ASIC media releases are point-in-time statements. Please note the date of issue and use the internal search function on the site to check for other media releases on the same or related matters.

Wednesday 5 August 2015

15-209MR Proceeds of crime seized following account hacking

Asic Coporate Logo Standard Version Colour Gif (1) Afp Logo Small

The Supreme Court of New South Wales today ordered more than $77,000 to be restrained following a joint ASIC-Australian Federal Police (AFP) operation into the hacking of online accounts of retail investors.

Operation Emerald investigated an internet hacking, market manipulation and money laundering operation involving a client account held overseas that traded through Morgan Stanley Australia Securities Limited (Morgan Stanley).

The suspicious trades, which occurred between 18 August 2014 and 21 October 2014, were detected by ASIC’s surveillance team and immediate action was taken (with the assistance of Morgan Stanley) to prevent the profits from being distributed.

Following an investigation, ASIC uncovered the unauthorised trades were made by a suspected Russian hacker who hacked into a number of retail client accounts held with Commonwealth Securities Limited, Etrade Australia and Australian Investment Exchange Limited. By using the hacked client accounts the suspected Russian hacker targeted 13 penny stocks listed on the Australian Securities Exchange (ASX) and traded them in such a way that he created an artificially inflated price. Subsequent to this trading the suspected Russian hacker then traded out of the positions, collecting the profits generated.

Following ASIC’s investigation, action was decided to be taken in relation to the profits of the trades. Following a referral from ASIC, the Commissioner of the AFP made an application under the Proceeds of Crime Act 2002 and the Supreme Court of New South Wales today ordered $77,429.61 to be restrained. The matter has been adjourned until February 2016.

ASIC Commissioner Cathie Armour said, ‘ASIC will continue to work with its partners here and overseas to help smash any criminal activity that is targeting our market.

‘ASIC has a world-class surveillance system to gather, match and analyse data to uncover misconduct, and its staff continue to monitor and detect suspicious trading activity and work with market participants to ensure account hacking is swiftly identified and stopped.’

ASIC also works with international regulators through the Intermarket Surveillance Group as part of its crackdown on security for online broking accounts.

AFP Manager of the Proceeds of Crime Litigation team (POCL) David Gray said the result of this joint investigation should serve as a strong reminder to those who wish to conduct illegal money laundering activities in Australia.

‘Despite efforts by criminals to evade detection, the AFP and its law enforcement partners remain committed to taking the profits out of crime and will take every opportunity to stop criminals from reinvesting these profits to fund other criminal ventures,’ Mr Gray said.

ASIC and the AFP acknowledge the assistance of Morgan Stanley, Commonwealth Securities Limited, Etrade Australia and Australian Investment Exchange Limited in this matter.


Breaches of market manipulation provisions in the Corporations Act 2001, if proved, can carry penalties of up to 10 years jail. Internet hacking offences fall under the Cybercrime Act 2001 and, if proved, can carry penalties which equal the penalty applicable to the serious offence to which it relates - in this matter 10 years in jail.

There are a number of mechanisms available to market participants to help combat misconduct, including having a mandatory ‘kill switch’ to shut down any suspicious or problematic trading.

Participants of the ASX and Chi-X must also notify ASIC if they have reasonable grounds to suspect that a person has placed an order or entered into a transaction while in possession of inside information, or which has the effect of creating or maintaining an artificial price or a false or misleading appearance in the market or price for trading in financial products. This is known as the suspicious activity reporting (SAR) rule.

This rule came into effect in January 2013, with ASIC receiving 214 such reports from 34 market participants since. Approximately 15% of SARs reported to ASIC have been referred to ASIC’s enforcement team for investigation. Download the latest figures here

In March 2015 ASIC published a report to help its regulated population improve cyber resilience (refer: 15-060MR).

Editor's note 1:

The funds restrained on 5 August 2015 were forfeited to the Commonwealth on 16 March 2016.

Last updated: 30/03/2021 09:34