Posted by:
admin
15 years, 3 months ago
The SEC has noticed a dramatic rise in fraud against online brokerage accounts. This is a very interesting article in that it shows how an attacker can take over accounts and make money without necessarily removing money from those accounts. All they need is a couple of "legitimate" account that the fraudsters open, a thinly traded small-cap stock and to control a couple of pwned accounts with enough money to manipulate the targeted stock. The article describes "pumping" as using pwned accounts to drive up the price of stocks that you hold. However, you can also make money on the way down:
- First, open the two online brokerage accounts. In Account A purchase the targeted stock. You will have to do it in such a way that the stock price doesn't rise. In Account B, do nothing for now.
- Second, use your nefarious means to gain control of some accounts. Sell all their existing holdings and start buying shares in the targeted company.
- As the stock price rises, sell all your shares in Account A, probably to the poor guy in the pwned account.
- After you sell all the stock in Account A at high prices, start short-selling in Account B. You will need to pay attention to the short-selling rules for the exchange. For example, on the NYSE you can only short-sell a stock on an up tick.
- Dump all the stock in the pwned account as quickly as possible
- Clear out your short positions in Account B.
- Start laundering your profits.
There are a number of interesting points:
- One, it is harder to track because of the number of accounts used. The attacker also now has three or more different accounts probably at different brokerages with money for laundering, so it is more likely that they will successfully get cash.
- The fraudster can make money as the stock rises and falls.
- It is yet another reason for a small cap stock to not be a public company. The main reason being meeting regulatory requirements.
As a side note, this confirms one of my predictions for 2006 which is good, because it doesn't look like any of the others will come to pass any time soon. It also points to the need for improved transaction authentication.
Share on Twitter Share on FacebookRecent Posts
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
Archive
2024
- January (1)
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)