This ABC News report is available at:

March 20, 2007 5:00 AM
Len Tepper and Asa Eslocker Report:
Cybercriminal rings in Russia and Eastern Europe have stolen tens of millions of dollars by breaking into and looting U.S. 401k and online stock trading accounts, FBI and SEC officials tell ABC News.

“You could wake up one morning and find all your money in your retirement account or in your trading account is gone,” said John Reed Stark, Chief of Internet Enforcement at the Securities and Exchange Commission.

In addition to the Russian rings, authorities have also seen hackers in India, Hong Kong and Malaysia going after similar online accounts.

The criminals either cash out the stocks and wire the money to their own account or sell off the stock holdings to buy shares in worthless stock they control, an Internet version of the classic “pump and dump” scheme.

In many cases, American victims have had their user IDs and passwords stolen when they use computers at hotel business centers and other Internet connection points.

The FBI says the criminals secretly bug the computers with programs to record every key typed.
“So that when you access your financial account, you are in fact giving the bad guy your account name, your password, your account number and essentially the keys to the kingdom,” explained Shawn Henry, Deputy Director of the FBI’s Cybercrimes Division.

Victims have included customers of E-trade, Scott Trade, Ameritrade, Fidelity, Merrill Lynch, Charles Schwab and Vanguard.

As part of an investigation, a Russian speaking ABC News intern logged on to a Moscow-based hackers forum and was offered the user IDs and passwords of six U.S. trading accounts for a cost of $350.

The six accounts had almost $100,000 in value.
The online criminal even offered ABC News a free sample, the user ID and password of an Ameritrade account owned by a man in Fremont, Calif. When contacted, the California man confirmed it was his account and agreed to quickly change his password.

The FBI’s Henry offered the following advice to avoid becoming a victim of such Internet theft:
l. Always use a trusted computer when conducting financial transactions.
2. Going into a hotel or an airport or an Internet cafe, assume you may be at risk.
3. Closely scrutinize reports from your online trading firm to make sure the reported trades are ones you authorized.
4. Frequently change your password and when traveling, consider using a special program that will change your password every 10 seconds.

5. Make sure your own computer has anti-virus protection.