SEC brings landmark case against teenage hacker

The end result, the SEC claimed, is that Dinh was able to dodge $37,000 in trading losses by causing the victim to unknowingly purchase put options referenced on the stock of California-based networking technology specialist Cisco Systems.

SEC Office of Internet Enforcement chief John Reed Stark said investors need to review their brokerage statements carefully every month and be wary of downloads. They should take security measures, he added, “such as using an anti-virus shield and employing a firewall... to avoid computer viruses, worms and other intrusion programs".

The SEC claims Dinh attempted to conceal his identity through the use of online aliases, multiple e-mail accounts, foreign internet service providers and anonymous websites. According to the regulator’s filing, during July 2003, Dinh sent an e-mail inviting users of an online stock discussion forum to test a new stock-charting tool.

However, this tool was actually a disguised version of a keystroke-logging program dubbed 'The Beast'. This allowed Dinh to monitor remotely the computer activity of users who had downloaded the tool. Dinh, the SEC claims, employed this program to obtain the login and password information for the victim's TD Waterhouse online brokerage account.

Next, on the morning of July 11, Dinh placed through his own online brokerage account orders to sell his option contracts at $5 per contract, and corresponding buy orders through the victim's account. As a result, Dinh caused the unsuspecting account holder to purchase 7,200 option contracts.

In a related action, Dinh was charged by the US Attorney's Office for the District of Massachusetts with securities fraud, mail and wire fraud, and causing damage in connection with unauthorised access to a protected computer.