Tech

32 hackers, traders charged for cashing in on stolen press releases

Insider trading can be profitable, but is still a risky business -- especially when theft is involved.

Written by Charlie Osborne, Contributing Writer Aug. 13, 2015 at 3:55 a.m. PT

32 hackers and traders have been charged for allegedly making over $100 million through insider trading based on stolen press releases.

Grasping the feel of a market, what analysts have to say on company players and keeping tabs on stock changes and acquisitions can benefit an investor on the stock market. However, as in any industry, there are some that try to fiddle the odds. Some use insider knowledge to make strategic investments in companies due to be acquired by others, for example, and watch as share prices soar -- or jump ship before a disaster is made public and sends prices plummeting.

These practices are heavily frowned upon and generally illegal, but over 30 people have gone a step further in fraudulent insider trading -- by allegedly making use press releases stolen in cyberattacks before their public release date.

In a SEC filing on Tuesday, US prosecutors said 32 individuals have been charged based on an insider trading scheme which allegedly generated over $100 million in illegal profits.

The Securities and Exchange Commission (SEC) said two Ukrainian men have been charged for allegedly hacked into newswire services to obtain press material before public release, while a further 30 individuals used the information to their advantage in trading. According to US prosecutors, Ivan Turchynov and Oleksandr Ieremenko used "advanced techniques" to break in to at least two newswire services and steal hundreds of corporate announcements.

In addition, a secret portal was created to transfer the stolen documents to traders in Russia, Ukraine, Malta, Cyprus, France, and three US states, Georgia, New York, and Pennsylvania.

"The traders are alleged to have used this nonpublic information in a short window of opportunity to place illicit trades in stocks, options, and other securities, sometimes purportedly funneling a portion of their illegal profits to the hackers," the filing states.

The alleged hackers would use proxy servers to hide their tracks and would sometimes pose as newswire service employees and customers. Traders looking for inside information would be shown a video demonstrating how earnings information could be accessed before public release.

In one example on May 1, 2013, the hackers and traders moved in a 36-minute window between a newswire service receiving an earnings report and making it public. Only 10 minutes after the release was given to the newswire agency, while the information was still confidential, traders began selling their stock and CFDs -- and as the firm's stock price plummeted after the news went global, the group was able to generate $511,000 in profits.

Featured

Filed in a US District Court in Newark, N.J., the investigation has led to the freezing of assets until the case has been resolved.

"This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated," said SEC Chair Mary Jo White.

"These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing nonpublic information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets."

The SEC is charging each of the 32 individuals with violating federal antitrust laws and asks that the defendants be forced to pay back their gains with interest -- as well as be given injunctions against further antitrust fraud.

Dave Palmer, Director of Technology at Darktrace told ZDNet:

"The fact that these hackers were operating for five years before this crime has come to light is a damning reflection of a large gap in some organizations' security awareness -- the ability to identify suspicious or abnormal activity inside the network.
This is not an easy challenge -- by posing as legitimate customers and employees of the newswires, these attackers managed to get under the radar of traditional controls. Employees and customers all behave in unique ways, as do the machines that they use -- so traditional prevention tools immediately fall down because they are looking for pre-defined behaviours.
You need to assume that you have already been compromised -- that's the reality today. "