ID Thefts Slam Online Brokers

Computerworld - Two of the top online stock brokerages in the U.S. disclosed that overseas hackers broke into some of their customer accounts during the past three months, resulting in combined losses of at least $22 million and leading both firms to take steps to bolster their security measures.

Jerry Bartlett, CIO at TD Ameritrade Holding Corp., said in an interview last week that the attacks were launched by identity thieves in Eastern Europe and Asia who used keylogging software delivered via Trojan horses or other malware to steal the account information of users logging onto public computers or their own infected PCs.

The hackers then used existing accounts or created dummy ones to buy shares in little-traded stocks, driving the prices up so they could sell previously purchased shares at a profit. Customers of ETrade Financial Corp. were also victimized by the so-called pump-and-dump scheme, according to ETrade officials.

Bartlett said no data was stolen from TD Ameritrade’s own databases, nor were its servers breached during the attacks. But he acknowledged that the company’s antifraud efforts, which include a security team that uses special software to monitor for anomalous activity such as users logging in from unusual IP addresses, failed to detect the stock scams quickly enough.

As a result, TD Ameritrade has installed new technology and reconfigured its existing tools to monitor for pump-and-dump activity, Bartlett said. “We could identify it [before], but certainly not to the sophistication of what we can do now,” he added. He declined to discuss the new capabilities in detail or disclose which security tools his firm uses to guard against online fraud.

ETrade has also beefed up its online security in response to the recent attacks, CEO Mitchell Caplan said during an Oct. 18 conference call on the company’s third-quarter financial results. Caplan said ETrade had cut the amount of fraudulent activity to “almost zero” over the previous three weeks as a result of the security changes.

The inability of ETrade and TD Ameritrade to promptly detect the hackers is hitting them in their pocketbooks. Although the money in brokerage accounts isn’t insured, both firms guarantee customers against losses caused by fraud.

ETrade officials said during the earnings call that the company had spent $18 million to compensate customers for losses from the attacks. Last week, TD Ameritrade disclosed during a conference call on its fourth-quarter results that it had reimbursed a total of $4 million to its customers.

To help it monitor accounts for unusual behavior, ETrade uses antifraud software developed by Cyota Inc., which is now a part of EMC Corp.’s RSA Security Inc. division.