news Police and the national markets regulator yesterday alleged that a Russian hacker had last year broken into IT systems in major Australian financial institutions and manipulated penny stocks for a profit.

In a statement released yesterday, the Australian Federal Police noted that the the Supreme Court of New South Wales had ordered more than $77,000 to be restrained following a joint ASIC-AFP operation into the hacking of online accounts of retail investors.

Operation Emerald investigated an internet hacking, market manipulation and money laundering operation involving a client account held overseas that traded through Morgan Stanley. The suspicious trades, which occurred between 18 August 2014 and 21 October 2014, were detected by ASIC’s surveillance team and immediate action was taken (with the assistance of Morgan Stanley) to prevent the profits from being distributed.

Following an investigation, ASIC uncovered the unauthorised trades were made by a suspected Russian hacker who allegedly hacked into a number of retail client accounts held with Commonwealth Securities, Etrade Australia and Australian Investment Exchange.

By using the allegedly hacked client accounts the suspected Russian hacker targeted 13 penny stocks listed on the Australian Securities Exchange (ASX) and traded them in such a way that he created an artificially inflated price. Subsequent to this trading the suspected Russian hacker then allegedly traded out of the positions, collecting the profits generated.

Following ASIC’s investigation, action was decided to be taken in relation to the profits of the trades. Following a referral from ASIC, the Commissioner of the AFP made an application under the Proceeds of Crime Act 2002, leading to yesterday’s seizure of the $77,000. The matter has been adjourned until February 2016.

ASIC Commissioner Cathie Armour said: “ASIC will continue to work with its partners here and overseas to help smash any criminal activity that is targeting our market. ASIC has a world-class surveillance system to gather, match and analyse data to uncover misconduct, and its staff continue to monitor and detect suspicious trading activity and work with market participants to ensure account hacking is swiftly identified and stopped.”

ASIC also works with international regulators through the Intermarket Surveillance Group as part of its crackdown on security for online broking accounts.

AFP Manager of the Proceeds of Crime Litigation team (POCL) David Gray said the result of this joint investigation should serve as a strong reminder to those who wish to conduct illegal money laundering activities in Australia.

“Despite efforts by criminals to evade detection, the AFP and its law enforcement partners remain committed to taking the profits out of crime and will take every opportunity to stop criminals from reinvesting these profits to fund other criminal ventures,” Gray said.

ASIC and the AFP’s statement acknowledged the assistance of Morgan Stanley, Commonwealth Securities, Etrade Australia and Australian Investment Exchange in the matter.

opinion/analysis

No massive surprise that this is going on — if anything, I suspect this will merely be the tip of a very large iceberg. And of course, we often don’t get the full story from AFP media releases about what’s happening behind the scenes. However, I must not that it is impressive that ASIC and the AFP were able to detect and stop the hacker. It shows that our financial system does have a degree of robustness when faced with this kind of threat.