The Security Exchange Commission (SEC) has charged two Ukrainian cybercriminals with hacking into two or more newswires over a five-year period to steal sensitive market data and use that information to generate over $100m (£64m) in illegal profits. The SEC has also filed charges against 30 other defendants located inside and outside the US who profited from the scheme, but named Ivan Turchynov and Oleksandr Ieremenko as the kingpins at the head of the operation.
The pair were able to hide their intrusion by using proxy servers to pose as customers and employees of newswires including Business Wire and PR Newswire, stealing over 150,000 press releases in that time. They then sold their services to traders around the world using a promotion video showing off what they could offer.
In parallel with the charges filed by the SEC, the US Attorney's Office has filed criminal charges against seven traders in the US and Ukraine. One of the traders was Vitaly Korchevsky who is a hedge fund manager and formerly a Morgan Stanley employee who is alleged to have profited to the tune of $17m as a result of the scheme.
The SEC charge says that over a five year period Turchynov and Ieremenko "spearheaded the scheme, using advanced techniques to hack into two or more newswire services and steal hundreds of corporate earnings announcements before the newswires released them publicly".
At times, the window of opportunity was very narrow, with one incident outlined by the SEC suggesting the hackers were able to facilitate traders making over $500,000 in illegal profits from short-selling stocks in a company they knew was going to drop based on receipt of a company report about sales figures being revised downwards - with all of this taking place within a 36-minute window.
According to the SEC, the duo created "a secret web-based location" from which they transmitted the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three US states - Georgia, New York, and Pennsylvania. As well as charging the traders for access to the non-public material, the hackers also received a cut of any profits made, and were even granted access to some of the traders' accounts to make sure the percentage they were receiving was accurate.
SEC chair Mary Jo White called the scheme "unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated. These hackers and traders are charged with reaping more than $100m in illicit profits by stealing non-public information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets."
Berkshire Hathaway-owned Business Wire announced that it was investigating a cyberattack which it described as a "sophisticated global hacking scheme", adding that it was working with the Department of Justice and a cybersecurity company on the matter.
In a statement the company's CEO Cathy Baron Tamraz said: "Security is our number one concern at Business Wire. We devote substantial resources annually to security, including multiple security audits by leading industry consultants. Protecting the confidential information of our clients is of paramount importance. Despite extreme vigilance and commitment, recent events illustrate that no one is immune to the highly sophisticated illegal cyber-intrusions that are plaguing every aspect of our society."