Nine people have been charged in two indictments that were unsealed Tuesday in Brooklyn, New York and Newark, New Jersey federal court, charged with an international scheme to hack into three business newswires and steal yet-to-be published press releases containing non-public financial information used to make trades that allegedly generated approximately $30 million in illegal profits.
Meanwhile, the Securities and Exchange Commission announced fraud charges against 32 defendants for taking part in the "scheme to profit from stolen nonpublic information about corporate earnings announcements."
The government seized 17 bank and brokerage accounts containing more than $6.5 million of alleged criminal proceeds, and took steps to restrain 12 properties, a shopping center located in Pennsylvania, an apartment building located in Georgia and a houseboat all worth more than $5.5 million.
Six of the defendants, Ivan Turchynov, 27; Oleksandr Ieremenko, 24; Pavel Dubovoy, 32; and Vladislav Khalupsky, 45, are from Ukraine.
"This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said Securities and Exchange Commission (SEC) Chair Mary Jo White. “These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing nonpublic information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets.”
Andrew Ceresney, Director of SEC’s Division of Enforcement, added: “This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities. Our use of innovative analytical tools to find suspicious trading patterns and expose misconduct demonstrates that no trading scheme is beyond our ability to unwind.”
The SEC charges that Turchynov and Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France and three US states, Georgia, New York and Pennsylvania.
“The indictments charge the defendants with hacking into the newswires and stealing confidential information about companies traded on the NASDAQ and NYSE in what is the largest scheme of its kind ever prosecuted,” said a statement from Eastern District of New York Acting US Attorney Kelly T. Currie, and District of New Jersey US Attorney Paul J. Fishman. “The defendants allegedly stole approximately 150,000 confidential press releases from the servers of the newswire companies. They then traded ahead of more than 800 stolen press releases before their public release, generating millions of dollars in illegal profits.”
“The defendants were a well-organized group that allegedly robbed the newswire companies and their clients and cheated the securities markets and the investing public by engaging in an unprecedented hacking and trading scheme,” Fishman said, noting that they’d “launched a series of sophisticated and relentless cyber attacks against three major newswire companies, stole highly confidential information and used to enrich themselves at the expense of public companies and their shareholders.”
“As alleged, the defendants and their co-conspirators formed an alliance of hackers and securities industry professionals to systematically steal valuable inside information and profit by trading ahead of authorized disclosures to the investing public,” Currie said. “Today’s sweeping indictments are the result of a cutting edge investigation by law enforcement to combat twenty-first century criminal schemes.”
“Unrestricted by distance and limitless in their approach, the defendants allegedly unleashed their attack on the financial markets from both a domestic and international platform … the hackers, traders and middlemen are charged with using sophisticated hacking techniques to acquire non-public information,” said FBI Assistant Director-in-Charge New York Field Office Diego Rodriguez.
He said, “They exploited this information to trade in at least 1,000 ‘inside the window trades’ over the course of three years. Those of us who invest in the stock and commodities markets know all too well the devastating consequences of these deceptive practices. In this case, the defendants ultimately benefited from more than $30 million in illegal profits.”
Rodriguez noted that the “indictment sheds light on an increasingly complex threat to both our country and the financial sector.”
Fishman and Currie announced the indictments along with Department of Homeland Security Secretary Jeh Johnson; US Secret Service Director Joseph P. Clancy; and Securities Exchange Commission (SEC) Chair MaryJo White. The SEC also unsealed a civil complaint charging the nine indicted defendants and several other individuals and entities.
The indictments are “a testament to the countless hours of hard work and dedication by law enforcement and other personnel across government, including the Secret Service investigative team,” Johnson said. “In today’s day and age, criminals are using computers instead of guns to steal money and threaten the safety and security of our cyber networks. In matters of cybersecurity, the Department of Homeland Security has a major law enforcement role, and our work to counter cyber threats is a critical priority for the Secret Service because of the substantial threat it poses to this nation’s financial infrastructure.”
According to the indictments, between February 2010, and August 2015, Turchynov and Ieremenko, computer hackers based in Ukraine, gained unauthorized access into the computer networks of Marketwired LP, PR Newswire Association LLC (PRN), and Business Wire. They used a series of sophisticated cyber attacks to gain access to the computer networks, whereupon they moved through the networks and stole press releases about upcoming announcements by public companies concerning earnings, gross margins, revenues and other confidential and material financial information.
At one point, one of the hackers sent an online chat message in Russian to another individual stating, “I’m hacking prnewswire.com.” In another online chat, Ieremenko told Turchynov that he had compromised the log-in credentials of 15 Business Wire employees.
“The hackers shared the stolen press releases with six traders – all believed to be from Ukraine, using overseas computer servers that they controlled,” the announcement stated. “In a series of emails, the hackers even shared ‘instructions’ on how to access and use an overseas server where they shared the stolen releases with the traders, and the access credentials and instructions were distributed amongst the traders.”
“In an email sent by one of the traders, the instructions for accessing the overseas server suggested that users conceal their Internet Protocol address when accessing the server as a precaution to avoid detection,” the announcement continued. “The traders created ‘shopping lists’ or ‘wish lists’ for the hackers listing desired upcoming press releases from Marketwired and PRN for publicly traded companies. Trading data obtained over the course of the investigation showed that, after one of the shopping lists or wish lists was sent, the traders and others traded ahead of several of the press releases listed on it.”
Authorities involved in the bust explained that, “The traders generally traded ahead of the public distribution of the stolen releases, and their activities shadowed the hackers’ capabilities to exfiltrate stolen press releases. In order to execute their trades before the releases were made public, the traders sometimes had to execute trades in extremely short windows of time between when the hackers illegally accessed and shared information, and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets. Frequently, all of this activity occurred on the same day. Thus, the trading data often showed a flurry of trading activity around a stolen press release just prior to its public release. The defendants illegal trading resulted in gains of more than $30 million, of which Korchevsky accounted for more than $17 million, and Arkadiy Dubovoy accounted for more than $11 million.”
The traders traded on stolen press releases containing nonpublic information about companies that included Align Technology Inc.; Caterpillar Inc.; Hewlett Packard; Home Depot; Panera Bread Co.; and Verisign Inc.
The traders paid the hackers for access to the overseas servers based, in part, on a percentage of the money the traders made from their illegal trading activities. The hackers and traders used foreign shell companies to share in the illegal trading profits.
“This is the story of a traditional securities fraud scheme with a twist—one that employed a contemporary approach to a conventional crime. In this case the defendants allegedly traded on nonpublic information, ultimately benefitting from more than $30 million in illegal profits over the course of three years,” Rodriguez said. “But just as criminals continue to develop relationships with one another in order to advance their objectives, the law enforcement community has developed a collaborative approach to fighting these types of crimes.”
