Four Ukrainians sought in $100 million U.S. insider-trading case

August 12, 2015

By RFE/RL

Authorities say the conspirators typically used the advance information to buy stock options, which are essentially a bet on the direction a stock will move, and then reaped profits after the information was released publicly. (file photo)

An alliance of U.S.-based stock traders and computer hackers in Ukraine made as much as $100 million in illegal profits from stealing market-moving corporate information, U.S. authorities have charged.

The U.S. Department of Justice charged nine people, including four Ukrainians, with conspiracy and securities fraud on August 11 in a major insider-trading case that is the first to involve hacked inside information.

All were arrested in the United States except the Ukrainians, who are being sought on international arrest warrants.

A parallel civil case from the U.S. Securities and Exchange Commission listed 32 defendants and said the scheme yielded over $100 million in unlawful profits.

The conspiracy was engineered by a pair of hackers in Ukraine who successfully penetrated the computer systems of Marketwired, PR Newswire, and Business Wire, which distribute press releases for major corporations to the media, prosecutors said.

They hacked some 150,000 releases between February 2010 and this year to cull sensitive inside information such as earnings announcements which can affect the value of individual stocks and move markets.

The hackers then sold the stolen data to the traders, at times being compensated with a flat fee and other times with a percentage of profits from trades, the SEC said.

A strong earnings report or other positive news can cause a company's stock to rise, while disappointing news can make it fall. The conspirators typically used the advance information to buy stock options, which are essentially a bet on the direction a stock will move, and then reaped profits after the information was released publicly.

"This case illustrates how cybercriminals and those who commit securities fraud are evolving and becoming more sophisticated," U.S. Attorney Paul Fishman said.

FBI Assistant Director-in-Charge Diego Rodriguez called the well-organized scam "a traditional securities fraud scheme with a twist."

SEC Chairman Mary Jo White said the case "is unprecedented in terms of the scope of the hacking at issue, the number of traders involved, the number of securities unlawfully traded, and the amount of profits generated."

Prosecutors said the Ukrainian hackers selected press releases using "shopping lists" provided by the traders, then created a "video tutorial" to help traders see the stolen releases.

An indictment in Brooklyn, New York, charged four traders: Vitaly Korchevsky, a former hedge-fund manager from Pennsylvania; Vladislav Khalupsky of Brooklyn and Odesa, Ukraine; and Leonid Momotok and Alexander Garkusha of the U.S. state of Georgia.

A separate New Jersey indictment charged Ivan Turchynov and Oleksandr Ieremenko, the two alleged hackers in Ukraine; Pavel Dubovoy, a trader from Ukraine; and Arkadiy Dubovoy and his son Igor Dubovoy, traders from Georgia.

Arkadiy and Igor Dubovoy appeared in Atlanta federal court and will appear there again August 13. The most serious charges in the indictment – wire fraud and securities fraud – carry sentences of up to 20 years in prison.

The SEC's civil lawsuit charged 17 people and 15 corporations in an international trading network that spanned from New York to Cyprus, France, Malta, and Russia. It is seeking civil penalties and has already obtained court-ordered asset freezes.

The scheme involved trades on such companies as Acme Packet, Align Technology, Caterpillar, Dealertrack Technologies, Dendreon, Edwards Lifesciences, Hewlett-Packard, Home Depot, and Panera Bread.

The hackers operated by stealing newswire employees' login identities and introducing malware into their computer systems.

One indictment quotes online chats in which Ieremenko told Turchynov on March 25, 2012, that he had "bruted" the log-in credentials of 15 Business Wire employees. He told an unidentified recipient in Russian on October 10, 2012, that "I'm hacking prnewswire.com."

With reporting by Reuters, AP, and AFP

Link to original story on RFE/RL website