Hackers Profited $100 Million by Hacking Newswires: SEC

32 Charged in Scheme to Trade on Hacked News Releases

The Securities and Exchange Commission (SEC) said on Tuesday that a cybercriminal group allegedly hacked into newswire services to steal non-public information about corporate earnings announcements that were used to make financial trades that generated more than $100 million in illegal profits.

According to the SEC, two Ukrainian men and 30 other defendants in and outside the U.S. took part in the scheme.

The SEC charges that over a five-year period, ringleaders Ivan Turchynov and Oleksandr Ieremenko hacked into two or more newswire services and stole hundreds of corporate earnings announcements before the newswires released them publicly.

Global newswire service Business Wire said on Tuesday that it is investigating a cyberattack that allowed malicious actors to gain unauthorized access to non-public, market-moving information stored on its news distribution platform. PR Newswire also said that it was cooperating with officials on an investigation.

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said Securities and Exchange Commission Chair Mary Jo White. “These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing nonpublic information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets.”

According to the SEC, Turchynov and Ieremenko used a web site to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three U.S. states, Georgia, New York, and Pennsylvania.

The two allegedly recruited traders with a video showcasing their ability to illegally gain access to earnings information before its public release.

Citing an example, the SEC said that on May 1, 2013, the hackers and traders allegedly moved in the 36-minute period between a newswire’s receipt and release of an announcement that a company was revising its earnings and revenue projections downward. Roughly 10 minutes after the company sent the still-confidential release to the newswire, traders began selling short its stock and selling CFDs, realizing $511,000 in profits when the company’s stock price fell following the announcement.

“This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,” said Andrew Ceresney, Director of the SEC’s Division of Enforcement. “Our use of innovative analytical tools to find suspicious trading patterns and expose misconduct demonstrates that no trading scheme is beyond our ability to unwind.”

Each of the 32 defendants are charged with violating federal antifraud laws and related SEC antifraud rules.

Other threat actor groups have targeted sensitive corporate data from public companies in the past.

In December 2014, Researchers at FireEye issued a report on an attack group dubbed “FIN4” that targeted C-level executives to get insider information that could be used to gain an advantage in the stock market. Since mid-2013, FireEye linked them to attacks at more than 100 companies, all which were either public companies or advisory firms that provide services to those companies, such as investment banking firms and legal firms. 

A FireEye spokesperson told SecurityWeek that the individuals charged today by the SEC are not part of the FIN4 group.