American authorities have charged 32 members of an international hacking group that used the pilfered information for insider trading.
The hackers used “stolen non-public information about corporate earnings announcements” in order to generate over $100m (£64m) in illegal profits.
The hackers are alleged to operated in both the United States and Ukraine. According to the US Securities and Exchange Commission (SEC), among those charged include two Ukrainian men, Ivan Turchynov and Oleksandr Ieremenko, who allegedly spearheaded the campaign.
They allegedly hacked into newswire services in order to obtain information about corporate earnings. The newswire services hacked into reportedly includes Business Wire, Marketwired and PR Newswire.
“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said Securities and Exchange Commission Chair Mary Jo White. “These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing non-public information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets.”
The hackers managed to steal hundreds of corporate earnings announcements before the newswires released them publicly.
Both men also reportedly created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three US states, Georgia, New York, and Pennsylvania.
These traders then allegedly used this information to place trades in stock, options and other securities. The traders also gave the hackers a portion of their illegal profits.
“This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,” said Andrew Ceresney, Director of the SEC’s Division of Enforcement. “Our use of innovative analytical tools to find suspicious trading patterns and expose misconduct demonstrates that no trading scheme is beyond our ability to unwind.”
The SEC has charged each of the 32 defendants with violating federal antifraud laws and related SEC antifraud rules. Defendants will be ordered to pay pay penalties, return their allegedly profits (with interest), and maybe subject to permanent injunctions.
“In today’s digital age, data breaches that result from targeted email phishing have become increasingly common and sophisticated,” said Wieland Alge, VM & GM EMEA at Barrcuda Networks. “Wire firms are obvious targets for cyber criminals and the fact of the matter is that these companies store large amounts of sensitive – and valuable – data.”
“However, at the end of the day all businesses have a duty of care to ensure that they have robust security systems in place to protect their own and their customers’ data,” said Alge. “If they fail to do so they are rolling the dice when it comes to their reputation, share value and ultimately long-term survival.”
It is rare for the SEC to investigate cyber crimes, as it tends to stick to its remit of only probing questionable trading activity in stocks and options. That said, the SEC is becoming increasingly vigilant about the threat posed to financial systems by hackers and insider traders.
The regulator can only file civil, not criminal charges, but it shows how serious US government agencies are now taking cyber attacks.
In June the SEC said it was investigating a group of hackers who apparently penetrated the corporate email accounts of at least eight unnamed companies listed on the stock market. It asked those unnamed firms to provide information on the breaches. The hackers apparently used stolen information about mergers and acquisitions to conduct insider trading deals
Earlier this year, in response to the ongoing attacks, President Obama created a US sanctions program to financially punish hackers outside the United States who are involved with malicious cyber attacks.
Are you a security pro? Try our quiz!
Twitter will no longer block links to articles containing hacked materials, following criticism over treatment…