EDGAR Wrong: Ukrainians hacked SEC, stole docs for inside trading, says Uncle Sam
Crooks banked $270,000 in just one move, it is claimed
A pair of Ukranian hackers broke into America's financial watchdog to swipe insider info for stock traders, it is claimed.
Oleksandr Ieremenko, 26, and Artem Radchenko, 27, were today charged by New Jersey prosecutors, who alleged the pair committed securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud.
Uncle Sam's legal eagles claim that, in 2016, both men hacked into the US Securities and Exchange Commission (SEC) EDGAR system, which publicly traded companies use to file and store financial filings for government officials to inspect ahead of publication. The two then handed scooped-up information over to stock traders, who used the insider dirt to turn a quick buck on stocks they knew would soon rise or fall when the filings were made public.
"The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public," said US Attorney Craig Carpenito.
"They targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyber-attacks, stealing thousands of confidential EDGAR filings from the Commission’s servers and then trading on the inside information in those filings before it was known to the market, all at the expense of the average investor."
By sophisticated cyber-attacks, Carpenito means "directory traversal attacks, phishing attacks, and infecting computers with malware," among other techniques.
The Department of Justice did not say when, if at all, the two Ukrainians, both from Kiev, will appear in a US court to face charges.
In just one case, the alleged crooks netted more than a quarter of a million dollars from the scam, according to prosecutors. Here's their summary of that escapade:
Radchenko recruited to the scheme traders who were provided with the stolen test filings so they could profit by trading on the information before the investing public. Armed with the stolen information, the traders profited by executing various trades in brokerage accounts they controlled. In one instance, a test filing for “Public Company 1” was uploaded to the EDGAR servers at 3:32 p.m. (EDT) on May 19, 2016. Six minutes later, the defendants stole the test filing and uploaded a copy to the Lithuania server. Between 3:42 p.m. and 3:59 p.m., a conspirator purchased approximately $2.4 million worth of shares of Public Company 1. At 4:02 p.m., Public Company 1 released its second quarter earnings report and announced that it expected to deliver record earnings in 2016. Over the next day, the conspirator sold all the acquired shares in Public Company 1 for a profit of more than $270,000.
While Radchenko only looks likely to face the criminal charges, Ieremenko will face a second trial as part of a group of nine people being sued by the SEC (PDF) for allegedly trading on and profiting from stolen info.
SEC 'fesses to security breach, says swiped info likely used for dodgy stock-market tradingREAD MORE
The commission claims Ieremenko and his associates obtained at least 157 corporate earnings releases before they were made public and, as a result, were able to rack up around $4.1m in ill-gotten gains.
"International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Stephanie Avakian, SEC enforcement division co-director.
"Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders."
If the name Oleksandr Ieremenko and insider trading strike you with a sense of deja-vu, it is because this exact same fellow was alegedly behind a very similar scheme busted in 2015.
In that case, Ieremenko was said to have compromised a press-release wire service and used that info to pull off insider trades and illegally rack up profits. ®
Sponsored: Becoming a Pragmatic Security Leader