 9:55am

All they have to do is get you select an image as part of the password , so when you login you would have to select the picture you chose initally, as long as the pictures change often and shuffle around there should be no way a keylogger could determine that.
[ link to this | view in chronology ]
Solo, 25 Oct 2006 @ 10:18am

At this rate of mislabeling things, soon armed robbery and car jacking are going to be called identity theft.

Stealing somebody's password and using her account is fraud, not identity theft. Stealing credit card numbers and using them is credit card fraud, or plain theft.

Ameritrade and E-Trade are covering for the losses. Credit card fraud is covered except for the first $50 (by law)

Identity theft is having someone impersonating you and typically applying for loans in your name, pocketing the money and leaving you high and dry. Good luck to clear your credit history.
[ link to this | view in chronology ]
Geoff, 25 Oct 2006 @ 10:23am

Why oh why
With all these new-fangled tools at the con-artist's disposal, why is it that King Fuatumallomallo of Nigeria is still trying to get me to open a bank account for him to tranfer 4 million billion dollars that his dead father the King of Swallowswallowgulp left him when he died fighting for his freedoms?????
[ link to this | view in chronology ]
Anonymous Coward, 25 Oct 2006 @ 2:00pm

Are the comments monitored/filtered so we can's spell phishing correctly?
[ link to this | view in chronology ]
Jack, 25 Oct 2006 @ 5:15pm

All inexperienced computer uses should be forced to buy a Dell. After a grueling hour with their tech support, they will go out of their way not to mess their pc up again.
[ link to this | view in chronology ]
|333173|3|_||3, 25 Oct 2006 @ 8:06pm

Re: funney
Users will learn about the same time they learn that .PIF is not an image. Still, serves them right, and pays for the pr0n sites.
[ link to this | view in chronology ]
John Evelyn, 26 Oct 2006 @ 12:45am

More about share fraud on Get Safe Online
Get Safe Online is a UK government initiaitive designed to help citizens and small businesses protect themselves online. We run a blog too and this has some useful links and tips about online share fraud.
[ link to this | view in chronology ]