Saturday, October 11, 2003

Beware the Beast

Securityfocus.com offers a fascinating story that combines hacking, spamming, identity theft, and financial fraud. According to Kevin Poulsen:

"Dinh was the unhappy owner of $90,000 in "put" options that could have delivered a hefty payoff if Cisco Systems Inc. stock drooped below $15.00 a share-- but instead were close to expiring worthless.

Rather than eat the loss, Dinh allegedly constructed an electronic shell game to offload the contracts on a innocent dupe. Dinh built a list of targets by posting innocuous queries as "Stanley Hirsch" to a public forum on the trading discussion site stockcharts.com, and noting the e-mail addresses of people who responded. The next day, using the alias "Tony T. Riechert," he spammed those addresses with an offer to participate in a beta test of a new stock charting tool.

The "stock charting" tool turned out to be a Trojan horse called the "Beast," according to the government. An unsuspecting Westborough, Massachusetts investor -- unnamed in the complaints -- ran the program, and sometime thereafter accessed his online brokerage account with TD Waterhouse, while the Beast silently logged every keystroke. Dinh allegedly swept in later and downloaded the logs, obtaining the man's username and password. "

Read the rest of the article to learn more. Reuters offers additional coverage.