In a statement the SEC says the "unknown traders" involved in the scam posted an advertisement on Craig's List in February 2007 for a job with AWE Trading, a fictitious Latvian brokerage firm.

Those who responded to the advertisement provided personal information, including social security numbers and dates of birth to AWE via the Internet for purported company background checks. The fraudsters then used this stolen data to open securities trading accounts online at US brokerage firm Interactive Brokers.

During a seven-week period in March and April last year, the criminals hacked into accounts held by customers of various other retail brokerage firms and purchased and sold at least 18 securities listed on the New York Stock Exchange and Nasdaq. They then simultaneously bought and sold the same securities in the accounts they opened fraudulently, profiting from the change in trading volume and stock prices generated by the unauthorised transactions.

Interactive Brokers detected the suspicious trading and froze funds in the accounts in April 2007.

The agency says it has filed a federal lawsuit in the US District Court for the Eastern District of New York seeking "disgorgement of ill-gotten gains" and civil penalties against the fraudsters as well as the repatriation of stolen funds transferred to overseas accounts.

Commenting on the case, David Nelson, regional director of the SEC's Miami regional office, says: "Even when hackers hide behind stolen identities, this case shows that SEC action can take the profitability out of the scheme."

"While our main focus is on the securities law violators, there is a reminder here about how important it is to safeguard personal identifying information," he adds.

Linda Chatman Thomsen, director of the SEC's division of enforcement, says while con artists continue to find new ways to defraud online brokerage customers "our efforts to protect US investors from these account intrusion schemes continue to be a top priority".