Godlike Productions - Conspiracy Forum
Users Online Now: 2,460 (Who's On?)Visitors Today: 1,722,964
Pageviews Today: 2,295,169Threads Today: 537Posts Today: 9,731
04:26 PM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

If anybody has money in an online account it can be stolen in a blink this guy lost his 401k

 
Anonymous Coward
User ID: 175465
United States
01/07/2007 12:05 PM
Report Abusive Post
Report Copyright Violation
If anybody has money in an online account it can be stolen in a blink this guy lost his 401k
Posted: Friday, January 5 at 04:00 am CT by Bob Sullivan

One moment Dave DeSmidt had $179,000 in his 401(k) retirement account, the next he had nothing. In an instant, 25 years of savings had disappeared.

With a few clicks, someone raided DeSmidt’s retirement account with J.P. Morgan & Co and ordered a full disbursement to a private checking account.

Then came the really bad news. While credit card and online banking accounts are legally protected in the event of fraud, DeSmidt’s brokerage account came with no such insurance. Two months after the theft, his balance still read $0.

With hacking of brokerage accounts increasing, the legal gap facing DeSmidt and other victims has regulators and critics debating the need for new consumer protections.

‘I don’t have a clue’
The theft was the shock of a lifetime for DeSmidt, who plans to retire in a few years with his wife in their Mukwonango, Wis., home.

"That was a pretty good chunk of what we were going to retire on," DeSmidt said. "I don't have a clue how it happened."

The theft occurred on Oct. 23, while DeSmidt was on assignment for his company in China, near Shanghai. Just before lunch, someone else logged onto J.P. Morgan's Web site from a computer connected to the Internet through Comcast Cable Communications in Cherry Hill, N.J., and entered DeSmidt's user ID and personal access code.

While DeSmidt slept on the other side of the world, his imposter found that he had a balance of $179,000.43 in his account. A few more clicks, and the DeSmidts’ linked checking account was changed to a Bank of America account and an electronic transfer of all available funds was requested.

A report by J.P. Morgan suggests the criminal was a bit anxious, perhaps disbelieving the good fortune of hacking such a valuable account. The imposter logged in again from the same computer 41 minutes later, at 1:06 p.m., and again at 11:30 p.m. to review the pending transaction.

The next day, the money was sent to Bank of America. The name on the checking account didn't match the name on the 401(k) account, but that discrepancy didn’t raise a red flag high enough to halt the transfer.

DeSmidt didn't know it yet, but a quarter century worth of savings and investment gains had just disappeared.

The theft wasn’t tax-efficient. Since DeSmidt isn't yet of retirement age -- he’s 57 -- there were severe penalties for the early 401(k) withdrawal, and J.P. Morgan held back about $35,800.09 to pay these taxes. Still, it was a good day's work for the hacker. The company sent the remaining balance -- $143,200.34 -- to an account under his or her control.

SEC: Brokerage attacks ‘on the rise’
Computer criminals have made the logical progression from credit card fraud to online bank attacks and now to big-ticket brokerage accounts, analysts say.

Hacker attacks on brokerage accounts make sense from a criminal’s point of view. Brokerage accounts tend to have higher balances, making them worthwhile targets. And while a six-figure transfer out of a checking account would surely trigger fraud pattern detection software, large transfers from brokerage accounts are fairly standard.

John Reed Stark, chief of the Securities and Exchange Commission’s Office of Internet Enforcement, acknowledged that online brokerage hacking is “on the rise” and warned of possible consequences for consumers.

With simple credit card fraud, customers need only call their bank and refuse to pay for an item, he said, but brokerage account hacking is much more dramatic.

“People need to understand this kind of fraud,” Stark said. “This is very serious stuff. … People wake up in the morning, look in their account, and their money is all gone.”

Stark said any consumers who have encountered brokerage account fraud should contact his office for assistance at enforcement@sec.gov.

Covering tracks
Criminals who target brokerage accounts clearly know their craft. A day after successfully transferring DeSmidt’s money out of the 401(k) account, the hacker started trying to cover his or her tracks.

On Oct. 25, logging in through an SBC Internet Services connection in San Francisco, the criminal deleted the Bank of America account information from DeSmidt's account. Four hours later, using a Cox Communications connection out of Atlanta, the hacker re-entered DeSmidt's original checking account information. Other than the zero balance, there were no obvious signs remaining of the hacker’s visits.

A few days later, DeSmidt checked his retirement balance online, as he does regularly, and spotted the theft. Then the paperwork nightmare began.

"This has been very stressful,” he said. “My wife is going crazy."

A flurry of e-mail, faxes and registered letters followed. JP Morgan ordered an investigation, and sent the results to DeSmidt on Dec. 1.

"J.P. Morgan concludes there was no external or internal breach of controls with the J.P. Morgan environment," the report said. "Access and authentication controls established within J.P. Morgan worked appropriately."

The report dismissed the possibility that the crime was an inside job, as the request came from outside computers and the criminal knew DeSmidt's user name and password.

The report's conclusion: "Investigation Status: Closed."

It wasn't clear to DeSmidt what that meant; the firm never said it wouldn't issue a refund. But he was stuck in limbo, awaiting further instructions.

Promised a refund
Two more weeks passed, and DeSmidt started to fear his retirement money was indeed gone for good. By the time he contacted MSNBC.com, he said he had written to every government agency he could think of to no avail and hadn’t been able to find a lawyer willing to take his case.

"I can find lots of attorneys that will defend me if I am the one accused of the crime," he wrote.

DeSmidt's story, however, had a happy ending.

When MSNBC.com contacted J.P. Morgan, the firm said its continuing investigation had borne fruit. Spokeswoman Mary Sedara said the stolen funds had been recovered and would be refunded in time for Christmas. The firm would even make good on any market gains DeSmidt missed out on while the money was missing, she said.

The story didn't have to end this way, though.

Few consumers appreciate the fact that, unlike credit card and checking account transactions, there are no federal consumer regulations specifically protecting consumers in the event of brokerage account hacking, said Gartner fraud analyst Avivah Litan. And with hackers targeting investment accounts more frequently, the legal loophole could leave investors with some ugly surprises.

'They need to protect the assets'
"This should be a call to action for the regulators," she said. "They are never going to protect against all the (criminal) methods. They need to protect the assets."

Both credit card transactions and electronic account transfers, such as online banking payments, are governed by Federal Reserve regulations that strictly limit consumers’ losses from theft. Consumers who report credit card fraud are only liable for $50; liability for fraudulent checking account transfers is capped at $500 if the consumer reports the theft within 60 days. Refunds for checking account thefts must generally be issued within 10 days.

The regulations are designed to boost confidence in the systems. But the Federal Reserve doesn't regulate investment firms, and the Securities and Exchange Commission doesn't mandate any similar protections for brokerage accounts.

And Desmidt's tale is hardly an anomaly. Last year, several trading firms revealed they were hit by hackers. E-trade, for example, reported in October that it had lost $18 million to crime rings based in Eastern Europe and Thailand.

Despite the lack of legal compulsion, some investment firms have taken to offering broad consumer protections anyway. Both e-trade and Charles Schwab offer credit-card style guarantees. Money stolen from Charles Schwab's Web site will be returned to consumers as long as the theft is reported in a timely way, said Schwab's Greg Gable.

'We want people to feel secure'
"There is a fundamental business need to do it," Gable said. "We don't want clients concerned about the safety of their assets. … We want people to feel secure."

Gable wouldn't say how many Schwab customers had asked for theft refunds, saying only such cases were "very rare."

Stark said that in every recent case of brokerage hacking he’s familiar with, consumers who complained have received full refunds. But the largesse is voluntary – unless the brokerage makes a clear promise like Schwab or e-Trade -- and it may not last forever.

“Firms are reimbursing everyone (who) has that kind of loss,” he said. “But they didn’t always do that (and) I don’t know how long they can continue doing it.”

Brokerage account hijacking has the attention of regulators, but at the same time criminals are getting cleverer. In late December, the SEC moved to stop a pump-and-dump scheme involving an Estonian firm.

The SEC said the firm's Russian owner earned $350,000 by purchasing penny stocks, then hacking into other investors' accounts and purchasing large blocks of the stock before selling his own shares at inflated prices.

Web-based investing scams have DeSmidt's attention, too. He is grateful JP Morgan promised to return his funds, but he's not about to let lightning strike twice. He told the company to shut down Web access to his accounts.

"I prefer to keep the account access only over the telephone for now," he said.
Anonymous Coward
User ID: 60359
United States
01/08/2007 01:12 AM
Report Abusive Post
Report Copyright Violation
Re: If anybody has money in an online account it can be stolen in a blink this guy lost his 401k
This was a good article. Thanks to the OP for posting it.

My wife's brokerage called last week and said that someone logged onto her account from a suspicious IP address several weeks & they locked the account down. But apparently it took them several weeks to figure out what had happened.

Translation: I think this means that somebody stole money out of somebody's account and so they went back and checked their records to see other accounts that this IP address had logged into. Obviously brokers don't want to advertise that they have been hacked so they are trying to present the situation in the best light possible by saying that they are on top of the problem before anything happened. But why does it take them 2 weeks after the suspicious login to lock down the account? That's kind of locking the barn doors after the cows are gone....

The brokerage person thought that maybe my wife had a keylogger hidden on her computer, but that seems doubtful because, for one reason, she uses an apple... More likely, some hackers hacked into the brokers computers... The hackers seem to be ahead of the security people. It doesn't help if the brokers outsource their operations to India, China, and such places.
OZ
User ID: 32062
United States
01/08/2007 01:17 AM
Report Abusive Post
Report Copyright Violation
Re: If anybody has money in an online account it can be stolen in a blink this guy lost his 401k
If someone is caught red-handed hacking into another persons account, they should do 20 years hard time in a federal pen.
Shadow

User ID: 167681
Canada
01/08/2007 01:22 AM
Report Abusive Post
Report Copyright Violation
Re: If anybody has money in an online account it can be stolen in a blink this guy lost his 401k
The name on the checking account didn't match the name on the 401(k) account, but that discrepancy didn’t raise a red flag high enough to halt the transfer.

J.P. Morgan concludes there was no external or internal breach of controls

Jeez.
Over the side and damn the barracuda
Disturbed nli
User ID: 2269
Netherlands
01/08/2007 01:30 AM
Report Abusive Post
Report Copyright Violation
Re: If anybody has money in an online account it can be stolen in a blink this guy lost his 401k
I think a lot of problems would be solved if everybody had a static ip address, tied to the account.
Anonymous Coward
User ID: 60359
United States
01/08/2007 01:38 AM
Report Abusive Post
Report Copyright Violation
Re: If anybody has money in an online account it can be stolen in a blink this guy lost his 401k
If it's a sophisticated crime ring based in Eastern Europe or Thailand then they may be hard to brign to justice, but, on the bright side, the penalties in those places could be harsher...

If someone is caught red-handed hacking into another persons account, they should do 20 years hard time in a federal pen.
 Quoting: OZ 32062

News








We're dropping truth bombs like it's the end of days!