Home / Blogs

Ameritrade Leaks User Information Yet Again, Blames Hacker X

Edward Falk

OK, you know things are getting bad when Ameritrade leaks its customer information yet again, and I don't even bother to report it because it's not news anymore.

Well, recent updates to the story have prompted me to correct that omission. Yes, it happened again. Roughly a month ago, correspondents began to receive pump-n-dump spam to tagged email addresses which they had given only to Ameritrade.

I've reported on this issue before, once in July 2006, and again in April 2007. This now marks the third major confirmed leak of customer information from Ameritrade. In addition, the Inquirer reported the loss of 200,000 Ameritrade client files in February 2005. One correspondent informs me that this has happened to him on four or five previous occasions.

There is no indication that the selling of customer information to spammers is official Ameritrade policy. Previously, speculation had centered on theft by rogue email service providers contracted by Ameritrade, or on the possibility of theft by an Ameritrade insider.

Normally, Ameritrade responds to these incidents with their standard bug letter, apologising for the leak and assuring the customer that it was a terrible aberration, etc, etc, etc.

This time, however, they've just issued a press release blaming the problem on Hacker X. Or more precisely, on "unauthorized code" in their systems. Was this the work of Hacker X targeting and penetrating their system, or just some random fool at Ameritrade clicking on the wrong thing with the wrong browser and installing spyware by accident. At any rate, information on 6.3 million customers was stolen.

Of course, Ameritrade assures the public that no ids, passwords, social security numbers or other sensitive information were lost. In other words, they're only admitting to what they were actually busted for.

We, of course, are asked to believe that having successfully breached Ameritrade's security, the crackers took only email addresses, leaving the rest behind:

"While more sensitive information like account numbers, date of birth and Social Security Numbers is stored in this database, there is no evidence that it was taken."

John Levine (website) informs me that he's also had three email addresses leaked from TD Waterhouse. One dates back before the merger with Ameritrade, one from shortly after the merger, and the third about a month ago. Quoting: "This gives me no confidence that the leak they found is the only one."

More coverage on this issue can be found at Agave Mountain, Computerworld, Dark Reading, Intellectual Intercourse, SC Magazine, and many others. Dark Reading points out that Ameritrade is not forthcoming on the details of the spyware used, preferring to wait until the investigation is complete. SC Magazine (quoting Phil Neray, vice president of marketing at Guardium) speculates that it was an inside job, arguing that only an insider with administrative access could have installed the spyware.

Perhaps my favorite quote is from Intellectual Intercourse, which writes:

"Hacker X is a busy, busy hacker. But we expect from someone who has been around for ten years now. Earlier this year, e360 Insight, LLC (a/k/a, e360insight.com, a/k/a e360data.com), asserted that Hacker X had visited them. That's two in less than 6 months, and we're not done with the year yet."

Stock spamming is big business these days. The site listguy.com openly advertises their pump-n-dump services and boasts that they have copies of email lists from Market Watch, E-Trade, and Scottrade (but not Ameritrade). I have even received pump-n-dump brochures via snail-mail on more than on occasion.

Given the scope of the problem and the amount of money involved, I can easily believe that Ameritrade has someone on the inside willing to sell email addresses to the highest bidder.

By Edward Falk, Computer professional. More blog posts from Edward Falk can also be read here.

Related topics: Security, Spam

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: Ameritrade Leaks User Information Yet Again, Blames Hacker X Matthew Elvey  –  Sep 24, 2007 5:04 PM PDT

"pump-n-dump spam to tagged email addresses ... given only to Ameritrade" was news in '05.  Yeah, I was just rereading a John Levine nanae post about spam traceable to Ameritrade which shows they knew about the problem in '05. 

Ameritrade finally admitted to it last Friday in an announcement that was covered in hundreds of articles, according to a google news search, and it indicates that the breach has been ongoing since then; infiltrators had ONGOING access to a databases containing the SSNs of their 6 million customers for about 18 months.

FYI, this announcement is the result of my research and exposure of the hack and follow-up lawsuit against TD Ameritrade.  They announced it now because a judge probably would have otherwise forced them to last week.

Now I'm nailing down exactly what to seek in my settlement negotiations as the class representative.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Port25

Email

Sponsored by
Port25
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Afilias

DNS Security

Sponsored by
Afilias