News

Back to News list

Hackers Allegedly Pilfered Press Releases To Make $100 Million from Illegal Trades

Bloomberg BNA White Collar Crime Report
08/12/2015

Exposing a new front in cybercrime, U.S. authorities broke up an alleged insider trading ring that relied on computer hackers to pilfer corporate press announcements and then profited by trading on the sensitive information before it became public.

While U.S. prosecutors said nine defendants netted $30 million, a broader case filed by the Securities and Exchange Commission listed 12 men and 15 companies as defendants in a scheme that allegedly earned more than $100 million.

By way of comparison, U.S. Attorney for the Southern District of New York Preet Bharara described the $275 million insider trading case of Mathew Martoma, a former hedge fund manager for an affiliate of SAC Capital Advisors LP, as the biggest ever against a single person.

Martoma’s case is on appeal with the U.S. Court of Appeals for the Second Circuit (09 WCR 821, 11/28/14).

Federal agents arrested five men in the plot, while four others accused of participating in the hacking and securities fraud conspiracy remain at large. Infiltrated Newswires. The hackers, who are thought to be in Ukraine and possibly Russia, allegedly infiltrated the computer servers of PRNewswire Association LLC, Marketwired and Business Wire, a unit of Warren Buffett’s Berkshire Hathaway Inc., over a five-year period.

The hackers siphoned more than 150,000 press releases, including corporate data on earnings, that could be used to anticipate stock market moves and make profitable trades, prosecutors charge. The hackers passed the information to associates in the U.S., who allegedly used it to buy and sell shares of dozens of companies, including Panera Bread Co., Boeing Co., Hewlett-Packard Co., Caterpillar Inc. and Oracle Corp., through retail brokerage accounts, according to prosecutors.

Prosecutors said the hackers targeted more than 100 companies and made ‘‘approximately 1,000 inside the window trades.’’ Money was then shifted offshore through Estonian banks, according to one of two federal indictments unsealed Aug. 11.

‘‘Today’s international case is unprecedented in terms of the scope of the hacking at issue, the number of traders involved’’ and the number of securities and the amount of illegal profit, SEC Chairman Mary Jo White said at a press conference in Newark, N.J. By concealing the scheme by spreading it across multiple accounts, they showed their ‘‘market savvy,’’ she said.

Digital Age Exposes Weaknesses.
The government’s case, which is being led by the U.S. Attorney’s Office for the Eastern District of New York and the FBI, shows how insider trading has crossed into the cyber realm, exposing the vulnerabilities of financial markets in the digital age. Just as prosecutors deploy ever-more aggressive tactics like wiretaps to curb illegal trading, criminals have leapt past them with a simple ruse: Steal information instead of persuading others to share it.

It is also a great equalizer. No longstanding Wall Street connections are needed to glean advance information from companies.

Still, the arrests and two indictments—filed in the U.S. District Court for the Eastern District of New York and the U.S. District Court for the District of New Jersey—are a significant victory for the FBI and prosecutors, who have been struggling to halt an increasing number of computer incursions that have publicly shaken Target Corp., Sony Corp. and JPMorgan Chase & Co., among other big companies.

Although the defendants allegedly were able to access information from newswire services, a treasure trove of inside information, companies are not likely to change how they disseminate sensitive information, according to Michael D. Celio, a partner at Keker & Van Nest LLP in San Francisco.

Different Victims, Same Crime.
"This case won’t change a thing,’’ Celio told Bloomberg BNA, adding that these services are an established part of how companies do business. The theft of this information is unfortunate, but these firms are an effective way to get out information, he explained.

‘‘And remember, these are hardly the only entities that have been subject to these kinds of attacks,’’ Celio said. ‘‘It is a growing problem in every sector.’’

Celio also predicted that these types of cases will probably remain rare. He said that the number of people ‘‘sophisticated enough’’ to carry out this type of scheme is very limited.

It is also a very difficult way to accomplish the goal of stealing inside information because the window of opportunity is so small, he said. But in the end, this case is just ‘‘one variation on a theme of people trying to steal information over the Internet,’’ Celio said.

Inside Information.
With defendants spanning two countries, it’s not yet clear who allegedly masterminded the idea to hack the firms and trade off the information.

The only professional U.S. trader arrested was Vitaly Korchevsky, who was picked up the morning of Aug. 11 at his home in Glen Mills, Pa., outside Philadelphia.

Korchevsky is described as the linchpin of the markets strategy, having run a mutual fund and worked on Wall Street before starting his own hedge fund. He operated NTS Capital, which has made no filings since its initial one four years ago. It’s unclear if the fund is still in operation. NTS was named as a defendant in the SEC complaint.

Korchevsky was charged in the indictment filed in the Eastern District of New York with five counts, including conspiracy to commit securities fraud and money laundering. Also named in that case are Vladislav Khalupsky, Leonid Momotok and Alexander Garkusha.

Caterpillar Earnings.
In the New Jersey indictment, prosecutors described a number of trades involving large purchases of shares made ahead of quarterly earnings reports. For example, at the beginning of 2012, Peoria, Ill.-based Caterpillar submitted to PRNewswire a prepared announcement stating that its profits for the previous year had risen 36 percent.

The announcement, which sat in the firm’s server for less than 24 hours, was allegedly scooped up by the hackers and passed to the traders, according to the government.

In this short window, they bought $8.3 million in Caterpillar stock and options. The announcement was then released publicly before the markets opened on Jan. 26.

The stock rose 2 percent that day, from $109.05 to $111.31, and the traders closed out their position for a profit of about $1 million, prosecutors charge.

Few Credentials.
Named in the 23-count New Jersey indictment are five men: Ivan Turchynov, Oleksandr Ieremenko, Arkadiy Dubovoy, Igor Dubovoy and Pavel Dubovoy. They face hacking and securities fraud related charges.

Little is known about them other than they allegedly worked with others to siphon inside information out of several public relations firms.

They appear to have little or no financial credentials or obvious experience as traders. They work in real estate and construction and operate a myriad of LLCs that appear to be covers for their trading operations, according to public records.

The SEC’s parallel lawsuit, filed Aug. 11 in federal court in New Jersey, lists the nine men charged criminally as well companies affiliated with them, foreign nationals and hedge funds and firms, most of which are based in Moscow.

The commission alleges that Korchevsky made about $17.5 million in illicit profits, while the Dubovoy men made more than $31 million. The complaint describes alleged trading by the defendants based on illegally obtained releases from Radio Shack Corp. and Brocade Communications Systems Inc., among others.

Meaningful Moment.
Craig A. Newman, a partner at Patterson Belknap Webb & Tyler LLP in New York, explained that the civil case marks a significant step for the SEC, which he noted has historically shied away from taking strong positions on issues of cybersecurity.

‘‘This is a new dimension in cybercrime. Until today, we’ve seen warnings and lots of hand wringing by regulators and law enforcement over the challenges posed by foreign hackers attacking U.S. targets, but today’s charges mark an important first step in dealing with the complexities of this global issue,’’ Newman told Bloomberg BNA in an e-mail.

‘‘We’ve seen an evolution in cybercrime from hacking retailers to steal credit card information, to outright attacks on government databases to steal intelligence information. Now, the line has been crossed into insider trading, and the alleged use of non-public, material information to game the financial markets. It’s becoming much more about stealing competitive business information and at any cost and by any means,’’ he said.

Newman, who chairs Patterson Belknap’s privacy and data security practice group, warned that if the previous high-profile hacks weren’t a wake-up call for U.S. firms, this case should be.

‘‘This is a teachable moment in cybercrime,’’ Newman said. ‘‘There are vulnerabilities that still exist in our financial markets and in corporate America that need to be addressed on an ongoing basis. If the data breaches at Target, Sony and OPM didn’t set off alarm bells, this certainly should. Cybercrime isn’t static and it isn’t going away.’’

Attorneys for the defendants couldn’t be immediately reached for comment.

Investigation Begins.
The investigation began when prosecutors in Brooklyn, N.Y., and the FBI received a referral from the SEC about a pattern of suspicious trading by some of the defendants.

The U.S. Secret Service and federal prosecutors in New Jersey later began a separate investigation that focused on the foreign hackers, a person familiar with the matter said.

For more than two years, investigators unraveled the scheme and the trades, which continued until recently, say people familiar with the investigation.

Federal agents alerted the three wire services of the computer breaches, and the firms didn’t disclose them publicly to allow the investigation to continue unimpeded, the person said.

Business Wire said Aug. 11 in an e-mailed statement that it has been cooperating with the Justice Department and has hired a cybersecurity firm to ‘‘conduct additional forensic testing of its systems, and to provide assurance that Business Wire’s network is fully operational and secure.’’

PRNewswire and Marketwired didn’t immediately comment on the charges.

The scarce credentials of the men charged in the wide ranging conspiracy show that in the new world of insider trading, anyone willing to pay for hackers’ services may be able to obtain information for illicit trading. Whatever the nine men’s connections, they are missing those common to many of the major cases brought by New York prosecutors in recent years, things like Ivy League educations, Wall Street experience and time at top consulting firms.