A US teenager has been accused of perpetrating an extraordinarily complex crime, involving computer hacking, identity theft and fraudulent financial-market trading.
The accused spied on his victim's keystrokes, accusers say
The US Attorney's Office in Massachusetts has charged 19-year-old Van Dinh with securities fraud, mail and wire fraud, and causing damage in connection with unauthorised use of a computer.
At the same time, the Securities & Exchange Commission (SEC), the US financial market regulator, has filed a complaint against him, alleging "numerous violations of the federal securities laws".
Both cases accuse Mr Dinh of hacking into client accounts at a US brokerage in order to buy and sell share options, and adopting a web of aliases to cover his tracks.
But according to the SEC, the authorities - once alerted - were able to unravel and eradicate the fraud without difficulty.
"To those who attempt to use the perceived anonymity of the internet to victimise investors, our message remains clear: we will track you down and hold you accountable," said Linda Chatman Thomsen of the SEC's enforcement division.
Mr Dinh's fraud arose from an attempt to avoid losses on share options - financial instruments that allow investors to speculate by buying or selling shares at a pre-arranged price and date.
According to the SEC complaint, Mr Dinh bought 9,100 options on shares in hi-tech firm Cisco Systems for $10 apiece in late June - options which looked likely to become worthless as their mid-July expiration date approached.
How hackers commit fraud
Get in touch with investors through online forums
E-mail them with downloadable share-price chart program
Program records victim's keystrokes, allowing fraudster to work out passwords
Use passwords to access victim's online trading account
Use victim's account to buy worthless stock from fraudster's other accounts
Try to conceal fraud with multiple e-mail accounts and websites
Facing potentially catastrophic losses, Mr Dinh allegedly obtained e-mail details of other investors, and sent them a program that posed as a charting tool, but was in fact a "Trojan Horse", allowing him to spy on their computer keystrokes.
Using the password and other personal information gathered this way, the SEC says, Mr Dinh then hacked into an account at the brokerage TD Waterhouse, and used it as a fake purchaser for his near-worthless options.
The SEC says this bogus transaction saved him $37,000 in trading losses.
The flaw in Mr Dinh's scheme was that the legitimate owner of the TD Waterhouse trading account naturally noticed the heavy losses, as well as the thousands of worthless share options.
Mr Dinh tried to cover his tracks, the complaint alleges, by using internet service providers in Ireland, Germany and Australia - precautions that investigators from the FBI and SEC say were easily penetrated.
The case is the first time that the SEC has become closely involved in a hacking case, few of which relate directly to securities fraud.
And if Mr Dinh is convicted, it could produce one of the heavist punishments so far achieved in this type of case.
The US attorney points out that the fraud counts carry a maximum prison term of 20 years, with another 10 years for computer crime.
On top of that, the law provides for three years of probation and a fine of up to $1m.
The SEC is also demanding that Mr Dinh repay all the stolen money and offer unspecified damanges.