want to join? register in seconds |submit|help|blog
reddit is a source for what's new and popular online. reddit learns what you like as you vote on existing links or submit your own!
 One moment Dave DeSmidt had \$179,000 in his 401(k) retirement account, the next he had nothing. (redtape.msnbc.com) 499 points posted 3 days ago by mjk1093

sort by

style

 john_b 14 points 3 days ago \$179K in 25 years. That sucks. permalink
 danweber 7 points 3 days ago As a ballpark figure, that could give him \$34,000 a year. They don't give DeSmidt's career, but that could be around what's he's earning now, so his standard of living wouldn't be significantly different. (Median US household income is around \$65,000. If his wife has a similar career (which we don't know at all), he's going to be above the median.) permalink parent
 citydweller 20 points 3 days ago Not to nitpick, but where are you getting median US household income is \$65,000? The U.S. Census Bureau says median household income was \$46,326 in 2005. http://www.census.gov/hhes/www/income/incxrace.html permalink parent
 jamesaguilar 5 points 3 days ago He's probably talking about the median two-job household income. permalink parent
 danweber 5 points 3 days ago I took the first answer from a google for "median US income." The chart I was quoting was for a 4-person household: http://www.census.gov/hhes/income/4person.html Fortunately, this error reduces the magnitude of my other error. :) permalink parent
 john_b 6 points 3 days ago where's this \$34K figure coming from? That would be enough for only five years (179/34). And then, in five years \$34K will be nothing due to inflation and dollar value. permalink parent
 danweber 5 points 3 days ago Nuts, my math was backwards. (I meant to take 5%, took 20% instead.) Thanks for asking so that I was reminded to look it up. A 65-year-old man in Wisconsin can get an annuity generating \$15,000 a year with \$179,000. permalink parent
 Notclevr 2 points 3 days ago Yeah, people who aren't in the top 1% of earners are crappy people. Wait, no, people who judge others based solely on wealth suck. My mistake. permalink parent
 sbrown123 30 points 3 days ago I don't think he was judging him, just saying it sucks that after working 25 years he only had \$179K. Now if he said he sucks for only had \$179K than that would be him judging the guy. permalink parent
 john_b 8 points 3 days ago I never said he sucked, I meant something like - his job (or employer) sucks. permalink parent
 degustibus -1 points 3 days ago If he moved to many parts of the world with 179,000 he'd be a wealthy man. It's all relative but absolute poverty is painfully real. When most of the world lives on less than a few dollars a day this man's retirement account sounds pretty good (plus he has other assets presumably and a job and social security coming). permalink parent
 obvioustroll 12 points 3 days ago Ummm... That's about 150k more than I've saved over a similar time frame. Different people have different financial circumstances. permalink parent
 ajax 7 points 3 days ago The article says "That was a pretty good chunk of what we were going to retire on." So, that was not his entire retirement savings. permalink parent
 pascha 8 points 3 days ago It's probably just one of his accounts. Everytime you change jobs you get a new account and he may not have consolidated them. I have 4 retirement accounts right now and could have 7 and I'm only 32. I need to consolidate 3 of them, but haven't gotten around to it. permalink parent
 ibsulon 2 points 3 days ago probably 179k + pension from somewhere else. 401Ks weren't very common until later. permalink parent
 lahuman8 6 points 3 days ago "On Oct. 25, logging in through an SBC Internet Services connection in San Francisco, the criminal deleted the Bank of America account information from DeSmidt's account." uh, aren't logs kept about things of this nature? The article doesn't mention if the hacker was savvy enough to delete logs of this event as well. Well apparently he didn't, since they had a log of where he was appearing to come from during each transaction. permalink
 mynameishere 32 points 3 days ago Yes, they are. And that is proof positive that the guy was no "hacker" but just some idiot who had the victim's password. I have a strong suspicion about how this happens: For low security accounts (example: reddit), the passwords are frequently unencrypted in the database. So, some clerical worker, tech support guy, programmer, DBA, flunky, etc, looks at the password, and then glances at the guy's email, often in the same database table. The "hacker" guesses that the email's password is the same as that of the first account. Then, looking through the victim's email, he sees that he has an account with a brokerage firm, and uses the same password. He transfers the money, deletes his information (and NO information in real databases is ever deleted--but is only flagged as deleted), and then spends twenty years in Leavenworth. permalink parent
 frbiwaftt 1 point 3 days ago I would guess keylogging software was on the victims computer, installed through a virus, trojan or other malware. The victim checked his account every few days, so the account+password would have been easy to get hold of then. That will teach you to use Windows. permalink parent
 timg 0 points 3 days ago phishing is far more likely. Why go for victims one-by-one? Unless that is, this was just some very trivial attack. permalink parent
 john_b 17 points 3 days ago In fact, it's nearly impossible to delete all logs and backups in a bank system. They store them in separete physical locations. But guess what, it's very convenient for a bank to blame it on hackers. permalink parent
 sbrown123 12 points 3 days ago* uh, aren't logs kept about things of this nature? Businesses are rarely held liable for gross negligence anymore. For example, you can bet that your personal information is stored in multiple locations across the globe and that it is completely unencrypted. You can also bet that, in the matter of only a few years, some if not all of that data will be stolen or "lost" (if it hasn't been already). What can you do to protect yourself? Nothing really. Our government has done its best to ensure that this continues for, if they fixed the problem, others would appear: Illegal immigrants. And our government avoids that issue like the plague. Our government is currently pro-big-business, and holding companies liable for anything is against their mutual interests (money). permalink parent
 lahuman8 0 points 2 days ago I always thought there should be a law that would force a company to delete any personal information they have of someone they once, but no longer, do business with if a request was made in writing. There would need to be some exceptions, like perhaps colleges. permalink parent
 ethics 9 points 3 days ago I can't believe that in the tech age a very important part of everyone's investment (esp that of Middle Class) is unprotected!??! permalink
 rafuzo2 16 points 3 days ago As the article said, at E-Trade and Charles Schwab, FDIC-style guarantees are in place. So I guess the answer is open your accounts with them, until the rest of the market falls in line. permalink parent
 lowdown 3 points 3 days ago You don't need FDIC guarantees to prevent this sort of circumstance. The types of protection Schwab and E-Trade offer are not FDIC-style. They are protecting their customers which in turn leads to more diligence. The brokerage firm shouldn't be transferring anything over a certain amount without proof positive written instructions from the verified account holder. I'd have to imagine that firms offering this sort of protection are less likely to release any significant amount of cash without safeguards. permalink parent
 twoodfin 11 points 3 days ago I don't disagree, but FDIC-style insurance is not as trivial to implement as it sounds. You can't just hand out money to everyone who says they've lost it, so you need the ability to distinguish between legitimate claims and fraudulent ones. That means either hiring a bunch of very expensive investigators, or more likely, since you're the government, restricting the kinds of transactions that can be performed via regulation. That's one reason why, for example, you're restricted in how often you can transfer funds between checking and savings accounts. And that assumes you only want to insure against outside theft. But what if you're trying to insure against shady investment firms? They have a hundred ways to make your money disappear, from simply going out of business to using your money to artificially inflate stocks of friends of theirs. It's hard to imagine a regulatory scheme that could catch all of this accurately enough to get you back exactly what you lost. If such a thing existed, it would probably remove many of the efficiencies you get from the free movement of capital, which is how the investment is making money, anyways. Investing is risky, and not just because the market goes up and down. A 401(k) is less risky than buying Nigerian bonds or something, but you're still susceptible to fraud. Putting your money in a bank is almost risk-free, even so, you might lose if so many banks go out of business that the FDIC defaults. In the meantime, you typically make more money in the riskier investments over the long term. permalink parent
 anteyekon4myst 6 points 3 days ago That's because its a service that would cost the investment firm/ bank more money. If this was Jp Morgan &etc. money they would be all over this and you wouldn't have even heard about it in the media. Banks are quick to act when its their own money and seldomly ever let the media find out. permalink parent
 oditogre -6 points 3 days ago* [comment score below threshold] show comment f this was Jp Morgan &etc. money they would be all over this and you wouldn't have even heard about it in the media. As a matter of fact, it was J.P. Morgan. permalink parent
 bhagany 13 points 3 days ago But it wasn't JP Morgan's money. That's what he's saying. permalink parent
 mikaelhg -1 points 3 days ago This is why we use one-time passwords in Europe. permalink
 boa13 14 points 3 days ago Your statement is too broad. I don't use one-time passwords (except to log in at work). I don't know any major bank in France that uses such a system. (Not that I'm against it, it's just the current facts.) However, I need to call my bank and provide several identification tokens (not always the same ones) when I need to add a new account in my list of accounts I can send money to. Note that one-time passwords can be badly implemented too, there was a story on Reddit (or was it The Daily WTF?) about an almost non-random OTP. You could quite guess them... permalink parent
 erikw 5 points 3 days ago In northern Europe we have different systems, but they are all based on new (semi)-random tokens for each login. The most popular system in Norway seems to be the "code calculator" (token generator), where you enter a four digit PIN, and get a eight digit hash based on the time and the PIN. If you enter the wrong PIN more than four times, the "calculator" locks up. Another account I'm using uses a pass-phrase and a four digit number from a sheet of different codes. permalink parent
 boa13 1 point 1 day ago And the fun part is, my bank actually recently switched to that. A session password is sent by SMS when a sensitive operation is first performed (confirmation of money transfers, request of new cheques, etc.) So, I know of banks that implement OTPs, now. Mine does. Times are changing, and this time the change is good. :) permalink parent
 mikaelhg 2 points 3 days ago Most of the multinational banks in Europe use the one-time password sheet method. I haven't seen token generators in use anywhere. permalink parent
 DougBTX 2 points 3 days ago Rabobank and ABN Amro both do them in Holland, I assume other Dutch banks do too. permalink parent
 jramon 11 points 3 days ago I'm sure no one in the history of Europe has ever had their online bank account compromised. permalink parent
 harrier0 2 points 3 days ago You don't even need one-time passwords. All online brokerage firms I know only allow transfers to a reference checking account which was specified when the account was opened and which certainly can't be changed easily. Any other transfer has to go through multiple security/authorization steps. permalink parent
 bsmcat 1 point 3 days ago Both Schwab and E-trade will give you a one-time password security token if you ask them to. Definitely recommended if you are worried about keylogging attacks. Also, most stock brokers and banks can set up a verbal password to use on the phone instead of the usual security questions. permalink parent
 ghost11 9 points 3 days ago Why aren't the banks 100% liable (as per Schneier) for this kind of fraud? permalink
 citydweller 5 points 3 days ago* Agreed. There are some common sense things consumers should do to help protect themselves (use strong passwords, use unique passwords for financial sites, etc.), but the onus shouldn't be on the consumer to protect himself. The onus should be on companies to protect the consumer or else pay the price. permalink parent
 chu 3 points 3 days ago The onus should be on companies to protect the consumer Presumably that's the main business of a bank - it shouldn't be safer to stash money in a mattress. permalink parent
 trutru 3 points 3 days ago because real security costs money to implement, and because the banks can get away mostly unharmed by letting these rip-offs happen. permalink parent
 dextroz 2 points 2 days ago Comerica bank in the US uses a 4 number pin for online account access! That's why I moved all my money to Chase Manhattan. Comerica is one of the biggest banks in Michigan-Ohio-Great Lakes region. permalink parent
 mynameishere 21 points 3 days ago The FBI investigation must have been rough. "Hello Bank of America, this is Special Agent Bill Smith--what is the name and address of account holder # 1432452456565? I can get a warrant in 30 minutes if need be." "Please hold." [15 seconds later.] "Joe Johnson, 234 Elm, Atlanta, Georgia." permalink
 kelmr2003 6 points 3 days ago So it was Joe Johnson that did this. Let's get him! permalink parent
 p-f 4 points 3 days ago* "There is a fundamental business need to do it," Gable said. "We don't want clients concerned about the safety of their assets. … We want people to feel secure." Summary of the quote: Let's make people feel secure without providing any real security! Scary. permalink
 mleonhard 1 point 3 days ago real security is expensive permalink parent
 fishandchips 15 points 3 days ago thats very scary. I thought this was an article on the depreciation of the dollar at first. permalink
 goldenbb 2 points 3 days ago The news media's specialty is "scary" news. permalink parent
 mnruxter 0 points 2 days ago thanks for the humor permalink parent
 flyinglunatic 2 points 3 days ago The thief must have left a paper trail a mile long. I mean, he transferred the money to his BofA account. permalink
 jramon 4 points 3 days ago It was probably a phished BofA account, then just start withdrawing from ATMs in out of the way locations in Eastern Europe or whatever... Duh? permalink parent
 haywood_jablowme 3 points 3 days ago Hmm, I have 2 brokerage accounts and this seems a bit unrealistic (assuming you check your email once every few days). In order to add a bank account (at least for Ameritrade and Interactive Brokers) you have to wait for them to deposit/withdraw two amounts and go through the confirmation process, all of which requires at least 1 e-mail notification, and a few days for the transactions to post (longer if you dont use online/phone banking and wait for a paper bank statement). Afterwards, each withdrawel results in an e-mail notification. Ameritrade withdrawels are quick (request during business hours and ACHed by next business day), interactive brokers takes a few days and has a few restrictions; so you have at least a day to notify them. In short: the process does not happen in "One moment" permalink
 citydweller 2 points 3 days ago* Agreed, but if the hacker could change the checking account number, I'm sure he could change the email address in the brokerage account to his own address. permalink parent
 haywood_jablowme 1 point 3 days ago changing email for Ameritrade and Interactive Brokers is a multi step process which sends out at least one email to both old and new accounts... (recently changed my email address, Interactive Brokers was a real pain in the ass [prefer it this way]) permalink parent
 ajax 6 points 3 days ago Sensationalistic article. You have to read half-way through to find out that JPM returned all of the guy's money, and two-thirds of the way through to find out that it is standard industry procedure to return any money lost due to cybercrime ("Stark said that in every recent case of brokerage hacking he’s familiar with, consumers who complained have received full refunds.) Perhaps poster should have used the title " One moment Dave DeSmidt had \$179,000 in his 401(k) retirement account, the next he had nothing. Two months later, he had it all back." permalink
 citydweller 6 points 3 days ago* It seems odd that it was so easy to change the linked checking account in his retirement account. That should require a written and mailed correspondence (with some kind of proof of identity) in my opinion. Maybe even an immediate follow-up phone call to the account holder that a request to change checking accounts had been made. Heck, even an automated phone call would be better than nothing. permalink
 maldrax 4 points 3 days ago Obviously the hacker was able to setup a new account for withdraw over the web. Shouldn't this require at least a phone call and confirmation of a persons identity? permalink
 citydweller 3 points 3 days ago Maybe we should write to our Congressmen to introduce legislation that would give brokerage & retirement accounts the same kind of fraud protection that credit cards (liable for no more than \$50 loss) and checking accounts (liable for no more than \$500 loss if reported within 60 days) have. permalink
 dannod 1 point 3 days ago Anything with an ACH transfer is ridiculously easy. They never check names and all you need is the routing number and account number to start drawing on someone's account. We had that happen twice on our business checking account. Ridiculous that you need a PIN to take 20 bucks out at the ATM but nothing to transfer as much as you want! permalink
demoneyes -7 points 3 days ago [comment score below threshold] show comment
 mkc 24 points 3 days ago Not everyone goes through money like a drunken Republican legislator... permalink parent
 demoneyes 8 points 3 days ago* Hey, I feel bad for the guy, but there is a reality check here for everyone reading this article. His 401k is pre-tax dollars, meaning he will have to pay income tax on his distributions. The money he put in along with the money earned is taxable. That makes \$179,000 appear much smaller. Even assuming he lives modestly in a 25% federal tax bracket (+5-9% state tax), his expenses will quickly add up in retirement...mostly for health care. For his sake I just hope he has a working wife (with retirement), or a military pension. For any of you who take saving for retirement seriously, you will understand what I'm saying. permalink parent
 SteveAM1 9 points 3 days ago The guy didn't say he was retiring on \$179K. He said, "That was a pretty good chunk of what we were going to retire on." It's more doable than most people here seem to think, especially if his wife has some retirement money. But even if she doesn't, he also gets social security, which will help. He might own his home (probably does actually) and have very limited expenses. If he does, he could easily live on \$1000 income a month (adjusted for inflation each year), which is easily done with a 4% portfolio withdrawal rate from a \$179K nest egg and social security income. permalink parent
 muyuu 0 points 2 days ago It all comes down to what do you interpret as a "good chunk." If it's something like 30% or more, then he was heading for a retirement in poverty. These days people live 15+ years after retirement, easily. permalink parent
 TheSavageNation -3 points 3 days ago yarc: Yet another republican comparison permalink parent
 mjk1093 -14 points 3 days ago [comment score below threshold] show comment ...then came the really bad news. While credit card and online banking accounts are legally protected in the event of fraud, DeSmidt’s brokerage account came with no such insurance. Two months after the theft, his balance still read \$0. permalink
 technothrasher 2 points 3 days ago ...Spokeswoman Mary Sedara said the stolen funds had been recovered and would be refunded in time for Christmas. The firm would even make good on any market gains DeSmidt missed out on while the money was missing, she said. permalink parent
 jotaroh -9 points 3 days ago [comment score below threshold] show comment He was going to retire on \$179,000? wow permalink
 oditogre -5 points 3 days ago [comment score below threshold] show comment Being 'that guy who knows about computers' to many friends / family, they are always surprised when they tell me that they do internet banking and I respond that I would never do it myself. As often as I read stories like this, I prefer to do what the guy in the story does, keeping all my bank / money stuff strictly in person or sometimes over the phone. permalink