Sarah Lai Stirland
Main Archives About Me Newsletter Cyberstatesman Email
 

February 2001

 

 

 

Virtual Gumshoes: On the Trail of e-Fraud
By Sarah Lai Stirland

James In Shig Ahn was very busy on the morning of June 2 last year.

The 43-year-old Korean immigrant was trading tech stocks with himself -using money that wasn't his. The trading began seven minutes before nine o'clock that morning. He bought shares of a thinly traded Nasdaq stock at $6 a share through his Terra Nova account, completing the transaction on an ECN (Electronic Communications Network.) Twenty-seven minutes later, using the same ECN, he sold 800 of those shares at $5.31 back to himself at another account that he had opened with Interactive Brokers.

On that same ECN over the next three business days, Ahn engaged in a blizzard of activity in which he artificially inflated the price of the stock he held by trading with himself over this ECN.

His plan, according to the Securities and Exchange Commission's complaint: to then cash in on those holdings and abscond.

"The only way a scam like this would work is if the perpetrator ran away," said Lewis Randazzo, a SEC litigator who worked on the case.

The plan was too simple. On June 7, after Ahn sent an e-mail and called Interactive Brokers 20 times to get them to wire his "winnings" to his PNC bank account, Interactive Brokers caught on and froze his brokerage account. Ten days later, the SEC charged him with securities fraud and the U.S. attorney's office for the Southern District of New York indicted him on criminal charges of both securities and wire fraud. Ahn pleaded guilty to the criminal charges and was sentenced to a year and a day in prison. A district court Judge also ordered him to pay $12,500 in restitution and enjoined him from engaging in the fraud again. Ahn neither admitted nor denied the charges when he settled the case.

Both the SEC and the District Attorney's rapid-and severe-response to this small-time crook illustrates the increasing resources and savvy with which law enforcers are forced to approach the growing world of securities cyber-crime. New technologies and new ways of trading are providing con artists innovative tools to perpetrate fraud, however crude. Though so-called cross-trading, such as Ahn's, is by itself old hat, technology has added a new wrinkle. It has revived old scams and created new ones.

In response, a new area of securities law enforcement is flowering: cyber-sleuthing.

Under SEC Chairman Arthur Levitt's watch and the leadership of the agency's Internet fraud squad chief, John Reed Stark, the SEC's Office of Internet Enforcement has swelled from a group of three founders in 1998 to a staff of more than 45 active across the country. In addition, the SEC has also embarked on a more systematic method of patrolling the Internet for fraud. Instead of wasting the valuable time of the other regular SEC staffers with Internet fraud sweep days, the SEC has commissioned a special search engine that combs the Net for potential new cases of violations of securities laws. All this activity is the result of a $15 million budget that Congress assigned the Internet enforcement unit in the past two years. The SEC's total budget for the fiscal year 2001 is around $400 to $420 million.

But it's not only the federal law enforcement authorities that get to play cops and robbers on the Internet. State-level authorities are getting in on the act as well. Securities regulators in California, New York, Pennsylvania and New Jersey have all established Internet enforcement units and more state regulators are getting together to train themselves in this field, said Charlie Neal, the North American Securities Administration Association's chairman of the Internet enforcement project group.

Attorneys in law enforcement agencies such as the SEC and state-level securities regulators are understandably cagey when asked about the methods that they use to track down fraudsters on the Internet. About all they'll say is that the two or three years that they spent in enforcing securities laws on the Internet has taught them a lot on basic issues, such as knowing what kind of information to ask for when subpoenaing Web sites, brokerages or Internet service providers for information on the suspected culprits.

"We'll resort to the traditional gum-shoe techniques," said Matthew Moro, the SEC's deputy attorney of the Internet Enforcement division.

That means examining trading records obtained from brokerages, the National Association of Securities Dealers and the New York Stock Exchange. And because people leave a virtual trail wherever they go on the Internet, Moro adds, "The Internet has given us more evidence to pursue-not less. For Internet enforcement, it's been great."

On the federal level, the SEC's powers are limited, however. Only the Federal Bureau of Investigation can bring criminal actions and imprison fraudsters. In addition, the SEC's investigations are curtailed by the Privacy Act of 1994, which precludes federal agencies such as the SEC from misrepresenting themselves, which means that SEC staff can't do undercover investigation. That's where the FBI and the state securities regulators come in. Both are able to conduct undercover activities as part of their investigations.

In California, undercover activities are a routine part of investigations undertaken by the state securities regulator: the department of corporations, said Marc Crandall, an attorney in the Internet compliance and enforcement unit. In fact, the department of corporations has a whole room of computers that are set up independently of the state of California, so as to mask the identity of the investigators when they're surfing the Web and making their inquiries with the potential fraudsters. Since 1998, the Internet compliance and enforcement department has issued 150 cease-and-desist orders, filed five civil actions, eight criminal actions and denied two people brokerage licenses.

With all its bulletin boards and easy publishing tools, one of the biggest securities fraud-related problems that the Internet helps to promote is price manipulation. "I think the Internet makes it very easy to do it, because there are so many stocks that aren't covered, and many of the companies that are promoted may be nothing more than a shell," said the SEC's Moro.

A couple of the most famous examples of Internet-related market manipulation are the phony Emulex press-release hoax of last August and the phony Lucent press release posted on Yahoo's financial message boards last March. Both hoaxes were designed to topple the shares' prices and they did until everyone discovered that the releases were fakes. But less high-profile manipulations occur through messages on message boards and private e-mails everyday. Securities regulators are watching. Last June, the California department of corporations filed its first civil action against a bulletin board poster. Posing as a Frank G. Mancuso, the former chairman of MGM, the writer of the bogus messages on Yahoo bulletin boards made some price predictions on MGM's stock based on messages he claimed to be getting from MGM majority owner and financier Kirk Kerkorian. The writer turned out to be a young trader in California who owned and traded MGM stocks in four different brokerage accounts. The poster eventually ended up settling the case, paying a fine and issuing a retraction.

This kind of fraud may soon look old-hat, however, as the stock market and its related world of information becomes increasingly accessible through more and more devices such as mobile phones and multimedia broadband Internet connections.

The SEC's Moro is already planning for this. He has a lot of questions to answer. If a con man perpetrates the fraud using a mobile Web-enabled phone, for example, what will be the quality of the information that will be available to the SEC if they decide to trace the calls? What kinds of logs-if any-would the phone company keep? And in the broadband world, how will the SEC's ability to subpoena user information from Internet service providers be affected under the cable privacy laws? How will new privacy bills sure to be debated in Congress this year dovetail with existing privacy laws?

Looks as if the SEC's Internet Enforcement division has its work cut out for it this year.