Breach, Americas, Content

SEC Charges Hackers with $4 Million Securities Trading Scam

The Securities and Exchange Commission (SEC) on Tuesday filed fraud charges against Russian, Ukrainian and U.S. individuals alleging they made more than $4.1 million by cyber stealing financial information from the agency’s database.

A Ukrainian hacker, Oleksandr Ieremenko, is said to have gained access to non-public earnings reports on 157 companies from May to October, 2016 by hacking the SEC’s Electronic Data Gathering, Analysis, and Retrieval system (EDGAR) system.

The operation had two phases to it, the SEC claims. In a first phase of the fraud, Ieremenko allegedly hacked into at least three newswire services to view thousands of draft press releases, which in some cases contained public companies' earnings reports before they were released to the public, according to the complaint filed in U.S. District Court in Newark, New Jersey. Ieremenko is one of nine defendants in the case, two of which are foreign-based trading companies.

“From 2010 until 2015, Ieremenko and others hacked multiple newswire services’ computer systems and accessed over 100,000 draft press releases before they were published,” the complaint reads. From there they monetized the information by providing the not-yet-published press releases to a network of traders, who placed trades based on the hacked information.

In the second stage of the scheme, the defendants allegedly hacked the EDGAR system to steal forms filed with the SEC by public companies and other organizations prior to those documents becoming available to the public. The EDGAR filing system is routinely used by public companies to file 8-K earnings reports for subsequent distribution to the investing public.

The test filings the defendants stole are drafts of material belonging to companies headed for EDGAR but first checked to ensure that certain criteria are met for acceptance by the system. They are not made publicly available. It is those test filings that the defendants allegedly got their hands on, the government claims.

“Ieremenko’s deceptive acts created the false appearance that he was an authorized user of the EDGAR system and ultimately allowed him to penetrate the EDGAR computer network to access certain nonpublic return copies of EDGAR test filings,” the complaint reads.

Ieremenko and Artem Radchenko, a Ukrainian charged with recruiting traders to carry out the score, were also indicted on 16 counts of fraud-related charges. In addition, the SEC charged Capyield Systems and Spirit Trade Ltd., in the scheme.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Stephanie Avakian, co-director of the SEC’s enforcement division. (via The Hill)

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.