Hackers based in Ukraine and Russia allegedly broke into servers belonging to several newswires and passed sensitive information onto an underground trading ring as part of what’s being referred to as an unprecedented new level of insider trading.
Prosecutors claimed Tuesday that corporate information gleaned in the hacks was funneled to a sophisticated insider trading ring that earned those involved nearly $100 million.
In a press conference Tuesday morning Mary Jo White, the Chairwoman of the U.S. Securities and Exchange Commission, maintained that given the number of hackers, traders, and profit involved, the case is “unprecedented.”
Prosecutors with the U.S. Attorney’s office in New Jersey initially announced the indictment of nine people, five of whom were arrested in Georgia and Pennsylvania, Tuesday morning. A follow-up announcement in Newark revealed that 32 people connected to the scheme in total were facing charges.
According to Reuters, it’s the first time that prosecutors have brought criminal charges against individuals for perpetrating a securities fraud scheme involving hacked insider information.
The hackers purportedly infiltrated servers belonging to press release agencies: PRNewswire Association, Marketwire, and the Berkshire Hathaway subsidiary Business Wire, first accessing the newswires’ networks as early as 2010. Once they were in, over the course of five years, the hackers passed along sensitive information – some of which pertained to large Fortune 500 companies – to traders, who then used it to their benefit.
A related SEC complaint filed in tandem with the indictments notes that civil charges are being brought against 32 individuals and claims the hackers used “malicious programming code and other deceptive techniques to hack into the computer systems.”
According to a 57 page long indictment filed in the U.S. District Court of New Jersey, five men were charged, including hackers Ivan Turchynov and Oleksandr Ieremenko, and traders Arkadiy Dubovoy, Igor Dubovoy, and Pavel Dubovoy.
In a separate indictment filed in a New York federal court in Brooklyn, prosecutors charged four additional traders: Vitaly Korchevsky of Pennsylvania; Vladislav Khalupsky of Brooklyn and Odessa, Ukraine, and Leonid Momotok and Alexander Garkusha of Georgia.
The traders used the information, which wasn’t yet public, to buy and sell shares. More than 150,000 press releases, some involving international, high profile companies like Viacom, Netflix, Home Depot, Hewlett-Packard, Boeing, and Oracle, were shared amongst the group.
Once the traders received press releases regarding companies, they did business quickly.
“In order to execute their trades before the Stolen Releases were made public, the Trader Defendants and other co-conspirators sometimes executed trades in very short windows of time between when the Hacker Defendants illegally access and shared the Stolen Releases and when the press releases were disseminated to the public by Victim Newswires,” reads one part of the New Jersey-based indictment.
Hackers leveraged stolen credentials and used a series of reverse shells, brute force attacks, and SQL injection attacks to penetrate the agencies’ networks, according to the indictments.
The indictment filed in New Jersey initially claimed the conspiracy netted those involved over $30 million in “illicit trading profits” but those figures were later upped to $100 million in a press conference Tuesday morning led by White and Homeland Security Secretary’s Jeh Johnson.