Today, Artem Radchenko and Oleksandr Ieremenko, both of Kiev, Ukraine were charged for their roles in an elaborate hacking scheme which targeted the U.S. Securities and Exchange Commission (SEC) computer networks.
The 16 count indictment, unsealed today, charged the defendants with conspiracy to commit securities fraud, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud.
According to the indictment, the defendants, using a variety of different methods, hacked into SEC Electronic Data Gathering, Analysis and Retrieval (EDGAR) system which is used to house financial information of public companies. This information, also known as test filings, included annual and quarterly earnings filings of publicly traded companies and is considered highly confidential prior to being reported to the public.
It is alleged that the defendants stole thousands of test filings from the EDGAR system. After stealing the information, the defendants profited by conspiring to sell the confidential, non-public and economically valuable material ahead of its public disclosure. In addition, Radchenko and Ieremenko recruited coconspirators who used the stolen information to execute trades in brokerage accounts which ultimately resulted in large profits once the financial information was released to the investing public.
“Today’s indictment sends a strong message to those criminals who choose to use the cyber-world to profit from network intrusion,” said Mark McKevitt, Special Agent in Charge of the Secret Service Newark Field Office. “The Secret Service will continue to aggressively investigate cyber-enabled financial crimes and develop innovative ways to combat emerging cyber threats.”
“The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public,” U.S. Attorney Craig Carpenito said.
“They targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyberattacks, stealing thousands of confidential EDGAR filings from the Commission’s servers and then trading on the inside information in those filings before it was known to the market, all at the expense of the average investor.”
According to the indictment:
From February 2016 to March 2017, Radchenko, Ieremenko, and others conspired to gain unauthorized access to the computer networks of the SEC’s EDGAR system, which is used by publicly traded companies to file required disclosures, such as annual and quarterly earnings reports. These filings contained detailed information about the financial condition and operations of the companies, including their earnings. Such information can, and often does, affect the stock price of the companies when it is made public, and is therefore highly confidential prior to its disclosure to the general public.
The EDGAR system allows companies to make test filings in advance of a public filing. These test filings often contain information that is the same or similar to the information in the final filing. The defendants stole thousands of test filings before they were released to the public, and sought to profit from their theft by using the information in the test filings to trade before the investing public learned the information.
To gain access to the SEC’s computer networks, the defendants used a series of targeted cyber-attacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. Once the defendants had access to the test filings on the EDGAR system, they stole them by copying the test filings to servers they controlled. For example, between May 2016 and October 2016, the defendants extracted thousands of test filings from the EDGAR servers to a server they controlled in Lithuania.
Ieremenko was previously charged in a hacking and securities fraud scheme in an indictment in the District of New Jersey. That indictment charged Ieremenko with being part of a large-scale, international conspiracy to hack the computer systems of three newswire organizations and steal press releases containing confidential non-public financial information relating to hundreds of companies traded on the NASDAQ and NYSE from three newswires. The members of the conspiracy profited from the theft by trading on the news ahead of its distribution to the investing public. The indictment unsealed today alleges Ieremenko employed some of the same methods to hack the SEC.
Radchenko recruited to the scheme traders who were provided with the stolen test filings so they could profit by trading on the information before the investing public. Armed with the stolen information, the traders profited by executing various trades in brokerage accounts they controlled. In one instance, a test filing for “Public Company 1” was uploaded to the EDGAR servers at 03:32 p.m. (EDT) on May 19, 2016. Six minutes later, the defendants stole the test 3 filing and uploaded a copy to the Lithuania server. Between 03:42 p.m. and 03:59 p.m., a conspirator purchased approximately $2.4 million worth of shares of Public Company 1. At 04:02 p.m., Public Company 1 released its second quarter earnings report and announced that it expected to deliver record earnings in 2016. Over the next day, the conspirator sold all the acquired shares in Public Company 1 for a profit of more than $270,000.
This joint investigation by the Secret Service, the FBI and the SEC determined that the financial information stolen from the EDGAR system led to millions of dollars in profit for the defendants and their coconspirators.
To learn more about Secret Service’s role in fighting cyber-crime click here.