The SEC has charged nine defendants for hacking into the regulator’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system to extract nonpublic information for use in illegal trading. The accused included a Ukrainian hacker, six traders in California, Ukraine, and Russia, and two entities.
The hackers took advantage of the SEC’s test-filing service, which is intended to allow companies to make sure that their regulatory submissions are correct before making them public. They allegedly exploited the narrow window of time between when those test files were entered into the system, and then released to general public—essentially trading on insider information. Issuers using the SEC’s testing system often used actual data in the nonpublic information in test filings, including unannounced quarterly earnings results.
The SEC alleges that Ukrainian hacker Oleksandr Ieremenko extracted EDGAR files containing the nonpublic earnings results, and passed the information to traders who used it to generate at least $4.1 million in illegal profits. The SEC added that some of the traders were also involved in a similar plan to hack into newswire services and trade on information that had not yet been released to the public.
In order to gain access to the SEC’s computer networks, the defendants used a series of targeted cyberattacks, including directory traversal attacks, phishing attacks, and infecting computers with malware, according to the US Justice Department.
Once the defendants had access to the test filings, they allegedly stole them by copying the test filings to servers they controlled. Over a five-month period in 2016, the defendants allegedly extracted thousands of test filings from the EDGAR servers to a server they controlled in Lithuania.
The SEC charged the nine with violating the federal securities antifraud laws and related SEC antifraud rules, and is seeking a final judgment ordering the defendants to pay penalties and return their ill-gotten gains with prejudgment interest, and enjoining them from committing future violations of the antifraud laws.
“The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades,” said Steven Peikin, co-director of the SEC’s enforcement division. “Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR.”
In a parallel action, the US Attorney’s Office for the District of New Jersey indicted Ieremenko and Artem Radchenko on 16 counts, including securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud.
“The defendants allegedly orchestrated sophisticated computer intrusions to steal non-public information from the SEC, compromising the integrity of the market and depriving honest investors of a level playing field,” said Assistant Attorney General Brian Benczkowski. “The Department of Justice will aggressively pursue and prosecute those who attack our financial markets and seek to profit unfairly, no matter where such offenders reside.”