SEC brings landmark case against teenage hacker

According to the SEC, the civil charges relate to the activities of Pennsylvania resident Van Dinh. The regulator alleges that the 19-year-old bought far out-of-the-money (OTM) equity options in late June, and subsequently “surreptitiously accessed” a Massachusetts-based investor’s online brokerage account - placing buy orders to cover his own option position.

The end result, the SEC claimed, is that Dinh was able to dodge $37,000 in trading losses by causing the victim to unknowingly purchase put options referenced on the stock of California-based networking technology specialist Cisco Systems.

SEC Office of Internet Enforcement chief John Reed Stark said investors need to review their brokerage statements carefully every month and be wary of downloads. They should take security measures, he added, “such as using an anti-virus shield and employing a firewall... to avoid computer viruses, worms and other intrusion programs".

The SEC claims Dinh attempted to conceal his identity through the use of online aliases, multiple e-mail accounts, foreign internet service providers and anonymous websites. According to the regulator’s filing, during July 2003, Dinh sent an e-mail inviting users of an online stock discussion forum to test a new stock-charting tool.

However, this tool was actually a disguised version of a keystroke-logging program dubbed 'The Beast'. This allowed Dinh to monitor remotely the computer activity of users who had downloaded the tool. Dinh, the SEC claims, employed this program to obtain the login and password information for the victim's TD Waterhouse online brokerage account.

Next, on the morning of July 11, Dinh placed through his own online brokerage account orders to sell his option contracts at $5 per contract, and corresponding buy orders through the victim's account. As a result, Dinh caused the unsuspecting account holder to purchase 7,200 option contracts.

In a related action, Dinh was charged by the US Attorney's Office for the District of Massachusetts with securities fraud, mail and wire fraud, and causing damage in connection with unauthorised access to a protected computer.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here