US Charges Suspected Hacker, Traders Over SEC Database Hack

US Charges Suspected Hacker, Traders Over SEC Database Hack
Participants at the annual Chaos Computer Club (CCC) computer hackers' congress, in Hamburg, Germany on December 28, 2012. (Patrick Lux/Getty Images)
Reuters
1/16/2019
Updated:
1/16/2019

U.S. authorities on Jan. 15 charged a suspected Ukrainian computer hacker and several traders with involvement in a scheme to trade on market-moving corporate earnings news stolen from a U.S. Securities and Exchange Commission database.

The charges against 10 defendants, including two charged criminally, relate to a suspected 2016 hacking into Edgar, the SEC’s corporate filing system used by public companies and money managers, that led to $4.14 million of illegal trading profit.

SEC Chairman Jay Clayton said the case illustrates the “significant” threats that cyber crime poses to U.S. markets, including from outside the country’s borders, and that his agency is not immune despite efforts to bolster its cyber defenses.

Authorities said Oleksandr Ieremenko, 27, of Kiev, hacked into Edgar through a Lithuanian server to obtain thousands of “test filings,” including roughly 157 earnings announcements, and shared what he found with traders.

The U.S. Department of Justice said Ieremenko and Artem Radchenko, also from Ukraine, schemed to send fake emails to SEC employees that appeared to be from other employees, enabling them to install malware on SEC computers and steal the filings.

Ieremenko and Radchenko were charged in a 16-count indictment with computer fraud, wire fraud, and conspiracy.

The SEC filed related civil charges accusing eight individuals and companies in the United States, Russia, and Ukraine of reaping the $4.14 million of gains from May to October 2016, with some profits kicked back to Ieremenko.

Two Los Angeles residents, Sungjin Cho and David Kwon, are among the defendants in the SEC case, which seeks to impose fines and recoup illegal gains. Ieremenko was also charged.

None of the defendants could immediately be reached for comment, and their lawyers could not immediately be identified.

Companies sometimes submit test filings to ensure their actual SEC filings will be processed correctly.

Test filings are not typically supposed to contain sensitive nonpublic data, but the SEC said some do.

Ieremenko has been at large since being criminally charged in 2015 over the theft of more than 150,000 corporate press releases from Berkshire Hathaway Inc.’s Business Wire, West Corp’s Marketwired and Cision Ltd.’s PR Newswire.

Authorities criminally or civilly charged more than 40 defendants over that scheme, which they said generated more than $100 million of trading profit over 5.5 years.

The SEC said Ieremenko turned his attention to Edgar after the newswire scheme ended.

By Jonathan Stempel