ASIC, a string of banks and a Russian hacker

Bernard Kellerman
Some insight into an internet hacking, market manipulation and money laundering operation involving a client account held overseas and traded through Morgan Stanley Australia Securities was provided by ASIC yesterday.
 
According to an ASIC media release, the Supreme Court of New South Wales has ordered more than A$77,000 to be "restrained" (not wired to the intended recipient).
 
The action is the culmination of a joint ASIC and Australian Federal Police investigation, codenamed Operation Emerald, which was started after several online accounts belonging to retail investors in Australia were hijacked by a person referred to as "a Russian hacker".
 
The accounts were used to make a series of "suspicious trades, between 18 August 2014 and 21 October 2014," ASIC said. The trades concerned 13 "penny stocks" - or, more accurately, shares listed on the Australian Securities Exchange and trading at a few cents each.
 
These were traded between a number of retail client accounts, held with the CBA's Commonwealth Securities, Etrade Australia and Australian Investment Exchange to create an artificially inflated price.
 
These actions were said to have been detected by ASIC's surveillance team, which took immediate action (with the assistance of Morgan Stanley) to prevent the profits from being distributed once the "suspected Russian hacker" had traded out of the positions, collecting the profits generated.
 
Exactly whose market monitoring systems were responsible for discovering the suspicious web of transactions in time to alert the other parties remains undisclosed.
 
It is understood, though, that the scheme came undone sometime during ASX's standard three-day settlement period, by which time the local banks and ASIC had been able to compare notes and stop the transfer of the loot out of a Morgan Stanley nominee account and back through a convoluted chain of accounts.
 
A spokesman for Morgan Stanley in Australia was keen to emphasise that his bank had nothing to do with the scam other than to find itself made an unwitting conduit for funds, a point backed up by ASIC.
 
The chain is understood to include branches of Denmark's Saxo Bank in Europe, and other financial institutions in the proud-to-be-opaque jurisdiction of Luxembourg.
 
Following a referral from ASIC, the Commissioner of the AFP made an application under the Proceeds of Crime Act 2002 and the Supreme Court of New South Wales ordered $77,429.61 to be restrained.
 
ASIC and the AFP acknowledged the assistance of Morgan Stanley, ComSec, Etrade Australia and Australian Investment Exchange in pursuing the case, while reminding all other market  participants of the ASX and Chi-X that they must also notify ASIC if they have "reasonable grounds" to suspect that "a person has placed an order or entered into a transaction while in possession of inside information, or which has the effect of creating or maintaining an artificial price or a false or misleading appearance in the market or price for trading in financial products."
 
The matter has been adjourned until February 2016, to allow for the statutory six-month period for an owner to claim unclaimed items.
 
The blueprint is already set up here, though, and whether it's been done before and this hacker was unlucky, or if one of the bank's systems really did work as intended remains to be seen.