Hackers Allegedly Compromised, Liquidated Brokerage Accounts in $1 Million Trading Account Hacking, Securities Fraud Scheme
A Russian national living in New York has been charged with hacking into retail brokerage accounts and using his access to steal nearly a million dollars by executing sham trades.
According to the U.S. Attorney’s Office, Petr Murmylyuk, of Brooklyn, and others working with him compromised several accounts at Scottrade, E*Trade, Fidelity, Schwab, and other brokerage firms.
Once they had contro of the hacked accounts, they altered the phone numbers and email addresses associated with the accounts to prevent the owners from becoming wise to the breach. After that, the group used stolen identities to open additional accounts at various brokerage firms. From there, the compromised trading accounts were used to make unprofitable and illogical securities trades with the new accounts.
For example, in one scheme the criminals used victims’ accounts to sell options contracts to the profit accounts, and mere minutes afterward, purchased the same contracts for up to nine times the price. Another tactic was to use the profit accounts to make short sales of securities at prices well over market price and make irrational purchases through victim accounts.
Murmylyuk and a conspirator recruited foreign nationals visiting, studying, and living in the U.S. to open bank accounts in order to transfer the proceeds of the sham trades to them, where the stolen money could be later withdrawn. Fidelity, Scottrade, E*Trade, and Schwab have reported combined losses to date of approximately $1 million because of the scams.
If convicted, Murmylyuk faces a maximum potential penalty of five years in prison and a $250,000 fine.
In a related case, Daniyar Zhaxalyk, 25, who entered the United States from Kazakhstan on a student visa, pleaded guilty last week in Houston to one count of money laundering. Zhaxalyk admitted to laundering funds generated in a “sophisticated hack and dump” stock scam that caused more than $400,000 in losses. His actions were similar to those used by Murmylyuk.
At sentencing, Zhaxalyk will face a maximum penalty of 10 years in prison and a $250,000 fine.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
