Nine Charged in Insider Trading Case Tied to Hackers
Trading Scheme Tied to Ukraine
Paul J. Fishman, the United States
attorney for New Jersey, said that nine people were charged after
stealing corporate news releases and using the information to make over
$100 million.
By THE ASSOCIATED PRESS on Publish Date August 11, 2015.
Photo by Karsten Moran for The New York Times.
Watch in Times Video »
It was a symbiotic relationship that brought together the underbelly of Wall Street and the dark reaches of the online world.
From
their suburban homes in the United States, dozens of rogue stock
traders would send overseas hackers a shopping list of corporate news
releases they wanted to get a sneak peek at before they were made
public. The hackers, working from Ukraine, would then deliver how-to
videos by email with instructions for gaining access to the pilfered
earnings releases.
In
all, 32 traders and hackers reaped more than $100 million in illegal
proceeds in a sophisticated and brazen scheme that is the biggest to
marry the wizardry of computer hacking to old-fashioned insider trading,
according to court filings made public on Tuesday. One of the men,
Vitaly Korchevsky, a hedge fund manager and former Morgan Stanley
employee living in a Philadelphia suburb, made $17 million in illegal
profits, the indictment said.
But
the five-year scheme came undone Tuesday when federal prosecutors from
Brooklyn and New Jersey, joined by regulators from the Securities and Exchange Commission
and other law enforcement agencies, announced a series of arrests, the
filing of indictments and a lawsuit against what the indictments
described as a loose network of business confederates.
Document: S.E.C. Complaint in Hacker-Insider Trading Case
Early
Tuesday, the authorities arrested Mr. Korchevsky, 50, at his home in
Glen Mills, Pa., and four other men, in Georgia and in Brooklyn. Arrest
warrants were issued for four other men. Three of them were related and
had ties to Ukraine.
“This
is the intersection of hacking and securities fraud,” Paul J. Fishman,
the United States attorney for the district of New Jersey, said at a
news conference in Newark. “The hackers were relentless and patient.”
In
one indictment, federal prosecutors in New Jersey said five of the men
broke into companies like Business Wire and PR Newswire over five years
to steal more than 150,000 news releases being prepared by publicly
traded corporations before the information was released to the public.
Another company whose releases were stolen before they were made public
was Marketwired.
Mr. Fishman did not fault the wire services and said they had cooperated with the investigation.
The
stolen news releases gave the rogue traders — four of whom were charged
in a separate indictment unsealed on Tuesday by prosecutors in Brooklyn
— a big advantage over others in the stock market by allowing them to
trade on news before it hit the wires, the authorities said. The men who
used the stolen information to trade the stocks paid the hackers a flat
fee or a percentage of the profits gained from the illegal trading, the
S.E.C. said in a separate complaint.
The
authorities said the traders seeking an illegal edge provided “shopping
lists” to hackers for the kinds of news releases they wanted and the
companies they wanted to trade on. The men obtained information from
more than 30 companies, including Bank of America, Clorox, Caterpillar
and Honeywell, the authorities said.
But
the traders were also deliberate. The authorities said they traded
ahead of the information contained in only about 800 of the hundreds of
thousands of releases they got a sneak peek at — indicating a methodical
and well-timed approach to concealing their activities.
Document: Charges in Hacking and Insider Trading Scheme
In
multiple instances, the men communicated via email and online chat
messages, boldly stating what they were doing, the authorities said. At
one point in 2012, for example, one of the defendants wrote in Russian
in an online chat message, “I’m hacking prnewswire.com.”
In another instance, a defendant sent 96 stolen news releases to
someone with a subject, in Russian, that read “fresh stuff.” The email
said, “If he says he does not know what this is about, tell him
‘quarterly report,’ ” according to the indictment.
The
authorities monitored some of the defendants for years, the indictment
said. In November 2012, it said, they seized the laptop of one of the
hackers and found about 200 nonpublic news releases from PR Newswire.
The
people charged in the New Jersey indictment with breaking into the
newswire networks were Ivan Turchynov, 27; Oleksandr Ieremenko, 24;
Arkadiy Dubovoy, 51; Igor Dubovoy, 28; and Pavel Dubovoy, 28.
Brooklyn
prosecutors, in addition to Mr. Korchevsky, also charged Vladislav
Khalupsky, 45; Leonid Momotok, 47; and Alexander Garkusha 47, all United
States residents, who had personal brokerage accounts at some of the
biggest investment banks in the United States, including JPMorgan Chase,
Merrill Lynch and Jefferies. Two of the four men were once registered
with the S.E.C., including Mr. Korchevsky. Authorities said in court
papers the independent traders and overseas hackers “shared login and
password information for brokerage accounts they controlled” making it
easier for them to trade and transfer payments.
Kelly Currie, the United States attorney for Brooklyn, called the network of hackers and traders an “unholy alliance.”
The
authorities said tens of millions of dollars in illegal trading profits
had been recovered from bank accounts maintained by the traders and
hackers. The authorities also seized some homes, a boat and even an
apartment complex that was bought with some of the proceeds.
The
charges against the men demonstrate the various ways in which computer
hackers can profit richly from illegally obtained information.
Document: Additional Charges in Insider Trading Scheme
“When
we think of hackers who try to profit from their crimes, we usually
think about people who steal bank account information or sell sensitive
personally identifying information,” said Matthew L. Schwartz, a lawyer
at Boies, Schiller & Flexner and a former prosecutor in Manhattan
who worked on cases involving digital crime.
“The
reality, as exemplified by today’s charges, is that hackers can obtain
access to all sorts of valuable information and can and will profit off
of it in every way imaginable,” he added.
Last
month, prosecutors in Manhattan filed charges against five people, some
of whom are suspected of having played a role in a breach at JPMorgan
Chase that resulted in the theft of customer data for 83 million
accounts. The authorities said they suspect that group wanted to use the
tens of millions of email addresses stolen in the hacking to further
stock manipulation schemes involving spam emails to pump up the price of
otherwise worthless penny stocks.
In
fact, the scheme announced on Tuesday was similar to one in 2005, when
the S.E.C. charged a group of traders in Estonia with hacking into
Business Wire to obtain news releases to inform their trades. Hacking or
stealing corporate news releases is a strategy traders looking for an
illegal edge have used over the years.
But
the group uncovered on Tuesday went further than the Estonian hackers,
and its scheme was much broader than anything previously uncovered by
the authorities. It may be the first of many cases in which hackers use
purloined corporate data to commit securities fraud.
Last
year the computer consulting firm FireEye said that it had uncovered a
sophisticated group of hackers, called Fin4, that was aiming at the
email networks of large pharmaceutical and financial companies to gain
market-sensitive information about deals. The revelation was outlined in
a report that FireEye, based in California, shared with the S.E.C. and
with the Federal Bureau of Investigation.
A
few months ago, the S.E.C. asked a handful of companies to provide
information about data taken in breaches of their computer networks. The
authorities took similar steps recently with several large public
relations firms, said another person briefed on the matter who spoke on
the condition of anonymity.
Jen
Weedon, a threat intelligence manager with FireEye who worked on the
Fin4 report, said she saw some similarities and differences between the
way the group she observed operated and the one busted up by federal
authorities.
“There’s
targeting overlap in that these actors seemed to deliberately pursue
market-moving information, like FIN4, to benefit financially on the
stock trade. Unlike FIN4 it seems this group had a narrower scope in
choosing to get their data from a consolidated place,” Ms. Weedon said
by email.
But
the end goal is the same, she added, noting the hackers were
infiltrating networks to gain private information to gain an edge in the
markets.
Ben Protess contributed reporting.
Trading Scheme Tied to Ukraine
Paul J. Fishman, the United States
attorney for New Jersey, said that nine people were charged after
stealing corporate news releases and using the information to make over
$100 million.
By THE ASSOCIATED PRESS on Publish Date August 11, 2015.
Photo by Karsten Moran for The New York Times.
Watch in Times Video »
It was a symbiotic relationship that brought together the underbelly of Wall Street and the dark reaches of the online world.
From
their suburban homes in the United States, dozens of rogue stock
traders would send overseas hackers a shopping list of corporate news
releases they wanted to get a sneak peek at before they were made
public. The hackers, working from Ukraine, would then deliver how-to
videos by email with instructions for gaining access to the pilfered
earnings releases.
In
all, 32 traders and hackers reaped more than $100 million in illegal
proceeds in a sophisticated and brazen scheme that is the biggest to
marry the wizardry of computer hacking to old-fashioned insider trading,
according to court filings made public on Tuesday. One of the men,
Vitaly Korchevsky, a hedge fund manager and former Morgan Stanley
employee living in a Philadelphia suburb, made $17 million in illegal
profits, the indictment said.
But
the five-year scheme came undone Tuesday when federal prosecutors from
Brooklyn and New Jersey, joined by regulators from the Securities and Exchange Commission
and other law enforcement agencies, announced a series of arrests, the
filing of indictments and a lawsuit against what the indictments
described as a loose network of business confederates.
Document: S.E.C. Complaint in Hacker-Insider Trading Case
Early
Tuesday, the authorities arrested Mr. Korchevsky, 50, at his home in
Glen Mills, Pa., and four other men, in Georgia and in Brooklyn. Arrest
warrants were issued for four other men. Three of them were related and
had ties to Ukraine.
“This
is the intersection of hacking and securities fraud,” Paul J. Fishman,
the United States attorney for the district of New Jersey, said at a
news conference in Newark. “The hackers were relentless and patient.”
In
one indictment, federal prosecutors in New Jersey said five of the men
broke into companies like Business Wire and PR Newswire over five years
to steal more than 150,000 news releases being prepared by publicly
traded corporations before the information was released to the public.
Another company whose releases were stolen before they were made public
was Marketwired.
Mr. Fishman did not fault the wire services and said they had cooperated with the investigation.
The
stolen news releases gave the rogue traders — four of whom were charged
in a separate indictment unsealed on Tuesday by prosecutors in Brooklyn
— a big advantage over others in the stock market by allowing them to
trade on news before it hit the wires, the authorities said. The men who
used the stolen information to trade the stocks paid the hackers a flat
fee or a percentage of the profits gained from the illegal trading, the
S.E.C. said in a separate complaint.
The
authorities said the traders seeking an illegal edge provided “shopping
lists” to hackers for the kinds of news releases they wanted and the
companies they wanted to trade on. The men obtained information from
more than 30 companies, including Bank of America, Clorox, Caterpillar
and Honeywell, the authorities said.
But
the traders were also deliberate. The authorities said they traded
ahead of the information contained in only about 800 of the hundreds of
thousands of releases they got a sneak peek at — indicating a methodical
and well-timed approach to concealing their activities.
Document: Charges in Hacking and Insider Trading Scheme
In
multiple instances, the men communicated via email and online chat
messages, boldly stating what they were doing, the authorities said. At
one point in 2012, for example, one of the defendants wrote in Russian
in an online chat message, “I’m hacking prnewswire.com.”
In another instance, a defendant sent 96 stolen news releases to
someone with a subject, in Russian, that read “fresh stuff.” The email
said, “If he says he does not know what this is about, tell him
‘quarterly report,’ ” according to the indictment.
The
authorities monitored some of the defendants for years, the indictment
said. In November 2012, it said, they seized the laptop of one of the
hackers and found about 200 nonpublic news releases from PR Newswire.
The
people charged in the New Jersey indictment with breaking into the
newswire networks were Ivan Turchynov, 27; Oleksandr Ieremenko, 24;
Arkadiy Dubovoy, 51; Igor Dubovoy, 28; and Pavel Dubovoy, 28.
Brooklyn
prosecutors, in addition to Mr. Korchevsky, also charged Vladislav
Khalupsky, 45; Leonid Momotok, 47; and Alexander Garkusha 47, all United
States residents, who had personal brokerage accounts at some of the
biggest investment banks in the United States, including JPMorgan Chase,
Merrill Lynch and Jefferies. Two of the four men were once registered
with the S.E.C., including Mr. Korchevsky. Authorities said in court
papers the independent traders and overseas hackers “shared login and
password information for brokerage accounts they controlled” making it
easier for them to trade and transfer payments.
Kelly Currie, the United States attorney for Brooklyn, called the network of hackers and traders an “unholy alliance.”
The
authorities said tens of millions of dollars in illegal trading profits
had been recovered from bank accounts maintained by the traders and
hackers. The authorities also seized some homes, a boat and even an
apartment complex that was bought with some of the proceeds.
The
charges against the men demonstrate the various ways in which computer
hackers can profit richly from illegally obtained information.
Document: Additional Charges in Insider Trading Scheme
“When
we think of hackers who try to profit from their crimes, we usually
think about people who steal bank account information or sell sensitive
personally identifying information,” said Matthew L. Schwartz, a lawyer
at Boies, Schiller & Flexner and a former prosecutor in Manhattan
who worked on cases involving digital crime.
“The
reality, as exemplified by today’s charges, is that hackers can obtain
access to all sorts of valuable information and can and will profit off
of it in every way imaginable,” he added.
Last
month, prosecutors in Manhattan filed charges against five people, some
of whom are suspected of having played a role in a breach at JPMorgan
Chase that resulted in the theft of customer data for 83 million
accounts. The authorities said they suspect that group wanted to use the
tens of millions of email addresses stolen in the hacking to further
stock manipulation schemes involving spam emails to pump up the price of
otherwise worthless penny stocks.
In
fact, the scheme announced on Tuesday was similar to one in 2005, when
the S.E.C. charged a group of traders in Estonia with hacking into
Business Wire to obtain news releases to inform their trades. Hacking or
stealing corporate news releases is a strategy traders looking for an
illegal edge have used over the years.
But
the group uncovered on Tuesday went further than the Estonian hackers,
and its scheme was much broader than anything previously uncovered by
the authorities. It may be the first of many cases in which hackers use
purloined corporate data to commit securities fraud.
Last
year the computer consulting firm FireEye said that it had uncovered a
sophisticated group of hackers, called Fin4, that was aiming at the
email networks of large pharmaceutical and financial companies to gain
market-sensitive information about deals. The revelation was outlined in
a report that FireEye, based in California, shared with the S.E.C. and
with the Federal Bureau of Investigation.
A
few months ago, the S.E.C. asked a handful of companies to provide
information about data taken in breaches of their computer networks. The
authorities took similar steps recently with several large public
relations firms, said another person briefed on the matter who spoke on
the condition of anonymity.
Jen
Weedon, a threat intelligence manager with FireEye who worked on the
Fin4 report, said she saw some similarities and differences between the
way the group she observed operated and the one busted up by federal
authorities.
“There’s
targeting overlap in that these actors seemed to deliberately pursue
market-moving information, like FIN4, to benefit financially on the
stock trade. Unlike FIN4 it seems this group had a narrower scope in
choosing to get their data from a consolidated place,” Ms. Weedon said
by email.
But
the end goal is the same, she added, noting the hackers were
infiltrating networks to gain private information to gain an edge in the
markets.
Ben Protess contributed reporting.
No comments:
Post a Comment