Insider trading ring hacked into newswire services, raked in $100M based on stolen info
The US Securities and Exchange Commission announced civil fraud charges against 32 defendants for taking part in a scheme to profit from stolen nonpublic information about corporate earnings announcements.
Those charged include two Ukrainian men who allegedly hacked into newswire services (Business Wire, PR Newswire, Marketwired) to obtain the information and 30 other defendants in and outside the US who allegedly traded on it, generating more than $100 million in illegal profits.
The SEC charges that over a five-year period, Ivan Turchynov and Oleksandr Ieremenko spearheaded the scheme, using advanced techniques to hack into two or more newswire services and steal hundreds of corporate earnings announcements before the newswires released them publicly. The SEC further charges that Turchynov and Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three US states, Georgia, New York, and Pennsylvania.
The traders are alleged to have used this nonpublic information in a short window of opportunity to place illicit trades in stocks, options, and other securities, sometimes purportedly funneling a portion of their illegal profits to the hackers.
In parallel actions, the US Attorney’s Office for the District of New Jersey and the US Attorney’s Office for the Eastern District of New York today announced criminal charges against several of the defendants in the SEC’s action, including Turchynov and Ieremenko, and traders in the U.S. and Ukraine – Arkadiy Dubovoy, Igor Dubovoy, Pavel Dubovoy, Vitaly Korchevsky, Vladislav Khalupsky, Aleksandr Garkusha, and Leonid Momotok.
According to the SEC’s complaint, Turchynov and Ieremenko hid the intrusions by using proxy servers to mask their identities and by posing as newswire service employees and customers. The two allegedly recruited traders with a video showcasing their ability to steal the earnings information before its public release.
In return for the information, the traders sometimes paid the hackers a share of their profits, even going so far as to give the hackers access to their brokerage accounts to monitor the trading and ensure that they received the appropriate percentage of the profits. The traders sought to conceal their illicit activity by establishing multiple accounts in a variety of names, funneling money to the hackers as supposed payments for construction and building equipment, and trading in products such as contracts for difference (CFDs).
The traders traded on stolen press releases containing material nonpublic information about publicly traded companies that included, among hundreds of others: Align Technology; Caterpillar; Hewlett Packard; Home Depot; Panera Bread; and Verisign.
At times, the hackers and traders had a very narrow window of opportunity to extract and use the allegedly hacked information. In one particularly dramatic instance on May 1, 2013, the hackers and traders allegedly moved in the 36-minute period between a newswire’s receipt and release of an announcement that a company was revising its earnings and revenue projections downward. According to the SEC’s complaint, 10 minutes after the company sent the still-confidential release to the newswire, traders began selling short its stock and selling CFDs, realizing $511,000 in profits when the company’s stock price fell following the announcement.
“PR Newswire has cooperated with the relevant government agencies conducting the investigation that led to today’s charges and we would like to commend the US Government for their diligence and continued focus on this matter,” said Robert Gray, Chief Executive Officer. “At PR Newswire, we take security very seriously and are dedicated to protecting our information and systems. As cybersecurity threats continue to evolve, so will our Information Security practices.”