U.S. Securities and Exchange Commission
Litigation Release No. 18401 / October 9, 2003
Securities and Exchange Commission v. Van T. Dinh, Civ. Action No. 03-CV-11964RWZ (D. Mass. filed October 9, 2003)
SEC Charges Hacker With Breaking Into Investor's Online Account, Placing Unauthorized Buy Order
The Securities and Exchange Commission today filed a complaint in the United States District Court for the District of Massachusetts charging Van T. Dinh, a 19-year-old resident of Phoenixville, Pennsylvania, with illicitly accessing through the Internet an investor's online brokerage account and purchasing, without the account holder's knowledge, soon-to-be worthless options held by Dinh. These bogus transactions saved Dinh approximately $37,000 in trading losses.
While carrying out his scheme, Dinh took great pains to conceal his identity and evade detection, including assuming various online aliases, using multiple e-mail accounts, and employing foreign Internet service providers and several online anonymizing websites.
In particular, the Commission's complaint alleges that:
- Between June 18 and 27, 2003, the defendant purchased over 9,100 Cisco Systems, Inc. put option contracts with a July 19, 2003 expiration date for $10 per contract. These options gave Dinh the right to sell Cisco common stock at a price of $15 per share, but would expire worthless if the price of Cisco stock stayed above $15 per share. As July 19 approached, it became increasingly likely that the Cisco options would expire worthless.
- On July 7, Dinh contacted several members of www.stockcharts.com, an investment analysis website, in order to obtain their e-mail addresses. Using an alias, Dinh filled out e-mail-based web forms inquiring about the members' personal websites; those who replied revealed their e-mail addresses to Dinh.
- The next day, using a second alias, Dinh e-mailed the members who had responded to his earlier inquiry and invited them to test a new stock-charting tool. The e-mail invitation from Dinh directed the recipients to a website featuring a downloadable version of the purported stock-charting tool. In reality, the program was a disguised version of "The Beast," a keystroke-logging program that allowed Dinh to remotely monitor the computer activity of those who downloaded it.
- At least one recipient of Dinh's July 8 e-mail, a TD Waterhouse online brokerage customer, unwittingly downloaded and installed The Beast on his home computer, thereby enabling Dinh to monitor his computer activities, identify his online brokerage account, and steal his log-in and password information.
- On the morning of July 11, eight days before their expiration, Dinh's Cisco options were more than $3 "out of the money." Nevertheless, Dinh accessed his personal online brokerage account and placed a series of orders to sell his Cisco options at $5 per contract. These sell orders went unfilled until Dinh infiltrated the TD Waterhouse account and placed corresponding orders to buy the Cisco options at the $5 contract price. Each of these buy orders was executed against sell orders from Dinh's own account, until Dinh had sold 7,200 of his Cisco option contracts and depleted virtually all of the available cash in the TD Waterhouse account.
- On July 19, the Cisco options expired worthless.
In a related action, Dinh was charged by the United States Attorney's Office for the District of Massachusetts with securities fraud, mail and wire fraud, and causing damage in connection with unauthorized access to a protected computer.
The Commission's action seeks preliminary and permanent injunctive relief, disgorgement of illegal proceeds with prejudgment interest, and civil monetary penalties based on Dinh's alleged violations of Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder.
SEC Complaint in this matter