SEC uncovers online retail brokerage hacking scheme

Fraudsters were able to sell their holdings at artificially high prices and reap more than $1 million in illicit proceeds, the SEC alleged. 

The Securities and Exchange Commission has charged 18 individuals for hacking dozens of online retail brokerage accounts in order to purchase microcap stocks to manipulate the price and trading volume of those stocks.

The international fraudulent scheme was allegedly led by Rahim Mohamed of Alberta, Canada, who coordinated the hacking attacks, and several others in and outside the United States, according to the SEC.

The order states that the scheme took place in late 2017 and early 2018 when hackers accessed at least 31 U.S. retail brokerage accounts and used them to purchase the securities of Lotus Bio-Technology Development Corp. and Good Gaming, Inc.

Fraudsters, who already controlled large blocks of Lotus Bio-Tech and Good Gaming stock, were thus able to sell their holdings at artificially high prices and reap more than $1 million in illicit proceeds, the SEC alleged.

The financial watchdog found that Davies Wong of British Columbia, Canada, and Glenn B. Laken of Illinois, respectively, controlled the majority of the Lotus Bio-Tech and Good Gaming stock that was sold while the hacking attacks were being carried out, and Mohamed coordinated with Wong, Laken, and others to orchestrate the attacks.

Richard Tang of British Columbia, Canada, was also allegedly involved with both the Lotus Bio-Tech and Good Gaming schemes.

Protecting retail investors from cyber fraud

Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said: “This case illustrates the critical importance of cybersecurity and of our ongoing efforts to protect retail investors from cyber fraud. The SEC remains committed to rooting out this type of wrongdoing. Investors should also take precautions, including choosing strong passwords, using different passwords for different accounts, and using two-factor authentication when available.”

Nekia Hackworth Jones, Director of the SEC’s Atlanta Regional Office, commented: “Our complaint details a brazen and sophisticated scheme, with hackers using international accounts and dummy accountholders to hide their tracks. As this case demonstrates, the Division can uncover misconduct even when it crosses borders and is concealed behind multiple layers of obfuscation.”

The SEC’s complaint charges violations of the antifraud and beneficial ownership reporting provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934 and names two relief defendants who received proceeds from the hacks.

The regulator seeks the return of ill-gotten gains plus interest, penalties, bars, and other equitable relief.