A Ukrainian hacker has pleaded guilty for taking part in a sophisticated insider trader scheme that amassed a massive $30m (£20.8m) in profit over a five-year period.
Vadym Iermolovych, 28, from Kiev, Ukraine, appeared before a US courtroom to outline his part in the lucrative scheme, which involved hacking into three business newswire services and use the gleaned information to 'game' major stock markets.
Between 2010 and 2015, the federal indictment notes, Iermolovych played a key role infiltrating the computer networks of Marketwired LP, PR Newswire Association LLC, and Business Wire. According to the BBC, the hacking group the suspect was working alongside gained access to 150,000 press releases before they were released to the public. The court documents show the group targeted "hundreds of companies traded on the NASDAQ and NYSE."
To date, 32 people have been charged in connection with the complex scheme. During his plea hearing Iermolovych admitted he was personally involved in the hacking between January 2013 and March 2013.
Now, he has been charged with a slew of offences, including conspiracy to commit wire fraud, conspiracy to commit computer hacking, and aggravated identity theft. According to the US Department of Justice (DoJ), Iermolovych will be sentenced in August and could face up to 20 years in jail.
In the broader scheme, the hackers responsible orchestrated a series of "targeted cyberattacks" on the business wires' computer networks – using tactics such as email phishing and SQL injection-style attacks. Once inside the system, the hackers would steal press releases about upcoming announcements by public companies about "earnings, gross margins, revenues, and other confidential and material information."
Then, the hackers would share the stolen releases with stock market traders. According to the DoJ, the collective worked closely with these foreign counterparts, even sharing 'instructions' on how to access the stolen data they compromised. In some cases, court filings show, the traders even created 'shopping lists' for the hackers detailing upcoming press releases they needed.
The DoJ said the trades would occur in "extremely short windows of time between when the hackers illegally accessed and shared the releases and when the press releases were disseminated to the public by the newswires, usually shortly after the close of the markets". It added: "Frequently, all of this activity occurred on the same day."
Some of the companies unknowingly caught up in the insider trading scheme included: Hewlett Packard, Home Depot, Align Technology and Caterpillar, the filings show.