31-year-old Petr Murmylyuk, a Russian national living in New York, has been charged by the U.S. Department of Justice (DOJ) for his alleged role in a $1.45 million hacking scheme. According to the complaint filed in Newark federal court, Murmylyuk worked with others to hack into, and execute fraudulent trades, on online accounts at brokerage firms Charles Schwab, E-Trade, Fidelity, and Scottrade.
The four firms have reported combined losses of approximately $1 million as a result of the fraud. So where's the difference? The Manhattan District Attorney's office has also charged Murmylyuk with stealing the identities of hundreds of people, filing fake tax returns for htem, and generating $450,000 in refunds.
Murmylyuk has been charged with one count of conspiracy to commit wire fraud, unauthorized access to computers, and securities fraud. The U.S. Securities and Exchange Commission (SEC) is also filing a parallel civil lawsuit against him. Murmylyuk remains in state custody facing charges from a separate investigation, and is expected to appear in Newark federal court to face the conspiracy charge on a date that has yet to be determined.
In late 2010, Murmylyuk worked with other members of the ring to gain access to the online accounts and change the phone numbers and e-mail addresses on file to prevent alerting victims of unauthorized trading, according to the DOJ. Once the hackers controlled the accounts, they used stolen identities to open additional accounts at other brokerage houses. They then made the accounts make unprofitable and illogical trades with the new accounts.
Murmylyuk and a conspirator recruited foreign nationals visiting, studying, and living in the United States—including Russian nationals and Houston residents Anton Mezentsev, Galina Korelina, Mikhail Shatov, and others—to open bank accounts into which illegal proceeds could be deposited. Murmylyuk and the conspirator then caused the proceeds of the sham trades to be transferred from the profit accounts into those accounts, where the stolen money could be withdrawn.
Murmylyuk and a conspirator recruited foreign nationals visiting, studying, and living in the U.S. to open bank accounts into which illegal proceeds could be deposited, and then transferred their stolen money into these new accounts so it could be withdrawn, according to the DOJ. He allegedly used Russian-language social networks to recruit individuals from Kazakhstan on student visas in the U.S. to act as mules for laundering the fraudulently obtained funds.
Murmylyuk is also accused of calling Trade Station Securities, claiming to be "Dmitry Tokar," through whose brokerage account the ring placed approximately $200,000 in fraudulent trades.
Murmylyuk was arrested on November 3, 2011. He had in his possession a laptop that evidenced the fraud. If convicted, Murmylyuk could face up to five years in prison and a $250,000 fine.
"Hackers continue to find new and advanced ways to steal from the financial sector," First Assistant U.S. Attorney J. Gilmore Childers said in a statement. "Through the illusion of legitimacy, these alleged hackers controlled both sides of securities transactions to game the market and drain their victims' accounts. Those who use their computer skills for fraud underestimate the combined resolve of law enforcement and the financial services industry to detect and stop these crimes."
"This investigation highlights the level of sophistication reached by individuals involved in computer intrusions and hacking activities in furtherance of complex economic and financial crimes," FBI Newark Division Assistant Special Agent in Charge David Velazquez said in a statement. "The same level of sophistication must be maintained by federal investigators and prosecutors, together with private sector partners, to stay one step ahead of these individuals."
- 3 million bank accounts hacked in Iran
- Up to 1.5 million Visa, MasterCard credit card numbers stolen
- Chinese hacker arrested for leaking 6 million logins
- Anti-abortion hacker jailed for stealing 10,000 records
- Medicaid hack update: 500,000 records and 280,000 SSNs stolen
- Hacktivists stole 100 million records in 2011