SEC Files Insider Trading Charges After Financial Wire Hack

American authorities have charged 32 members of an international hacking group that used the pilfered information for insider trading.

The hackers used “stolen non-public information about corporate earnings announcements” in order to generate over $100m (£64m) in illegal profits.

Insider Trading

The hackers are alleged to operated in both the United States and Ukraine. According to the US Securities and Exchange Commission (SEC), among those charged include two Ukrainian men, Ivan Turchynov and Oleksandr Ieremenko, who allegedly spearheaded the campaign.

They allegedly hacked into newswire services in order to obtain information about corporate earnings. The newswire services hacked into reportedly includes Business Wire, Marketwired and PR Newswire.

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said Securities and Exchange Commission Chair Mary Jo White. “These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing non-public information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets.”

According to the SEC, Turchynov and Ieremenko used “advanced techniques” in order to hack into two or more newswire services. They apparently used proxy servers to mask their identities and also posed as newswire service employees and customers.

The hackers managed to steal hundreds of corporate earnings announcements before the newswires released them publicly.

Both men also reportedly created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three US states, Georgia, New York, and Pennsylvania.

These traders then allegedly used this information to place trades in stock, options and other securities. The traders also gave the hackers a portion of their illegal profits.

“This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,” said Andrew Ceresney, Director of the SEC’s Division of Enforcement. “Our use of innovative analytical tools to find suspicious trading patterns and expose misconduct demonstrates that no trading scheme is beyond our ability to unwind.”

The SEC has charged each of the 32 defendants with violating federal antifraud laws and related SEC antifraud rules. Defendants will be ordered to pay pay penalties, return their allegedly profits (with interest), and maybe subject to permanent injunctions.

“In today’s digital age, data breaches that result from targeted email phishing have become increasingly common and sophisticated,” said Wieland Alge, VM & GM EMEA at Barrcuda Networks. “Wire firms are obvious targets for cyber criminals and the fact of the matter is that these companies store large amounts of sensitive – and valuable – data.”

“However, at the end of the day all businesses have a duty of care to ensure that they have robust security systems in place to protect their own and their customers’ data,” said Alge. “If they fail to do so they are rolling the dice when it comes to their reputation, share value and ultimately long-term survival.”

Civil Charges

It is rare for the SEC to investigate cyber crimes, as it tends to stick to its remit of only probing questionable trading activity in stocks and options. That said, the SEC is becoming increasingly vigilant about the threat posed to financial systems by hackers and insider traders.

The regulator can only file civil, not criminal charges, but it shows how serious US government agencies are now taking cyber attacks.

In June the SEC said it was investigating a group of hackers who apparently penetrated the corporate email accounts of at least eight unnamed companies listed on the stock market. It asked those unnamed firms to provide information on the breaches. The hackers apparently used stolen information about mergers and acquisitions to conduct insider trading deals

Earlier this year, in response to the ongoing attacks, President Obama created a US sanctions program to financially punish hackers outside the United States who are involved with malicious cyber attacks.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

US DoJ Charges Six Russian GRU Officers For Cyberattacks

Hackers also targeted this year's delayed Olympic Games in Tokyo says UK, as the US…

2 hours ago

Google Discloses Biggest-Ever DDoS Attack

Google says it successfully fended off a 2.5 Tbps denial-of-service attack in 2017, making it…

1 day ago

Microsoft Issues Two Emergency Windows Patches

Microsoft publishes out-of-band patches for bugs in Visual Studio Code and Windows Codecs Library that…

1 day ago

Zoom Introduces Paid Events, In-Meeting Apps

Zoom aims to capitalise on its massively increased user base with platform for paid events…

1 day ago

European Telecoms Trade Group Warns Against Banning Chinese Vendors

Banning Chinese telecoms equipment vendors for political reasons will increase costs and delay network upgrades,…

1 day ago

Twitter Changes Policy On Blocking ‘Hacked Materials’

Twitter will no longer block links to articles containing hacked materials, following criticism over treatment…

1 day ago