Customer accounts at online brokers including ETrade Financial Corp. and TD Ameritrade Holding Corp. have been infiltrated by computer hackers in one of the biggest cases of identity theft to strike the U.S. securities industry.

The FBI, the Securities and Exchange Commission and the NASD are trying to unravel the fraud, which has cost New York-based ETrade at least $18 million and caused losses at Ameritrade of Omaha, Neb., company officials said. In one “pump-and-dump” scheme the SEC uncovered, thieves used customers’ money to drive up the prices of little-traded stocks and then sold shares they bought earlier at a profit.

“The perpetrators were more organized, and it was a bigger issue this quarter than it had ever been before,” ETrade Chief Operating Officer Jarrett Lilien said in an interview. “It wasn’t just hitting one company, it was hitting everybody.”

ETrade Chief Executive Mitchell Caplan told investors that investigators traced the illicit trading to “concerted rings” in Eastern Europe and Thailand. The company hasn’t determined whether the reimbursement costs will be covered by insurance, he said. TD Ameritrade also was targeted by cyber-criminals in Eastern Europe and Asia, spokeswoman Becker said.

The online version of the “pump-and-dump” fraud sets off few security alerts at brokerage firms because no money is withdrawn from the compromised accounts, Walsh explained.

In “alias fraud,” a thief opens an account in an individual’s name, then uses it for illegal trading or money-laundering. Because the victim’s name is on the account, he or she appears responsible for the crimes.

Walsh said the SEC recently began a “sweep examination” of brokerage firms to determine if they have adequate technology and staff training to prevent and detect online fraud.

I see an article like this and bring it up to friends working in Banking and Finance IT — and they not only already know about it, they tell me another half-dozen horror stories.

Globalization means a lot of things. Looks like criminals are hooking up to the system at least as fast as “legitimate” businesses. How are they ever going to get busted? What governments are protecting them?