WASHINGTON — An international hacking ring armed with tens of thousands of corporate secrets pocketed more than $100 million from illegal trades, targeting a core vulnerability of the financial system in one of the digital age’s most sprawling insider-trading schemes, federal authorities said Tuesday.
Since 2010, more than 30 hackers and traders across the U.S., the Ukraine, Russia and other countries stole more than 150,000 press releases scheduled to be delivered to investors from corporate wire services Business Wire, PR Newswire and Marketwired.
With advance details on financial performance and corporate mergers from dozens of companies — including Bank of America, Boeing, Ford Motor, Home Depot, defense contractor Northrop Grumman, RadioShack and Smith & Wesson — the team made rapid and lucrative trades from shared brokerage accounts, funneling the money through shell companies and offshore bank accounts in Estonia and Macau.
Unlike the recent high-profile hacks of health insurers and government agencies, the sophisticated hacks targeted not just people’s identities, but corporate intelligence, and some hackers and traders were even aided by former broker-dealers registered with the Securities and Exchange Commission.
By breaking into the wire services, some of Wall Street’s most vital and unnoticed information hubs, investigators said the hackers and traders were able to defraud investors on a massive scale while leaving no public trace, a worrying development for the increasingly intricate networks that keep the financial world online.
The “brazen scheme … was unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” SEC Chair Mary Jo White said Tuesday at a Newark news conference alongside Secretary of Homeland Security Jeh Johnson. “The traders were financially savvy, using equities and options . . . to maximize their profits.”
Federal agents began arresting suspects Tuesday, and authorities have so far filed criminal charges against nine hackers and traders, indictments show. One trader who was arrested, Vitaly Korchevsky, ran a small investment fund in Philadelphia and was a former mutual fund manager at Morgan Stanley, according to his LinkedIn profile.
Two Ukrainian hackers, Oleksandr Ieremenko and Ivan Turchynov, were said to have spearheaded the scheme, by cracking into the newswires and then listing the intel on secret outposts accessed by traders in the U.S., Russia, the Ukraine, Malta, Cyprus and France.
The hackers, who breached the wires and stole employee credentials through a series of attacks, shared the stolen intel with a network of traders, who would then pay the hackers a cut of their profits. Speaking in Russian, Turchynov said in an online chat in 2011 that traders who profited off his hacked information would need to share a cut of their “seasonal” profits, according to the indictment. He added, “If you get really high with time you pay a fixed amount of dough a month.”
The hackers, who called the early-accessed filings “fresh stuff,” masked their movements through proxy servers and stolen employee identities, and recruited traders with videos showcasing how swiftly they could steal corporate intel before its release. Traders kept “shopping lists” of desired releases for public companies.
In one 2013 scheme, the traders bought more than $8 million in shares of Align Technology after stolen documents showed that the medical-device maker’s revenues had recently soared. One day later, when the news went public, the traders cashed out for a profit of more than $1.4 million.
The traders included Arkadiy and Igor Dubovoy, a father-and-son team living in Alpharetta, Georgia; and a relative, Pavel Dubovoy, in the Ukraine. They were helped by four co-conspirators in Alpharetta and Suwanee, Georgia; Glenn Mills, Pennsylvania; and Brooklyn, N.Y., two of whom were formerly broker-dealers registered with the SEC.
In 2013, investigators said, the team explored even newer ways of defrauding trades, including tricking sellers by rapidly buying and canceling trades, which one called a “special daytrading strategy.”
Read the SEC complaint: www.sec.gov/litigation/complaints/2015/comp-pr2015-163.pdf