Threat Management, Malware, Phishing

Ukrainian nationals charged with hacking SEC docs in $4.1 million scam

The Department of Justice has charged two Ukrainian nationals for hacking into the Security and Exchange Commission’s (SEC) computer system to steal confidential corporate information and sell it to the highest bidder or to make trades.

Artem Radchenko and Oleksandr Ieremenko were charged in the United States Court District of New Jersey with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. These illegal endeavors are part of an earlier scheme that saw Ieremenko and others charged with allegedly illegally obtaining corporate press releases prior to their general release and using the information to make trades, the DOJ said in a statement.

Ieremenko remains at large in the Ukraine. The operation ran from about May 3, 2016 until October 20, 2016. Overall, the conspiracy is believed to have earned the defendants a total of $4.1 million.

The latest charges stem from Ieremenko and Radchenko’s hacking of the SEC’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system. EDGAR is used by corporations to hold non-public confidential information, conduct test filings, performs automated collection, validation, indexing, acceptance, and forwarding of submissions by companies and others who are required by law to file forms with the SEC.

The others named in the civil suit associated with this case are: David Kwon, Sungjin Cho, Igor Sabodakha, Victoria Vorochek, Andrey Sarafanov, Ivan Olefir, Capyield Systems, Ltd. (owned by Olefir) and Spirit Trade Ltd., according to court documents. These people and entities were part of a network of securities traders located in the United States, Ukraine, and Russia, who received the hacked material nonpublic information, directly or indirectly, from Ieremenko, a court filing stated.

The DOJ claims that the duo allegedly hacked into EDGAR and stole thousands of files, including annual and quarterly earnings reports containing confidential, non-public and general financial information.

The court filing stated the trader defendants then monetized the information by purchasing or selling short the relevant securities and profiting from the market reaction once the information was disseminated to the public. The trader defendants then, directly or indirectly, kicked back a portion of the resulting trading profits to Ieremenko.

“The defendants allegedly orchestrated sophisticated computer intrusions to steal non-public information from the SEC, compromising the integrity of the market and depriving honest investors of a level playing field,” said Assistant Attorney General Brian Benczkowski.

In a statement the DOJ detailed a few of the incidents.

In one case a test filing for a company was uploaded to EDGAR at 3:32 p.m. on May 19, 2016. Within six minutes the defendants allegedly stole the test filing, sent a copy to a server in Lithuania and then between 3:42 p.m. and 3:59 p.m. a co-conspirator bought $2.4 million shares of the company. The test filing as then officially released a few minutes after 4 p.m. releasing the news, the firm’s second quarter financial report, which stated it expected to deliver record earnings. The stock rose on the news and the conspirator then sold the stock making $270,000.

To obtain access to EDGAR Ieremenko hacked his way passed EDGAR’s login, then misrepresented himself as an authorized EDGAR filer and accessed the non-public filings. He acquired this level of access through a phishing campaign where he posed as an SEC security person and emailed other SEC personnel and convinced them to open malicious documents that downloaded malware into the SEC system.

The wire fraud conspiracy and substantive wire fraud counts with which the defendants are charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. The securities fraud conspiracy, computer fraud conspiracy, and substantive computer fraud counts with which the defendants are charged carry a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.