Hack, pump, dump, jail

Graham Cluley
Graham Cluley
@[email protected]

Behind bars

According to Wired magazine, an Indian man was sentenced yesterday to two years in an American jail for his part in an international fraud ring that hacked into the internet accounts of American brokers and manipulated stock prices.

35-year-old Thirugnanam Ramanathan, a native of Chennai, India, and legal resident of Malaysia, hacked into stock market investment accounts held with online brokerages TD Ameritrade, Fidelity, E*Trade and several others.

Having gained unauthorized access to the victims’ accounts, Ramanathan and his two accomplices sold the victims’ holdings and bought shares in lightly-traded stocks pumping up their price. The gang had previously purchased the same stocks in their own brokerage accounts, and after the stock price had artificially risen they swiftly dumped their own holdings for a profit.

Sign up to our free newsletter.
Security news, advice, and tips.

IP addresses revealed that the hackers had used ISPs located in Bangkok, Thailand and Chennai, India to break into the accounts.

An FBI investigation found that the three men had stayed in the same Bangkok hotel at the time as some of the stock market manipulations.

Two other defendants, Jaisankar Marimuthu and Chockalingam Ramanathan (a resident of Chennai), have also been indicted. Marimuthu is currently detained in a Hong Kong prison awaiting extradition following his conviction on similar offences related to the Hong Kong stock market. Chockalingam Ramanathan remains at large.

We have often heard about spammers using junk email to pump up the price of a thinly-traded stock, only to make their riches shortly afterwards when they dump their own holding. This case is somewhat more sophisticated as the hackers broke into online trading accounts to do all of the stock purchases themselves – it’s almost as if they didn’t trust people to fool for the “Buy this stock now” ruse so loved by spammers in the past.

The authorities should be congratulated for their efforts in bringing such criminals to justice. Cases like this demonstrate the international nature of cybercrime today – where the criminals can be based on the other side of the world, far away from their victims.

Not only do hackers like this shake people’s confidence in online trading, but they can also commit identity theft when stealing an innocent person’s account.

Everyone – be they a large firm or an individual investor – has a responsibility to properly secure their computer systems to prevent hackers like this making a quick profit.

More information about the case can be found on the Department of Justice website.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.