Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Russian Charged in Brokerage Account Hacking Scheme

Hackers Allegedly Compromised, Liquidated Brokerage Accounts in $1 Million Trading Account Hacking, Securities Fraud Scheme

A Russian national living in New York has been charged with hacking into retail brokerage accounts and using his access to steal nearly a million dollars by executing sham trades.

Hackers Allegedly Compromised, Liquidated Brokerage Accounts in $1 Million Trading Account Hacking, Securities Fraud Scheme

A Russian national living in New York has been charged with hacking into retail brokerage accounts and using his access to steal nearly a million dollars by executing sham trades.

According to the U.S. Attorney’s Office, Petr Murmylyuk, of Brooklyn, and others working with him compromised several accounts at Scottrade, E*Trade, Fidelity, Schwab, and other brokerage firms.

Once they had contro of the hacked accounts, they altered the phone numbers and email addresses associated with the accounts to prevent the owners from becoming wise to the breach. After that, the group used stolen identities to open additional accounts at various brokerage firms. From there, the compromised trading accounts were used to make unprofitable and illogical securities trades with the new accounts.

For example, in one scheme the criminals used victims’ accounts to sell options contracts to the profit accounts, and mere minutes afterward, purchased the same contracts for up to nine times the price. Another tactic was to use the profit accounts to make short sales of securities at prices well over market price and make irrational purchases through victim accounts.

Murmylyuk and a conspirator recruited foreign nationals visiting, studying, and living in the U.S. to open bank accounts in order to transfer the proceeds of the sham trades to them, where the stolen money could be later withdrawn. Fidelity, Scottrade, E*Trade, and Schwab have reported combined losses to date of approximately $1 million because of the scams.

If convicted, Murmylyuk faces a maximum potential penalty of five years in prison and a $250,000 fine.

In a related case, Daniyar Zhaxalyk, 25, who entered the United States from Kazakhstan on a student visa, pleaded guilty last week in Houston to one count of money laundering. Zhaxalyk admitted to laundering funds generated in a “sophisticated hack and dump” stock scam that caused more than $400,000 in losses. His actions were similar to those used by Murmylyuk.

At sentencing, Zhaxalyk will face a maximum penalty of 10 years in prison and a $250,000 fine.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cybercrime

Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...