On Tuesday, United States authorities charged numerous mostly Ukrainian hackers for a scheme to trade on press releases that had not yet been released. The Ukrainians breached the SEC’s EDGAR database to receive access to the nonpublic information.
The scheme netted over $4 million for fraudsters from the U.S., Russia and Ukraine. Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those filings were “test filings,” which corporations upload to the SEC’s website.
The charges were announced Tuesday by Craig Carpenito, U.S. Attorney for the District of New Jersey, alongside the SEC, the Federal Bureau of Investigation and the U.S. Secret Service, which investigates financial crimes. In a Tuesday press conference, Carpenito said the thefts included thousands of valuable, private business documents. “After hacking into the EDGAR system they stole drafts of [these] reports before the information was disseminated to the general public,” he said.
The elaborate scheme involved seven individuals and operated from May to at least October 2016. Prosecutors said the traders were part of the same group that previously hacked into newswire services, according to CNBC.
Similar to the way John Podesta’s email account was hacked, the hackers used malicious software sent via email to SEC employees. Then, after planting the software on the SEC computers, they sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals, Carpenito said. The EDGAR service operates in New Jersey, which is why the Justice Department office in Newark was involved in the case.
Those documents included quarterly earnings, mergers and acquisitions plans and other sensitive news, and the criminals were able to view it before it was released as a public filing, thus affecting the individual companies’ stock prices. The alleged hackers executed trades on the reports and also sold them to other illicit traders. One inside trader made $270,000 in a single day, according to Carpenito.
Stephanie Avakian, co-head of the SEC’s Division of Enforcement, said the same criminals also stole advance press releases sent to three newswire services, though she didn’t name the newswires. The hackers used multiple broker accounts to collect the illicit gains, she said.
The defendants then kicked back a portion of their trading profits to Oleksandr Ieremenko, a Ukrainian (oddly not Russian) hacker that is said to have infiltrated the database at some point between May 2016 in October 2016. There, he obtained thousands of “test filings” which included, among other things, earnings results.
Two Ukrainians were charged by the Justice Department with hacking the database — Oleksandr Ieremenko and Artem Radchenko. Seven further individuals and entities were also named in a civil suit by the SEC for trading on the illicit information: Sungjin Cho, David Kwon, Igor Sabodakha, Victoria Vorochek, Ivan Olefir, Andrey Sarafanov, Capyield Systems, Ltd. (owned by Olefir) and Spirit Trade Ltd.
Ieremenko had previously been charged in 2015 for a similar plot involving hacking into the databases of distribution companies who are responsible for putting out corporate press releases. Ieremenko and Artem Radchenko face a criminal indictment for conspiracy to commit securities fraud. Radchenko allegedly “recruited traders to join the conspiracy” and kept notes on what the SEC does and how to hack it, the Justice Department said.