SEC Sues UK Trader Over Hacking Accounts to Pump and Dump Stocks

Thursday, 23/06/2016 | 07:14 GMT by Steven Hatzakis
  • Idris Dayo Mustapha's assets frozen by SEC amid complaint over a trading scheme.
SEC Sues UK Trader Over Hacking Accounts to Pump and Dump Stocks
Bloomberg

The US Securities and Exchange Commission (SEC) is suing a trader based in the United Kingdom in connection with the alleged hacking of accounts belonging to US investors in order to carry out trades that would affect market prices to his own benefit and to others detriment.

The SEC said it obtained an emergency court order to freeze the assets of 30-year-old UK citizen Idris Dayo Mustapha, over the alleged unauthorized stock trades placed in client’s accounts without their knowledge which netted a profit to Mustapha while returning a loss to affected clients.

We will swiftly track down hackers who prey on investors as we allege Mustapha did, no matter where they are operating from and no matter how sophisticated their technology.

The new world of Online Trading , fintech and marketing - register now - for the Finance Magnates Tel Aviv Conference, June 29th 2016.

Account Intruder

Described as account intrusions, the alleged hacker gained access to client’s accounts and rapidly bought stocks at increasing prices and then benefited by selling his own shares of the stock in his brokerage account, an elaborate synthetic pump and dump scheme.

A complaint was filed in a New York court yesterday, where the SEC alleges that between April and May 2016, Mustapha hacked into a number of accounts that clients maintained at various broker-dealers in and outside of the US, as per the SEC update.

The SEC complaint explains that Mustapha’s scheme made $68,000 in profits for himself, yet caused victim’s accounts to suffer a loss of at least $289,000.

Over $100,000 in Assets Frozen

On the basis of alleged profits made, the emergency court order that was granted June 22, 2016 puts a freeze on over $100,000 of Mustapha’s assets while prohibiting him from destroying evidence, as the complaint is considered by the court.

“We will swiftly track down hackers who prey on investors as we allege Mustapha did, no matter where they are operating from and no matter how sophisticated their technology,” said Robert Cohen, Co-Chief of the SEC Enforcement Division's Market Abuse Unit, commenting in an official statement.

An excerpt of allegations taking from the SEC complaint filed June 22nd, 2016, in a U.S. District Court in the Southern District of New York can be seen below, outlining the synthetic pump-and-dump scheme.

source: SEC

source: SEC

Unsophisticated Hack?

While it may sound as if the alleged intrusions were carried out by highly sophisticated hackers, the complaint notes the similarity of IP address attributed to Mustapha on various occasions where trading took place, as described in the complaint.

The complaint does, however, state: "Passwords to the April Victims’ accounts had been reset on or about April 18 and 19, 2016, through unauthorized access to an administrative user’s account."

The complaint alleges: "Mustapha accessed his brokerage account to make the May 17, 2016 trades with the same computing device that he used to hack into the victim’s account to make unauthorized trades on the same day.''

Whether clients had given any passwords out or access was hacked, the trades were unauthorized if no power-of-attorney was granted and especially if the trading conducted was designed to benefit the trader at the clients' expense. Accordingly, the alleged violation of related securities laws were noted by the SEC in its complaint as the agency seeks further enforcement in this case.

The news follows a similar action that the CFTC took yesterday against a Commodity Pool Operator (CPO) which led to various penalties and enforcement actions.

The US Securities and Exchange Commission (SEC) is suing a trader based in the United Kingdom in connection with the alleged hacking of accounts belonging to US investors in order to carry out trades that would affect market prices to his own benefit and to others detriment.

The SEC said it obtained an emergency court order to freeze the assets of 30-year-old UK citizen Idris Dayo Mustapha, over the alleged unauthorized stock trades placed in client’s accounts without their knowledge which netted a profit to Mustapha while returning a loss to affected clients.

We will swiftly track down hackers who prey on investors as we allege Mustapha did, no matter where they are operating from and no matter how sophisticated their technology.

The new world of Online Trading , fintech and marketing - register now - for the Finance Magnates Tel Aviv Conference, June 29th 2016.

Account Intruder

Described as account intrusions, the alleged hacker gained access to client’s accounts and rapidly bought stocks at increasing prices and then benefited by selling his own shares of the stock in his brokerage account, an elaborate synthetic pump and dump scheme.

A complaint was filed in a New York court yesterday, where the SEC alleges that between April and May 2016, Mustapha hacked into a number of accounts that clients maintained at various broker-dealers in and outside of the US, as per the SEC update.

The SEC complaint explains that Mustapha’s scheme made $68,000 in profits for himself, yet caused victim’s accounts to suffer a loss of at least $289,000.

Over $100,000 in Assets Frozen

On the basis of alleged profits made, the emergency court order that was granted June 22, 2016 puts a freeze on over $100,000 of Mustapha’s assets while prohibiting him from destroying evidence, as the complaint is considered by the court.

“We will swiftly track down hackers who prey on investors as we allege Mustapha did, no matter where they are operating from and no matter how sophisticated their technology,” said Robert Cohen, Co-Chief of the SEC Enforcement Division's Market Abuse Unit, commenting in an official statement.

An excerpt of allegations taking from the SEC complaint filed June 22nd, 2016, in a U.S. District Court in the Southern District of New York can be seen below, outlining the synthetic pump-and-dump scheme.

source: SEC

source: SEC

Unsophisticated Hack?

While it may sound as if the alleged intrusions were carried out by highly sophisticated hackers, the complaint notes the similarity of IP address attributed to Mustapha on various occasions where trading took place, as described in the complaint.

The complaint does, however, state: "Passwords to the April Victims’ accounts had been reset on or about April 18 and 19, 2016, through unauthorized access to an administrative user’s account."

The complaint alleges: "Mustapha accessed his brokerage account to make the May 17, 2016 trades with the same computing device that he used to hack into the victim’s account to make unauthorized trades on the same day.''

Whether clients had given any passwords out or access was hacked, the trades were unauthorized if no power-of-attorney was granted and especially if the trading conducted was designed to benefit the trader at the clients' expense. Accordingly, the alleged violation of related securities laws were noted by the SEC in its complaint as the agency seeks further enforcement in this case.

The news follows a similar action that the CFTC took yesterday against a Commodity Pool Operator (CPO) which led to various penalties and enforcement actions.

About the Author: Steven Hatzakis
Steven Hatzakis
  • 787 Articles
  • 7 Followers

More from the Author

Retail FX