Suspected teen Trojan scammer charged

The US Securities and Exchange Commission and the Department of Justice filed charges on Thursday against a 19-year-old Pennsylvania man accused of using a Trojan horse to steal money from another man's brokerage account.

The complaints filed in civil court by the SEC and in criminal court by the Justice Department charge Van T Dinh, a resident of Phoenixville, Pennsylvania, of securities fraud and computer crimes. The case is the SEC's first prosecution of a person accused of both computer intrusion and identity fraud.

John Reed Stark, chief of the SEC's Office of Internet Enforcement, said in a statement: "This case should remind investors using the internet to review their brokerage statements carefully every month, to check the bona fides of any potential download and to take security measures."

One analyst firm estimates that 7 million US consumers have fallen prey to identity theft of some sort. Last week, Microsoft became the target of a lawsuit brought by a woman who contends that her personal and financial information was stolen in a similar manner. The lawsuit charges the company with failing to secure its software and users effectively enough to protect them against Internet criminals.

Vinh is accused of persuading an investor in Massachusetts to download a program in July with which the suspect allegedly monitored the victim's computer. Under the name 'Tony T Reichert', Vinh allegedly sent email to the investor and several others met through a stock-discussion site, asking them if they wanted to take part in a beta test of a new stock-charting tool. The tool was actually a Trojan horse program that recorded any text input via the keyboard, according to the complaints. Using the program, Vinh was allegedly able to obtain the account name and password for the investor's online brokerage account. He then proceeded to drain the account of nearly $47,000 (£28,260), the complaints charge.

Michael Sullivan, US attorney for the District of Massachusetts, said in a statement: "This case should be a reminder to Internet users that every time they open an email from an unknown sender, it is as if they are opening the front door of their house to a stranger."

The charges filed by the Justice Department could result in a maximum sentence of 30 years imprisonment and a $1m fine. The SEC's charges, filed in civil court, ask for all money from the alleged scam to be returned and for unspecified penalties to be paid.

Robert Lemos writes for CNET News.com