In what has been branded the "largest known" case of insider trading based on computer hacking, a US man has admitted involvement in a complex scheme that netted millions in illicit profit by stealing unreleased press releases and using the information to rig stock market trades.
Leonid Momotok, 48, pleaded guilty in a New York district court for conspiracy to commit wire fraud and could face up to 20 years in prison alongside a heavy fine. Prosecutors allege that Momotok played a role in an international cybercrime operation that resulted in at least $30m in revenue.
According to the Department of Justice, between February 2010 and August 2015, Ukrainian hackers were able to compromise employee account details from three major newswire services – Marketwired, PR Newswire and Business Wire. Once inside, they targeted corporate earnings announcements, non-public press releases, financial data and product announcements.
The hackers then shared stolen press releases, which amounted to over 150,000 during the five-year period, to Momotok and other stock market traders through overseas servers. Those receiving insider information were then able to make trades before the information was made public and the markets had a chance to react.
In exchange for providing Momotok and other traders with the stolen press releases, the hackers received a percentage of the illegal proceeds, the DoJ said. When the underground crime ring was originally dismantled in August last year, 32 people were implicated.
The court filings show how the traders only had a short window of time to make sensitive transactions based on the stolen corporate information. As such, they routinely created "shopping lists" or "wish lists" for the hackers based on companies of interest – including Hewlett Packard (HP), Home Depot and Caterpillar.
"Using non-public press releases stolen by overseas hackers, Momotok and his group of traders engaged in a brazen scheme that was unprecedented in its scope, impact and sophistication," said United States attorney Robert Capers.
The court also heard how the Ukrainian hackers who ran the scheme sent online chat messages in Russian to each other. "I'm hacking prnewswire.com," one boasted. In another chat, the hackers discussed compromising at least 15 login credentials of Business Wire employees. During the initial arrest, the Ukrainian hackers were named as Ivan Turchynov and Oleksandr Ieremenko.
Assistant Director-in-Charge Diego Rodriguez said: "In one of the most sophisticated insider trading cases we've seen to-date, Momotok and other traders used information to trade on from not yet released press releases obtained by hackers from newswire services [...] today's guilty plea should send a message to others who seek to cheat the system for a lucrative payday- these schemes only end with prison time and forfeiture of those profits."