Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Ukrainian Pleads Guilty in Hack-for-Profit Scheme

A Ukrainian national has pleaded guilty to charges of hacking into databases holding unpublished company press releases to gain insider information that led to $30 million in illicit gains, officials said.

A Ukrainian national has pleaded guilty to charges of hacking into databases holding unpublished company press releases to gain insider information that led to $30 million in illicit gains, officials said.

The US Department of Justice said 28-year-old Vadym Iermolovych pleaded guilty Monday before a federal judge in New Jersey to charges of conspiracy to commit wire fraud, conspiracy to commit computer hacking, and aggravated identity theft.

Officials said Iermolovych was arrested in November 2014 in what was the largest known hacking scheme for securities fraud.

According to investigators, the Ukrainian was part of a team that broke into the networks of Marketwired, PR Newswire, and Business Wire to steal press releases containing confidential financial information before release to the public.

The hackers worked with traders who bought or sold stocks with the inside information, often minutes before the press releases were published, officials said.

The traders created “shopping lists” or “wish lists” for the hackers on upcoming press releases for publicly traded companies, investigators found.

Five other members of the conspiracy –- two computer hackers and three securities traders –- have been charged in the scheme in New Jersey federal court.

Two other Ukrainians, Arkadiy Dubovoy and Igor Dubovoy, pleaded guilty to wire fraud conspiracy charges earlier this year, according to officials.

A related indictment in New York has charged four securities traders with using insider information.

The indictments said the scheme took place between February 2010 and August 2015, with hackers using a series of targeted cyber-attacks, including bogus emails to gain passwords, a technique known as “phishing,” and sought unpublished data on earnings, profit margins, revenues, and other confidential information.

Iermolovych’s sentencing was scheduled for August 22. He faces up to 20 years in prison on the wire service charge and a fine related to the profits from the crime. The identity theft charge carries a mandatory penalty of two years in prison on top of any other sentence.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.