Feds charge hackers in massive insider trading scheme

Feds charge hackers in massive insider trading scheme
© Getty Images

Federal authorities say they have busted a massive, global ring of hackers and traders who allegedly conspired to access financial press releases before they were published, making more than $100 million in profits off illegal trades based on the information.

The Securities and Exchange Commission (SEC) on Tuesday charged 32 people in the scheme, including two Ukrainian men who are accused of hacking newswire services before feeding the information to at least 30 other people inside and outside the U.S. The Justice Department also brought criminal charges against nine of the individuals.


The takedown represents the first major foray for U.S. authorities into a burgeoning type of cyber crime. The dozens of people allegedly involved represent the largest instance to date of a growing form of insider trading, in which hackers team up with stock brokers.

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said SEC Chair Mary Jo White.

For the last five years, the two Ukrainian hackers, Ivan Turchynov and Oleksandr Ieremenko, oversaw the project. The pair allegedly cracked into at least two newswire services to pilfer over 150,000 corporate earnings announcements and press releases announcing mergers and acquisitions before they were made public.

The two then developed a “secret web-based location” to send the purloined information to traders in numerous countries, including Russia, France and the U.S., the SEC said. Those traders would then swiftly arrange trades to capitalize on the brief window — sometimes as short as 36 minutes — before the information was published.

They would move stocks, options and other securities, according to the SEC, sometimes giving a kickback to the original hackers. A few traders even gave the Ukrainian duo direct access to their brokerage accounts.

The windfalls could be huge. In that brief 36-minute window, traders rapidly began selling short on one particular stock, netting over half a million dollars in profit, the SEC said.

“This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,” said Andrew Ceresney, who heads the SEC’s Division of Enforcement.

The SEC alleged Turchynov and Ieremenko masked their actions by posing as newswire service employees or customers to gain access to the networks. According to the agency’s complaint, the duo would make videos of these digital break-ins, then use the recordings to recruit traders.

“That deception ends today as we have exposed their fraudulent scheme and frozen their assets,” White said.

Security specialists and prosecutors say this is a growing form of insider trading.

“The charges demonstrate the extraordinary breadth of the threat posed by hackers,” said Matthew Schwartz, a former federal prosecutor for the Southern District of New York, which covers New York City, by email.

And until recently, few knew it was happening.

“We usually think about people who steal bank account information or sell sensitive personally identifying information,” added Schwartz, currently a partner at Boies, Schiller & Flexner. “The reality … is that hackers can obtain access to all sorts of valuable information and can and will profit off of it in every way imaginable.”

A December report from security firm FireEye shined the first major spotlight on the issue, profiling a group known as FIN4.

The team would pose as outside consultants, tricking employees into disclosing confidential information or granting them access to a company’s network.

“FIN4 is the first time we are seeing a group of very sophisticated attackers actually systematically acquire information that only has true value to a criminal when used in relation to the stock market," Dan McWhorter, FireEye’s vice president of threat intelligence, said at the time.

FireEye believes the hacking group started in mid-2013 and has since gone after more than 100 publicly traded companies, law firms, third-party consultants and investment bankers.

But the FIN4 group, which the FBI is currently investigating, appears unrelated to the charges unsealed on Tuesday, according to several reports.