Ringleader of $1m online trading account scam charged

Victims buy high, sell low, hacker buys low, sells high.

A Russian citizen has been charged with hacking online trading accounts and trading with himself in a scheme that cost his victims over US$1.4 million.

The 31 year-old New York resident Petr Murmylyuk is accused of causing compromised accounts to conduct unauthorised options trades with several accounts he had fraudulently established.

Murmylyuk allegedly used stolen a social security number to establish the fake identity Dmitry Tokar which became his prime identity in fraudulent trades that are estimated to have cost Fidelity, Scottrade, E*Trade, and Schwab around US$1 million, according to the US Justice Department.

The US Securities and Exchange Commission’s (SEC) own investigation focused on one victim and how the operation worked.

Because of the way Murmylyuk structured “open” short and long trades the impact to the victim was much larger than his gain. The case the SEC investigated revealed that the victim lost more than US$140,000, while Murmylyuk gained US$30,000.

“Essentially, Murmylyuk entered matching orders in those accounts that caused the intruded victim account first to purchase thinly traded options from Murmylyuk’s stolen identity account at a high price, and then to immediately sell the same options back to the stolen identity account at a much lower price, resulting in a profit to Murmylyuk’s stolen identity account and a loss to the intruded victim account,” the SEC said in a statement.

Murmylyuk’s entire operation was estimated to have cost victims over US$1.4 million since he began the operation in 2010, which expanded into to lodging fraudulent tax returns, generating over $450,000, Ars Technica reported.

Murmylyuk was also accused of recruiting mules, often Russian speaking foreign nationals residing in the US, to open up bank accounts to deposit proceeds from his trades, allowing money to be withdrawn.

He was arrested in late 2011 in possession of a laptop that provided much of the evidence used against him.

The charges against Murmylyuk follow a recent warning by the Australia Security and Investments Commission for online trading account holders to “urgently” review their security after discovering several intrusions.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

1 Comment

Gopal Das

1

Unfortunately, there are still tons of scams out there…There is a new iPhone app recently released, called Scam Detector, which exposes like 500 scams. It is worth checking it out, if you have an iPhone. The app is also online - they have a free web version, if interested. Google it, it's kinda cool, actually.

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.