The story appears on

Page A4

December 20, 2011

GET this page in PDF

Free for subscribers

View shopping cart

Related News

Home » Metro

Default passwords enable huge thefts

STOCK traders are being warned against using default log-in passwords to enter online security trading systems, as the funds in their account can easily be stolen by speculators.

The Jing'an District People's Court yesterday sentenced a man to 11 years in prison for theft after he gained nearly 140,000 yuan (US$22,000) by controlling some 20 victims' accounts. The 31-year-old convict, Sun Jiwu, was also fined 70,000 yuan.

Sun had been imprisoned for nine years for robbery in April 1999.

After he was released, Sun could not find a stable job and decided to steal money from stock traders' investment accounts. Sun said it occurred to him that some users might keep using the default log-in passwords.

Sun told the court he found a securities firm whose online trading system allowed limitless trials for password. The court said Sun tested more than 2,000 accounts with the eight-digit default password, and found 20 and victimized those clients between July and December last year.

Sun bought stock accounts and opened several bank accounts with others' identity cards. He used his account to buy corporate bonds and entrusted to sell them at a 10 percent higher price. After that, Sun logged into the victims' accounts with the default password and sold their stocks and used the proceeds to buy his corporate bonds.

Sun used the same means to dump the corporate bonds in the victims' accounts again and buy overpriced securities from him until their capital accounts were drained.

Between September 13 and December 21 last year, Sun made a profit of more than 139,000 yuan and transferred the money from his trade accounts to bank cards.


Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.

沪公网安备 31010602000204号

Email this to your friend