Russian Hacker Charged in New York

By

Mar 21st


Russian hacker Petr Murmylyuk, also known as Dmitry Tokar was charged with conspiracy to commit wire fraud, unauthorized access to computers, and securities fraud.

Murmylyuk is accused of being part of a ring that gained access to brokerage accounts from ETrade, Schweb, Scottrade and a number of other online brokerage firms. The ring, once they had access to the accounts would change the account contact details to email addresses and telephone numbers that routed to the hackers.

Rather than change the bank details of the accounts, which would have alerted the brokerage firms to review the account activity, the hackers proceeded to perform what look like legitimate, but poor trades, for example selling options and a market price and sometimes within minutes, repurchasing the options at inflated prices.

This type of trading led to significant losses on the compromised accounts and significant profits for the hackers that were counter party to the poor trades. The Securities and Exchange Commission has filed a parallel civil case in an effort to recover the funds.

Trevor Kennedy, Alliance Director at Tripwire, stated that “these types of attacks are becoming more common. Just like IT start-ups, Hackers are trying to find ways to monetise their activities.”

“We are seeing increase sophistication in the ways Hacking groups make money from their victims, to the extent that sometimes it is difficult to identify the actual victims. For example, there was the case where market sensitive information, specifically earnings related data was released to Thomson Financial. The earning result was due to be released to the market after it had closed for trading. Back in 2007 a Ukrainian hacker by the name of Oleksandr Dorozhko hacked the Thomson website and access earning results for a company called IMS Health. Seeing that the results would likely have a negative impact on the stock price he shorted the stock for over $40,000. Once the results were published he made a profit of over $300,000.”

“In this case the SEC froze the funds for investigation, but ultimately a judge determined that as the hacker was not considered to be a company insider he didn’t violate the securities law governing insider trading. The funds were ultimately paid”

Leave a Reply

 
© 2006-2019 Security magazine.