GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
It was a symbiotic relationship that brought together the underbelly of Wall Street and the dark reaches of the online world.
From their suburban homes in the United States, dozens of rogue stock traders would send overseas hackers a shopping list of corporate news releases they wanted to get a sneak peek at before they were made public. The hackers, working from Ukraine, would then deliver how-to videos by email with instructions for gaining access to the pilfered earnings releases.
In all, 32 traders and hackers reaped more than $100 million in illegal proceeds in a sophisticated and brazen scheme that is the biggest to marry the wizardry of computer hacking to old-fashioned insider trading, according to court filings made public on Tuesday. One of the men, Vitaly Korchevsky, a hedge fund manager and former Morgan Stanley employee living in a Philadelphia suburb, made $17 million in illegal profits, the indictment said.
But the five-year scheme came undone Tuesday when federal prosecutors from Brooklyn and New Jersey, joined by regulators from the Securities and Exchange Commission and other law enforcement agencies, announced a series of arrests, the filing of indictments and a lawsuit against what the indictments described as a loose network of business confederates.
Early Tuesday, the authorities arrested Mr. Korchevsky, 50, at his home in Glen Mills, Pa., and four other men, in Georgia and in Brooklyn. Arrest warrants were issued for four other men. Three of them were related and had ties to Ukraine.
“This is the intersection of hacking and securities fraud,” Paul J. Fishman, the United States attorney for the district of New Jersey, said at a news conference in Newark. “The hackers were relentless and patient.”
In one indictment, federal prosecutors in New Jersey said five of the men broke into companies like Business Wire and PR Newswire over five years to steal more than 150,000 news releases being prepared by publicly traded corporations before the information was released to the public. Another company whose releases were stolen before they were made public was Marketwired.
Mr. Fishman did not fault the wire services and said they had cooperated with the investigation.
The stolen news releases gave the rogue traders — four of whom were charged in a separate indictment unsealed on Tuesday by prosecutors in Brooklyn — a big advantage over others in the stock market by allowing them to trade on news before it hit the wires, the authorities said. The men who used the stolen information to trade the stocks paid the hackers a flat fee or a percentage of the profits gained from the illegal trading, the S.E.C. said in a separate complaint.
The authorities said the traders seeking an illegal edge provided “shopping lists” to hackers for the kinds of news releases they wanted and the companies they wanted to trade on. The men obtained information from more than 30 companies, including Bank of America, Clorox, Caterpillar and Honeywell, the authorities said.
But the traders were also deliberate. The authorities said they traded ahead of the information contained in only about 800 of the hundreds of thousands of releases they got a sneak peek at — indicating a methodical and well-timed approach to concealing their activities.
In multiple instances, the men communicated via email and online chat messages, boldly stating what they were doing, the authorities said. At one point in 2012, for example, one of the defendants wrote in Russian in an online chat message, “I’m hacking prnewswire.com.” In another instance, a defendant sent 96 stolen news releases to someone with a subject, in Russian, that read “fresh stuff.” The email said, “If he says he does not know what this is about, tell him ‘quarterly report,’ ” according to the indictment.
The authorities monitored some of the defendants for years, the indictment said. In November 2012, it said, they seized the laptop of one of the hackers and found about 200 nonpublic news releases from PR Newswire.
The people charged in the New Jersey indictment with breaking into the newswire networks were Ivan Turchynov, 27; Oleksandr Ieremenko, 24; Arkadiy Dubovoy, 51; Igor Dubovoy, 28; and Pavel Dubovoy, 28.
Brooklyn prosecutors, in addition to Mr. Korchevsky, also charged Vladislav Khalupsky, 45; Leonid Momotok, 47; and Alexander Garkusha 47, all United States residents, who had personal brokerage accounts at some of the biggest investment banks in the United States, including JPMorgan Chase, Merrill Lynch and Jefferies. Two of the four men were once registered with the S.E.C., including Mr. Korchevsky. Authorities said in court papers the independent traders and overseas hackers “shared login and password information for brokerage accounts they controlled” making it easier for them to trade and transfer payments.
Kelly Currie, the United States attorney for Brooklyn, called the network of hackers and traders an “unholy alliance.”
The authorities said tens of millions of illegal trading profits had been recovered from bank accounts maintained by the traders and hackers. The authorities also seized some homes, a boat and even an apartment complex that was bought with some of the proceeds.
The charges against the men demonstrate the various ways in which computer hackers can profit richly from illegally obtained information.
“When we think of hackers who try to profit from their crimes, we usually think about people who steal bank account information or sell sensitive personally identifying information,” said Matthew L. Schwartz, a lawyer at Boies, Schiller & Flexner and a former prosecutor in Manhattan who worked on cases involving digital crime.
“The reality, as exemplified by today’s charges, is that hackers can obtain access to all sorts of valuable information and can and will profit off of it in every way imaginable,” he added.
Last month, prosecutors in Manhattan filed charges against five people, some of whom are suspected of having played a role in a breach at JPMorgan Chase that resulted in the theft of customer data for 83 million accounts. The authorities said they suspect that group wanted to use the tens of millions of email addresses stolen in the hacking to further stock manipulation schemes involving spam emails to pump up the price of otherwise worthless penny stocks.
In fact, the scheme announced on Tuesday was similar to one in 2005, when the S.E.C. charged a group of traders in Estonia with hacking into Business Wire to obtain news releases to inform their trades. Hacking or stealing corporate news releases is a strategy traders looking for an illegal edge have used over the years.
But the group uncovered on Tuesday went further than the Estonian hackers, and its scheme was much broader than anything previously uncovered by the authorities. It may be the first of many cases in which hackers use purloined corporate data to commit securities fraud.
Last year the computer consulting firm FireEye said that it had uncovered a sophisticated group of hackers, called Fin4, that was aiming at the email networks of large pharmaceutical and financial companies to gain market-sensitive information about deals. The revelation was outlined in a report that FireEye, based in California, shared with the S.E.C. and with the Federal Bureau of Investigation.
A few months ago, the S.E.C. asked a handful of companies to provide information about data taken in breaches of their computer networks. The authorities took similar steps recently with several large public relations firms, said another person briefed on the matter who spoke on the condition of anonymity.
Jen Weedon, a threat intelligence manager with FireEye who worked on the Fin4 report, said she saw some similarities and differences between the way the group she observed operated and the one busted up by federal authorities.
“There’s targeting overlap in that these actors seemed to deliberately pursue market-moving information, like FIN4, to benefit financially on the stock trade. Unlike FIN4 it seems this group had a narrower scope in choosing to get their data from a consolidated place,” Ms. Weedon said by email.
But the end goal is the same, she added, noting the hackers were infiltrating networks to gain private information to gain an edge in the markets.