Cyberwarfare / Nation-State Attacks
Fraud Management & Cybercrime
$83 Million Allegedly Reaped by Trading on Stolen, Pre-Public Earnings Information
A Russian cybersecurity business executive who allegedly profited from an insider trading hacking scheme has been denied bail by a U.S. judge.
See Also: How to Uplevel Your Defenses with Security Analytics
Vladislav Klyushin, 41, was extradited from Switzerland on Dec. 18, 2021. He has pleaded not guilty to the charges. On Wednesday, The Associated Press reported, U.S. Magistrate Judge Marianne Bowler denied the defendant’s request for bail, saying he presents “a substantial risk of flight.”
Klyushin has been charged with participating in a criminal hacking scheme that earned at least $82.5 million by trading on stolen, pre-public information pertaining to hundreds of companies listed on the New York Stock Exchange and NASDAQ, including Horizon Therapeutics, IBM, Microsoft, Snap and Tesla.
“As alleged, Klyushin and his co-defendants used various illegal and malicious means to gain access to computer networks to perpetrate their illegal trading scheme,” says Albert Murray III, the assistant special agent in charge of the criminal and cyber division at the FBI’s Washington field office.
Klyushin, aka Kliushin, founded and serves as a director of Moscow-based IT service and media monitoring firm M-13. The company advertises numerous cybersecurity services, including penetration testing and “emulation of a full-fledged targeted attack (red team APT).” Its website claims that its customers include “the administration of the president of the Russian Federation, the government of the Russian Federation, federal ministries and departments, regional state executive bodies, commercial companies and public organizations.”
Klyushin was arrested in Switzerland, where he traveled on vacation with his family, on March 21, 2021, at U.S. request. The two countries share a joint extradition agreement.
As is typical when a Russian citizen gets arrested abroad on hacking charges, Moscow quickly filed its own extradition request, in this case accusing him of fraud. But in August, Switzerland rejected that request, and last month, the country’s top court refused to hear Klyushin’s appeal against his U.S. extradition, which then proceeded.
Alleged Insider Trading Conspiracy
An indictment, unsealed Monday, details a conspiracy involving hacking, wire fraud and securities fraud, allegedly perpetrated by Klyushin, together with Moscow residents Ivan Ermakov, aka Yermakov, 35; and Nikolai Rumiantcev, aka Rumyantsev, 33.
Also indicted: Mikhail Vladimirovich Irzak, aka Mikka Irzak, 43; and Igor Sergeevich Sladkov, 42. Both are residents of St. Petersburg, Russia, and have been charged with conspiring to illegally hack into computers, wire fraud and securities fraud. Except for Klyushin, all four suspects remain at large.
All five men were also targeted in a complaint filed by the U.S. Securities and Exchange Commission in Massachusetts federal court on Dec. 20, 2021.
It accuses them of engaging in a “fraudulent scheme to deceptively obtain material nonpublic pre-release earnings announcements of companies with shares of stock publicly traded on U.S. securities exchanges by hacking into the computer systems of two service-provider firms, and to use the hacked information to profit by trading in advance of the public release of the earnings information.”
The alleged scheme ran from February 2018 through at least August 2020. Prosecutors say that by knowing earnings results in advance, the men made trades based on whether they thought the value of a stock would increase or decrease.
“We, the FBI, and our other law enforcement partners will relentlessly pursue those who hack, steal and attempt to profit from inside information, wherever they may hide,” says Nathaniel Mendell, the acting U.S. attorney for the District of Massachusetts.
Klyushin’s U.S. attorney, Boston-based Maksim Nemtsev, and his attorney in Switzerland, Oliver Ciric, didn’t immediately respond to a request for comment on the U.S. charges.
But Ciric has previously claimed that Klyushin is a pawn in a wider political battle between Washington and Moscow centering on 2016 interference in the U.S. presidential election. Ciric told Fortune that his client had been previously approached by U.S. intelligence, seeking his cooperation with obtaining documentation tied to election interference. Ciric also said his client denies any involvement in insider trading and says he is innocent of any “hypothetical election meddling.”
Target: Pre-Public Earnings Announcements
The insider trading scheme allegedly began after Ermakov hacked into two service firms – authorities have not named them – which assist publicly traded companies with filing documents through the SEC’s online Electronic Data Gathering, Analysis, and Retrieval system, known as EDGAR, according to court documents. Ermakov allegedly stole valid access credentials for the firms, facilitating long-term access to their systems by the defendants.
“Using these hacked, deceptively obtained pre-release earnings announcements, the trader defendants made timely trades in the securities of the servicers’ public company clients, collectively reaping unlawful profits of at least $82.5 million during the relevant period,” according to court documents.
Klyushin has been accused of using the stolen information to make trades through eight brokerage accounts held in his own name and one in the name of his firm, as well as six accounts that he controlled with Rumiantcev, who also serves as a director of M-13.
The SEC civil complaint accuses Rumiantcev of making profitable trades “in advance of more than 300 earnings announcements,” Irzak doing so in advance of 400 such announcements, and Sladkov in advance of more than 200 announcements.
Here’s an example of how the alleged scheme worked: According to court documents, in October and November 2018, Ermakov or another co-conspirator illegally accessed systems at one of the service firms and viewed non-public information pertaining to Capstead Mortgage Corp., Tesla, SS&C Technologies and Nevro. In the following days, “Klyushin and other co-conspirators allegedly placed profitable trades in the shares of those companies, buying shares of companies that were about to disclose positive financial results and selling short shares of companies that were about to disclose negative financial results,” according to the Department of Justice.
Alleged DNC Hacking Participant
Ermakov, who serves as a director of M-13, is a “long-time friend” of Sladkov and “also had access to at least one of the accounts held in Kliushin’s name that traded on information hacked from the servicers,” according to court documents.
Ermakov was previously charged in two federal indictments, issued in July and October 2018.
The first indictment accuses him of working with the GRU hacking team known as Fancy Bear and APT28 to steal information from the Democratic National Committee as part of Russia’s attempt to interfere in the 2016 U.S. elections.
The second indictment names him as one of the alleged GRU agents who prosecutors have described as having engaged in “the use of hacking to spread the personal information of hundreds of anti-doping officials and athletes as part of an effort to distract from Russia’s state-sponsored doping program.”