Day Trader Charged in Computer Hacking Scheme

Two key areas of focus for the SEC are retail investors and cyber. Both of those elements are present in the latest case filed by the U.S. Attorney’s Office for the Eastern District of New York which parallels a previously filed Commission action. U.S. v. Willner, No. 17-cr-620 (E.D.N.Y. Filed Nov. 8, 2017); see also SEC v. Willner, Civil Action No. 1:17-cv-06305 (E.D.N.Y. Filed Oct. 30, 2017).

Defendant Joseph Willner, a day-trader, was indicted for conspiracy to commit wire fraud, conspiracy to commit securities fraud and computer intrusions, securities fraud and conspiracy to commit money laundering. Over a three year period, beginning in the fall of 2014, Mr. Willner is alleged to have engaged in a computer intrusion and securities fraud scheme, profiting from a series of trades involving over 50 hacked online brokerage accounts. The proceeds were laundered by using Bitcoin, a crypto-currency.

Mr. Willner and others are alleged to have repeatedly manipulated the share price of stocks using two sets of accounts, according to the charging papers in the criminal case and the SEC’s complaint. One group belonged to Mr. Willner. The second group were accounts belonging to retail investors that were hacked by a scheme participant. To generate gains trading between the two groups of accounts would be coordinated. For example, the hacker would place orders to either artificially raise or lower the price of select stocks. Mr. Willner would then execute trades on the opposite side through his accounts. The profits from the trades were split.

To coordinate and conceal their activities Mr. Willner disguised his real identity when communicating with the hackers. He did this by using a pseudonym. He accessed the direct messaging applications using the pseudonym but with the IP address associated with his primary residence. In order to try and mask the payments to the hackers Mr. Willner transferred proceeds from profitable trades to a digital currency company that converted U.S. dollars to Bitcoin.

The stocks manipulated were at times penny stocks and at times not. Frequently transactions were undertaken either before or after the market opened or closed. At other times the trades were placed during the regular trading day. For example, on May 17, 2016 the hacker caused a victim’s account to purchase shares of Lawson Products, Inc. during regular market hours at increasing prices and in a manner that did not reflect supply and demand. Mr. Willner then sold the stock short at the artificially high prices. Subsequently the hacker sold the stock causing a price drop. Mr. Willner was able to purchase the shares to cover his short position at lower prices, netting the two traders at a profit. The same types of trades were placed prior to the opening of the market and after the close. The impacted brokerage firms lost over $2 million. Both cases are pending.

Program: The Fourth Annual Dorsey Federal Enforcement Forum, December 6, 2017. There will be panel discussions and presentation on EPA enforcement, SEC enforcement, investment advisers, international sanctions, FinTec, and international corruption investigations, followed by a holiday party. Attend in person, listen on the web or watch a live stream; CLE available. For a detailed program and to register click here.